SpiderLabs Radio December 28, 2012 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...
Read More
SpiderLabs Radio December 21, 2012 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...
Read MoreSimple Ciphers, and a little SpiderLabs Crypto Contest
Millions have died and millions have been saved because of cryptography. There is no telling what ...
Read MoreFraud, Passwords, and Pwnage on the Interwebz
This past weekend I was lucky enough to attend Microsoft's BlueHat Conference in Redmond WA and ...
Read MoreSetting HoneyTraps with ModSecurity: Project Honeypot Integration
Following up my previous blog post which outlined how to activate additional HTTP ports to catch ...
Read MoreFinding Zero Days Reading Your Mind in the Year 2052
A number of months ago, I was approach by the organizers of TEDxNaperville to speak at their next ...
Read MoreSetting HoneyTraps with ModSecurity: Unused Web Ports
This blog post will show an easy configuration update that you can make to your web servers running ...
Read MoreYou down with LNK?
Oftentimes on an Internal pen test, I find myself with a limited-privilege domain user account. On ...
Read MorePCAP Files Are Great Arn't They??
One of the most important skills in anyone's armory responsible for looking after the security of a ...
Read MoreSpiderLabs Radio December 14, 2012 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This week's news covers ...
Read MoreAbusing the Android Debug Bridge
The android debug bridge (or ADB for short) is a valuable tool, it is what allows smart phone ...
Read MoreMy 5 Top Ways to Escalate Privileges
During a penetration test, rarely will the tester get access to a system with the administrator ...
Read MoreThe Dexter Malware: Getting Your Hands Dirty
A very interesting piece of malware that targets Point of Sale systems has recently surfaced in the ...
Read MoreAbusing SAP Servers
During some recent penetration tests I have noticed that large companies have many similarities in ...
Read More[Honeypot Alert] Turning Local File Inclusion into Reflected Code Execution
Which web application attack type is more severe: Local File Inclusion (LFI) or Code Execution? ...
Read MoreMicrosoft Patch Tuesday, December 2012 – 99 Bottles of Beer on the Wall
The head of Trustwave SpiderLabs Nicholas Percoco has had an unusual goal this year of drinking a ...
Read MoreHow to Hack and Not Get Caught
The following thoughts on internal network penetration strategies are drawn from "OPFOR4Ever," ...
Read MoreClass 101 - Automating the process of fingerprinting Web Applications and Identifying Vulnerabilities.
First of all, this blog post is not for Web Application experts, instead I will cover some basic ...
Read MoreSpiderLabs Radio December 7, 2012 w/ Space Rogue
We are back with a third (new) episode of SpiderLabs Radio hosted by Space Rogue. This weeks news ...
Read More[Honeypot Alert] SQL Injection Scanning Detected in WordPress Error Logs
Normally for these Web Honeypot alert blog posts, I show snippets of the Apache access_log file ...
Read MoreMicrosoft Advance Notification for December 2012
Next week is Patch Tuesday, so this week we get the advance notification for the last updates ...
Read MoreBlackberry OS 10 BlackLists Batman and PoohBear
A Blackberry oriented website in the UK was the first to notice an interesting new feature in the ...
Read MoreCCCDC Blue Teams vs Corporate Blue Team Comparision
This weekend was the Community College Cyber Defense competition at Iowa State University. I had ...
Read MoreProxmark 3, now with more Android
It's no secret; I'm a fan of the Proxmark 3 RFID testing board. It's a device straight out of the ...
Read More[Honeypot Alert] SQL Injection Scanning Targeting Joomla Plugins
The following SQL Injection attack payloads targeting Joomla components were identified in our web ...
Read MoreThe Return of SpiderLabs Radio: Now with Space Rogue
The SpiderLabs podcast known as SpiderLabs Radio has gone through many different formats over the ...
Read MoreAn Analysis of a Fake Vodafone Bill PDF File
We haven't come across many malicious PDF files recently in our spam traps, so when we found this ...
Read More[Honeypot Alert] User-Agent Field XSS Attacks
Our web honeypots picked up some more XSS attacks today:
Read More