SpiderLabs Radio August 2, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read More
Announcing the ModSecurity XSS Evasion Challenge
The SpiderLabs Research Team is pleased to announce the release of the ModSecurity XSS Evasion ...
Read MoreSpiderLabs Radio July 26, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreSpiderLabs Radio July 19, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreTop Ten Survival Tips for the Dehydrated N00b Zombie Apocalypse at Security Week 2013
Just look at the face: it's vacant, with a hint of sadness. Like a drunk who's lost a bet. —Dianne ...
Read MoreModSecurity Advanced Topic of the Week: Mitigating XSS Vulnerabilities Using Targeted CSP Enforcement
Content Security Policy (CSP) Implementation Challenges CSP is an extremely powerful tool for ...
Read MoreSpiderLabs Radio July 12, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreSpiders Are Fun!, DEF CON's 21, Come Chat at Black Hat
Security week in Las Vegas will be here before we know it. The SpiderLabs team will be busy: talks ...
Read MoreXSS, SQLi in OpenEMR 4.1.1
A few tests ago, I came across an OpenEMR install with a weak password for a 'Guest' level account. ...
Read MoreMicrosoft Patch Tuesday, July 2013 - CRITICAL
This is probably one of the most important Patch Tuesday's we have seen in quite some time. While ...
Read MoreModSecurity Advanced Topic of the Week: Detecting Banking Trojan Page Modifications
The following blog post is taken from Recipe 10-5: Detecting Banking Trojan (Man-in-the-Browser) ...
Read MoreSpiderLabs Radio July 5, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreCustom Native Library Loader for Android
If you read my co-worker Neal Hindocha's recent post "Debugging Android Libraries using IDA" you ...
Read MoreMicrosoft Advance Notification for July 2013 – BOOM!
While you were stuffing your face with hotdogs and potato salad and then watching fireworks go ...
Read MoreLook What I Found: It's a Pony!
Every once in a while we get to peek into the lion's den, this time we'll be checking out a fairly ...
Read MoreCorporate Passwords Part 1
With the vast amount of research and content that was done by SpiderLabs for the Global Security ...
Read MoreSpiderLabs Radio June 28, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreA Friday Afternoon Troubleshooting Ruby OpenSSL... it's a trap!
Last Friday I was trying out some new code that one of my colleagues wrote to help automate some of ...
Read MoreExploiting Serialized XSS in Joomla! (return of the undead CVE)
While reviewing Joomla! Vulnerabilities I felt a glitch in the matrix. Deja vu had set in and I was ...
Read MoreFake Qantas Spam Campaign Leads to Andromeda Bot Infection
If you have booked a flight from Qantas recently, you might be expecting a booking confirmation in ...
Read MoreDigging Into the New Apache Injection Module
I recently got a chance to dig into a couple variants of the new Apache injection module that ...
Read MoreWelcome to the Spider’s Lair
"Will you step into my parlor?" said the spider to the fly; "'Tis the prettiest little parlor that ...
Read MoreOld Exploits Still Do the Trick
We are all aware that patching is very important. Many websites, however, take the risk of not ...
Read MoreDebugging Android Libraries using IDA
During a recent test, I encountered a native JNI library used by an Android application. I needed ...
Read MoreSpiderLabs Radio June 21, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreThe Problem With Networks .....
Where do I start with this open-ended statement? I guess from a pen testing perspective, quite a ...
Read MoreCBC-R: It's not just for padding oracles!
This is the short, technical version of a technique that I'll be writing more about in a few days. ...
Read MoreWendel's Small Hacking Tricks - Microsoft SQL Server Edition
Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...
Read More