Microsoft Patch Tuesday, February 2014
February's Patch Tuesday is back to business as usual after the light January release. This month's ...
Read MoreJackPOS – The House Always Wins
A new point of sale (POS) malware family could be a jackpot for credit card thieves. I recently ...
Read MoreThe Keystone Rocks - Foundation Chips of Pentesting Tips Part 1
The knowledgebase of a penetration tester can be broadly split into two categories: Relevant ...
Read MoreCVE-2014-0050: Exploit with Boundaries, Loops without Boundaries
In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and Apache Tomcat ...
Read MoreSpiderLabs Radio: February 7, 2014
In this episode I talk about a new Adobe zero day in Flash Player, the Chewbacca POS malware, a new ...
Read MoreMicrosoft Advance Notification for February 2014
***Update as of Monday, February 10, 2014***
Read MoreSpammers Are Taking Advantage of Your Whitelists by Spoofing Legitimate Brands
***EDITOR'S NOTE: The content of this article does not make or imply any claims regarding the ...
Read MoreSpiderLabs Radio: January 30, 2014
In this episode we look at a rash of gas pump credit card skimmers, the Syrian Electronic Army ...
Read MoreIntroducing ModSecurity Status Reporting
The Trustwave SpiderLabs Research team is committed to making ModSecurity the best open source WAF ...
Read MoreModSecurity Advanced Topic of the Week: HMAC Token Protection
This blog post presents a powerful feature of ModSecurity v2.7 that has been highly under-utilized ...
Read MoreSpiderLabs Radio: January 23, 2014
In this episode I sit down with Grayson Lenik, a forensic expert for Trustwave SpiderLabs. We talk ...
Read More10,000 Litecoins Worth $230,000 USD Were Stolen!
Newspapers, commentators and bloggers have lately been asking whether digital currencies, such as ...
Read MoreBeware! Bats hide in your jQuery!
Injection of malicious code into JavaScript files is not new; however, we recently observed a steep ...
Read MoreWhat Dirty Little Secrets You Find on eBay
So I do networking (computers and wifi things) at a number of security conferences (Thotcon & ...
Read MoreTrustwave Analysis of the January 2014 Oracle CPU
It's the second Tuesday in January, so it is Oracle Critical Patch Update (CPU) time. The January ...
Read MoreSetting HoneyTraps with ModSecurity: Adding Fake HTML Comments
This blog post continues with the topic of setting "HoneyTraps" within your web applications to ...
Read MoreMicrosoft Patch Tuesday, January 2014
Hopefully January's Patch Tuesday is a sign of things to come for 2014. With only four bulletins, ...
Read MoreSpiderLabs Radio: January 10, 2014
In this week's podcast we talk about malware offered up in onlines ads, the return of email hacker ...
Read MoreSAP Sybase ASE 15.7 security updates
SAP Sybase Adaptive Server Enterprise is a relational database management product used to store ...
Read MoreMicrosoft Advance Notification for January 2014
Microsoft is scheduled to release the next security update for consumers on January 14th with ...
Read MoreSpiderLabs Radio: January 3, 2014
Welcome to the SpiderLabs Radio Reboot! As we bid our old host, Space Rogue, a fond farewell, we ...
Read MoreDaumGame ActiveX 0day
One might think that vulnerabilities in ActiveX controls are a thing of the past, but we continue ...
Read MoreThe Case of an Obscure Injection
During a recent application penetration test, I came across what proved to be an interesting SQL ...
Read MoreWendel's Small Hacking Tricks - A not so common and neat Oracle [for Windows] hack.
Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...
Read MoreHow Snotnose the Elf was Able to Compromise The North Pole Domain and Retrieve the Nice and Naughty Lists
Last Winter, Snotnose won the North vs South Pole CTF contest, and Santa awarded him the ultimate ...
Read MoreExploiting Password Recovery Functionalities
Password recovery functionalities can result in vulnerabilities in the same application they are ...
Read MoreQuick Joomla Refresher
I haven't come into contact with Joomla for a while, but I had the opportunity recently in a ...
Read More