Honeypot Recon: MSSQL Server – Database Threat Overview '22/'23
Introduction In a constantly connected world, protecting sensitive data in what are often complex ...
Read MoreBrute-forcing ButterflyMX Virtual Keys and Hacking Time Limits
Recently, I discovered two vulnerabilities in the ButterflyMX system which were responsibly ...
Read MoreKillNet, Anonymous Sudan, and REvil Unveil Plans for Attacks on US and European Banking Systems
In a recent development, Russian hackers have declared their intention to launch cyberattacks on ...
Read MoreHoneypot Recon: Global Database Threat Landscape
In today's digital era, the importance of securing databases cannot be overstated. As more and more ...
Read MoreTrustwave Action Response: Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868)
On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability ...
Read MoreFrom Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings
I've been pentesting applications for nearly two decades now and throughout that time you get to ...
Read MoreTrustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
Update - June 16, 2023: The second vulnerability mentioned in the June 12 update now has an ...
Read MoreHunting For Password Reset Tokens By Spraying And Using HTTP Pipelining
As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all ...
Read MoreAnalyzing the NTC Vulkan Leak: What it Says About Russia's Cyber Capabilities
Information disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability ...
Read MoreMicrosoft Encrypted Restricted Permission Messages Deliver Phishing
Over the past few days, we have seen phishing attacks that use a combination of compromised ...
Read MoreFrom Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over
For those wondering what GraphQL is…
Read MoreWhen User Impersonation Features In Applications Go Bad
A user impersonation feature typically allows a privileged user, such as an administrator, but ...
Read MoreAbusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style
I feel I need to clarify, for legal reasons, that this is nothing to do with any Harry Potter game. ...
Read MoreRendezvous with a Chatbot: Chaining Contextual Risk Vulnerabilities
Ignoring the little stuff is never a good idea. Anyone who has pretended that the small noise their ...
Read MoreWhy It’s Important to Change Default Credentials
Security best practice guidelines always call for changing default passwords as any password left ...
Read MoreDissecting Buffer Overflow Attacks in MongoDB
Towards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability ...
Read MoreCVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd
A little bit of background for those not familiar with chfn…
Read MoreDeobfuscating the Recent Emotet Epoch 4 Macro
In early March, one of the notorious botnets, Emotet, resumed its spamming activities after a ...
Read MoreRilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets ...
Read MoreTrustwave Action Response: Supply Chain Attack Using 3CX PABX Software
Overview On March 29, a massive supply chain compromise in 3CX software resulted in malware being ...
Read MoreAnonymous Sudan: Religious Hacktivists or Russian Front Group?
The Trustwave SpiderLabs research team has been tracking a new threat group calling itself ...
Read More2023 Tax Scam Emails Exposed: Unmasking Deceptive Trends
Tax season is a busy time of year for taxpayers and threat actors. Consumers and businesses focus ...
Read MoreChatGPT: The Right Tool for the Job?
Since it was first released to the public late last year, ChatGPT has successfully captured the ...
Read MoreOneNote Spear-Phishing Campaign
Trustwave SpiderLabs “noted” in Part 1 and Part 2 of our OneNote research that OneNote has been ...
Read MoreA Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 1
Introduction Threat actors are taking advantage of Microsoft OneNote's ability to embed files and ...
Read MoreA Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 2
In part one, we examined how threat actors abuse a OneNote document to install an infostealer. Part ...
Read MoreNetwork Map NMAP Meets ChatGPT
We’ve now seen a number of different use cases for ChatGPT from marketing, sales, software ...
Read More