SpiderLabs Radio March 15, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers China, celebs breached, NVD ...
Read More
Fresh Coffee Served by CoolEK
As you may already know, the past few months have been problematic to Oracle when it comes to ...
Read MoreMimicking Attackers: Building Malware for CCDC
This past weekend my fellow coworkers/friends and myself had the opportunity and the privilege to ...
Read MoreMicrosoft Patch Tuesday, March 2013 – Happy St. Patch-rick's Day!
Saint Patrick's day is quickly becoming Saint Patrick's week. Some cities have scheduled their ...
Read MoreSpiderLabs Radio March 8, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Pwn2own, Chrome free, ...
Read MoreMicrosoft Advance Notification for March 2013
First the raw numbers; we have seven bulletins this month, four critical, and three important. ...
Read MoreUpcoming Webinars: 2013 Trustwave Global Security Report Threat Trends
A few weeks ago we released the 2013 Trustwave Global Security Report. This year, Trustwave ...
Read MoreOS Image Wrangling
On most PenTests, alot of research goes into the things you find along the way. You find obscure ...
Read MoreThe Life Cycle of Web Server Botnet Recruitment
This blog post is an excerpt taken from the recently released Global Security Report (GSR) for 2013.
Read MoreKelihos is Dead… No wait… Long Live Kelihos! Again!
This post is inspired by a news article which highlighted a recent presentation at RSA. Kelihos, ...
Read MoreYou Injected What? Where?
While harder to detect, there are still some instances of websites exploitable via partially blind ...
Read More'Cyber' Security - must become a board level issue in the UK ...really?
The UK Government is "committed to helpingreduce vulnerability to attacks and ensure that the UK is ...
Read MoreNew Year, New Data, Same Mistakes: Passwords
Like a late-arriving Christmas, one of the gifts of the new year is the release of SpiderLabs' ...
Read MoreSpiderLabs Radio March 1, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Half a Stuxnet, MiniDuke, MBU, ...
Read MoreMore on the TrustKeeper Phish
Yesterday we alerted people to a widespread phishing campaign misusing Trustwave's brand. Here we ...
Read MoreSpiderLabs Radio February 22, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers The Mandiant RedScare, ...
Read MoreTrustwave TrustKeeper PCI Scan Notification - Phishing ALERT
Over the last few hours, Trustwave has received multiple reports of individuals receiving fake ...
Read MoreEasy DOM-based XSS detection via Regexes
If you are interested in finding DOM-based XSS, you must have knowledge of ...
Read MoreSpiderLabs Radio February 15, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue covers Bit9 Looses Bits, Adobe Adobe ...
Read More[Honeypot Alert] User-Agent Field PHP Injection Attacks
In a previous Honeypot Alert blog post, I showed an example of attackers using LFI attacks to ...
Read MoreOwning Windows Networks With Responder Part 2
One of the great things about working within SpiderLabs is that we prefer to use our own tools ...
Read MoreSpiderLabs Radio February 8, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Twitter breach, Java again, ...
Read MoreServer-Side XSS Attack Detection with ModSecurity and PhantomJS
Client-Side JS Overriding Limitations In a previous blog post, I outlined how you could use ...
Read MoreMicrosoft Advance Notification for February 2013
The Advance Notification of Patch Tuesday from Microsoft has twelve bulletins listed for this ...
Read MoreCryptOMG Walkthough - Challenge 2
For those of you that missed it last time, CryptOMG is a configurable CTF-style test bed that ...
Read MoreModSecurity IIS Updates: Stable Release, Award Recognition and More
ModSecurity for IIS Stable Release As part of our recent release of ModSecurity v2.7.2, not only ...
Read More