A Friday Afternoon Troubleshooting Ruby OpenSSL... it's a trap!
Last Friday I was trying out some new code that one of my colleagues wrote to help automate some of ...
Read MoreExploiting Serialized XSS in Joomla! (return of the undead CVE)
While reviewing Joomla! Vulnerabilities I felt a glitch in the matrix. Deja vu had set in and I was ...
Read MoreFake Qantas Spam Campaign Leads to Andromeda Bot Infection
If you have booked a flight from Qantas recently, you might be expecting a booking confirmation in ...
Read MoreDigging Into the New Apache Injection Module
I recently got a chance to dig into a couple variants of the new Apache injection module that ...
Read MoreWelcome to the Spider’s Lair
"Will you step into my parlor?" said the spider to the fly; "'Tis the prettiest little parlor that ...
Read MoreOld Exploits Still Do the Trick
We are all aware that patching is very important. Many websites, however, take the risk of not ...
Read MoreDebugging Android Libraries using IDA
During a recent test, I encountered a native JNI library used by an Android application. I needed ...
Read MoreSpiderLabs Radio June 21, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreThe Problem With Networks .....
Where do I start with this open-ended statement? I guess from a pen testing perspective, quite a ...
Read MoreCBC-R: It's not just for padding oracles!
This is the short, technical version of a technique that I'll be writing more about in a few days. ...
Read MoreWendel's Small Hacking Tricks - Microsoft SQL Server Edition
Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...
Read More[Honeypot Alert] Inside the Attacker's Toolbox: Webshell Usage Logging
In a previous blog post, we discussed the common lifecycle of web server botnet recruitment. While ...
Read MoreDiscovering BMW Car Systems: Getting Started
Since I love both (in)security and cars, it is not uncommon for me to mix those things on a regular ...
Read MoreSpiderLabs Radio June 14, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's ...
Read MoreSometimes, The PenTest Gods Shine On You
Settling down for a hacking session usually means lots of hard work and a long grind towards target ...
Read MoreMicrosoft Patch Tuesday, June 2013
Finally, patch Tuesday has arrived and fortunately this one will be a real treat. This release ...
Read MoreTWSL2013-007: Multiple Vulnerabilities in VLC Media Player - Web Interface
Yesterday, Trustwave SpiderLabs has published an advisory for multiple vulnerabilities in the VLC ...
Read MoreTWSL2013-006: Cross-Site Scripting Vulnerability in Coldbox
Trustwave SpiderLabs has published a new advisory yesterday fora reflective cross-site scripting ...
Read More[Honeypot Alert] Active Exploits Attempts for Plesk Vulnerability
Last week, hacker "kingcope" provided PoC expliot code for a Plesk 0-day on the Full Disclosure ...
Read MoreBehind the Phish: Romance Perhaps?
When I look at the masses of spam we receive on a daily basis, I often wonder who is behind it all. ...
Read MoreSpiderLabs Radio June 7, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's ...
Read MoreMicrosoft Advance Notification for June 2013
So far this year we has had two Patch Tuesday months with seven bulletins (January and March) and ...
Read MoreModSecurity Updates: Nginx Stable Release and Google Summer of Code Participation
Availability of ModSecurity 2.7.4: Nginx Stable Release The ModSecurity Development Team is pleased ...
Read MoreThe Speed is from the Devil – Some Thoughts about Google’s New Disclosure Policy
If you follow info-security news, you might have heard about Google considering a change in its ...
Read MoreAlina: Following The Shadow Part 2
This will likely be the final blog post in this series on the Alina Point of Sale (POS) malware ...
Read MoreSpiderLabs Radio May 31, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's ...
Read MoreUnder The Hood: Linksys Remote Command Injection Vulnerabilities
Several models in the Linksys E-Series WiFi routers running their respective current firmwares are ...
Read MoreModSecurity Performance Recommendations
Sometimes we see ModSecurity users asking about performance in the mail-list. During this post I ...
Read More