SpiderLabs Radio August 2, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

Announcing the ModSecurity XSS Evasion Challenge

The SpiderLabs Research Team is pleased to announce the release of the ModSecurity XSS Evasion ...

Read More

SpiderLabs Radio July 26, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

SpiderLabs Radio July 19, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

Top Ten Survival Tips for the Dehydrated N00b Zombie Apocalypse at Security Week 2013

Just look at the face: it's vacant, with a hint of sadness. Like a drunk who's lost a bet. —Dianne ...

Read More

ModSecurity Advanced Topic of the Week: Mitigating XSS Vulnerabilities Using Targeted CSP Enforcement

Content Security Policy (CSP) Implementation Challenges CSP is an extremely powerful tool for ...

Read More

SpiderLabs Radio July 12, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

Spiders Are Fun!, DEF CON's 21, Come Chat at Black Hat

Security week in Las Vegas will be here before we know it. The SpiderLabs team will be busy: talks ...

Read More

XSS, SQLi in OpenEMR 4.1.1

A few tests ago, I came across an OpenEMR install with a weak password for a 'Guest' level account. ...

Read More

Microsoft Patch Tuesday, July 2013 - CRITICAL

This is probably one of the most important Patch Tuesday's we have seen in quite some time. While ...

Read More

ModSecurity Advanced Topic of the Week: Detecting Banking Trojan Page Modifications

The following blog post is taken from Recipe 10-5: Detecting Banking Trojan (Man-in-the-Browser) ...

Read More

SpiderLabs Radio July 5, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

Custom Native Library Loader for Android

If you read my co-worker Neal Hindocha's recent post "Debugging Android Libraries using IDA" you ...

Read More

Microsoft Advance Notification for July 2013 – BOOM!

While you were stuffing your face with hotdogs and potato salad and then watching fireworks go ...

Read More

Look What I Found: It's a Pony!

Every once in a while we get to peek into the lion's den, this time we'll be checking out a fairly ...

Read More

Corporate Passwords Part 1

With the vast amount of research and content that was done by SpiderLabs for the Global Security ...

Read More

SpiderLabs Radio June 28, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

A Friday Afternoon Troubleshooting Ruby OpenSSL... it's a trap!

Last Friday I was trying out some new code that one of my colleagues wrote to help automate some of ...

Read More

Exploiting Serialized XSS in Joomla! (return of the undead CVE)

While reviewing Joomla! Vulnerabilities I felt a glitch in the matrix. Deja vu had set in and I was ...

Read More

Fake Qantas Spam Campaign Leads to Andromeda Bot Infection

If you have booked a flight from Qantas recently, you might be expecting a booking confirmation in ...

Read More

Digging Into the New Apache Injection Module

I recently got a chance to dig into a couple variants of the new Apache injection module that ...

Read More

Welcome to the Spider’s Lair

"Will you step into my parlor?" said the spider to the fly; "'Tis the prettiest little parlor that ...

Read More

Old Exploits Still Do the Trick

We are all aware that patching is very important. Many websites, however, take the risk of not ...

Read More

Debugging Android Libraries using IDA

During a recent test, I encountered a native JNI library used by an Android application. I needed ...

Read More

SpiderLabs Radio June 21, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

The Problem With Networks .....

Where do I start with this open-ended statement? I guess from a pen testing perspective, quite a ...

Read More

CBC-R: It's not just for padding oracles!

This is the short, technical version of a technique that I'll be writing more about in a few days. ...

Read More

Wendel's Small Hacking Tricks - Microsoft SQL Server Edition

Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...

Read More