Did Grum Really Get Killed?
For several years before July 2012 takedown, Grum was one of the notorious spam botnets and at one ...
Read More
SpiderLabs Radio March 22, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Korea, teamSpy, Scan all the ...
Read MoreBaiting Attack Exercise – The Old School Way Still Works
In the past few months, we have had quite a few social engineering and client-side penetration ...
Read MoreMongodb - Security Weaknesses in a typical NoSQL database
Over the last year or so, I've noticed 2 ports appearing more frequently during internal ...
Read MoreSpiderLabs Radio March 15, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers China, celebs breached, NVD ...
Read MoreFresh Coffee Served by CoolEK
As you may already know, the past few months have been problematic to Oracle when it comes to ...
Read MoreMimicking Attackers: Building Malware for CCDC
This past weekend my fellow coworkers/friends and myself had the opportunity and the privilege to ...
Read MoreMicrosoft Patch Tuesday, March 2013 – Happy St. Patch-rick's Day!
Saint Patrick's day is quickly becoming Saint Patrick's week. Some cities have scheduled their ...
Read MoreSpiderLabs Radio March 8, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Pwn2own, Chrome free, ...
Read MoreMicrosoft Advance Notification for March 2013
First the raw numbers; we have seven bulletins this month, four critical, and three important. ...
Read MoreUpcoming Webinars: 2013 Trustwave Global Security Report Threat Trends
A few weeks ago we released the 2013 Trustwave Global Security Report. This year, Trustwave ...
Read MoreOS Image Wrangling
On most PenTests, alot of research goes into the things you find along the way. You find obscure ...
Read MoreThe Life Cycle of Web Server Botnet Recruitment
This blog post is an excerpt taken from the recently released Global Security Report (GSR) for 2013.
Read MoreKelihos is Dead… No wait… Long Live Kelihos! Again!
This post is inspired by a news article which highlighted a recent presentation at RSA. Kelihos, ...
Read MoreYou Injected What? Where?
While harder to detect, there are still some instances of websites exploitable via partially blind ...
Read More'Cyber' Security - must become a board level issue in the UK ...really?
The UK Government is "committed to helpingreduce vulnerability to attacks and ensure that the UK is ...
Read MoreNew Year, New Data, Same Mistakes: Passwords
Like a late-arriving Christmas, one of the gifts of the new year is the release of SpiderLabs' ...
Read MoreSpiderLabs Radio March 1, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Half a Stuxnet, MiniDuke, MBU, ...
Read MoreMore on the TrustKeeper Phish
Yesterday we alerted people to a widespread phishing campaign misusing Trustwave's brand. Here we ...
Read MoreSpiderLabs Radio February 22, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers The Mandiant RedScare, ...
Read MoreTrustwave TrustKeeper PCI Scan Notification - Phishing ALERT
Over the last few hours, Trustwave has received multiple reports of individuals receiving fake ...
Read MoreEasy DOM-based XSS detection via Regexes
If you are interested in finding DOM-based XSS, you must have knowledge of ...
Read MoreSpiderLabs Radio February 15, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue covers Bit9 Looses Bits, Adobe Adobe ...
Read More[Honeypot Alert] User-Agent Field PHP Injection Attacks
In a previous Honeypot Alert blog post, I showed an example of attackers using LFI attacks to ...
Read MoreOwning Windows Networks With Responder Part 2
One of the great things about working within SpiderLabs is that we prefer to use our own tools ...
Read MoreSpiderLabs Radio February 8, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Twitter breach, Java again, ...
Read More