SpiderLabs Blog

SpiderLabs Radio October 11, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Hiding Webshell Backdoor Code in Image Files

Looks Can Be Deceiving Do any of these pictures look suspicious?

The Technical Aspects of Exploiting IE Zero-Day CVE-2013-3897

Just two days ago we announced thediscovery of in-the-wild attacks that used the zero-day which is ...

Having a Fiesta With Ploutus

A short while ago, SafenSoft reported a new family ofmalware, named 'Ploutus', that targeted a ...

Another Day, SpiderLabs Discovers Another IE Zero-Day

We at SpiderLabs investigate many suspicious webpages on adaily basis. Occasionally we run ...

Microsoft Patch Tuesday, October 2013

Here in Philadelphia this month the localweather people are calling it "Aug-tober" due to the ...

AV Vendors Targeted in Defacement Campaign

Attacked Sites The KDMS hacking team recently defaced several popular websites include Whatsapp.com ...

Microsoft Advance Notification for October 2013

It is on a monthly schedule but for some reason Microsoft's Patch Tuesday sneaks up on me every ...

SpiderLabs Radio October 4, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Installing VMware Tools on Kali Linux and Some Debugging Basics

I have been using Backtrack for a while now and decided to switch to Kali Linux, a new open source ...

TWSL2013-029: Information Disclosure Vulnerability in QNAP Photo Station

Photo Station, a web application, allows users to upload and share photos over the Internet using a ...

SpiderLabs Radio September 27, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

ModSecurity for Java - BETA Testers Needed

Over the course of the summer of 2013, the ModSecurity team participated in Google's Summer of Code ...

Wendel's Small Hacking Tricks - Killing Processes from the Microsoft Windows Command Line interface.

Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...

SpiderLabs Radio September 20, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Is Oracle Application Server End-of-Life?

I was asked recently to review a web server running Oracle Application Server. The scope was quite ...

ModSecurity XSS Evasion Challenge Results

On July 30th, we announced our public ModSecurity XSS Evasion Challenge. This blog post will ...

Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network

It's always surprising how insecure some internal networks turn out to be. Less surprising is a ...

Hey, can I use your server for spamming?

Over the last few months I have encountered two separate cases of our customers being impacted by ...

Trust for Sale

Let's, for a moment, get into the mind of a cyber criminal:

Vino VNC Server Remote Persistent DoS Vulnerability

Last week, I was making some performance enhancements to theVNC protocol implementations in the ...

SpiderLabs Radio September 13, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Microsoft Patch Tuesday, September 2013

In Chicago, it's been a roller coaster of a summer with cold weather to now steaming hot. ...

SpiderLabs Radio September 6, 2013 w/ Space Rogue

Microsoft Advance Notification for September 2013

This month Microsoft continues the recent tradition of large Patch Tuesday with fourteen Bulletins ...

SpiderLabs Radio August 30, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Setting HoneyTraps with ModSecurity: Adding Fake robots.txt Disallow Entries

The following blog post is taken from Recipe 3-2: Adding Fake robots.txt Disallow Entries in my new ...

SpiderLabs Radio August 23, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...