Detecting Successful XSS Testing with JS Overrides
Do you know when an attacker or security researcher successfully finds a Cross-site Scripting (XSS) ...
Read More
Microsoft Patch Tuesday, November 2012 – Lions and Tigers and RCE, Oh My!
I feel some compassion for those system administrators alongthe East Coast of the US this week. Big ...
Read MoreCVE-2012-4969 and the Unnamed Admin Panel
While CVE-2012-4969 isn't new, we are still curious about the various ways this vulnerability can ...
Read MoreMicrosoft Advanced Notification for November 2012 - RCE, Yikes!
Microsoft has released its advance notification for next weeks Patch Tuesday updates.
Read MoreCWE the Vote
It's a nice, sunny day in Cleveland, my friends. Tonight, after the votes are counted, including my ...
Read MoreIntroducing Responder-1.0
Responder is a multi threaded tool that answers to IPv4 LLMNR (Link-local Multicast Name ...
Read MoreTWSL2012-016: Multiple Vulnerabilities in Bitweaver
The Trustwave SpiderLabs team has published a new advisory for multiple vulnerabilities in ...
Read MoreWorm Propagates Through Skype Messages
For the past week, we've received a lot of reports of a worm that propagates through Skype known as ...
Read MoremDNS - Telling the world about you (and your device)
Luiz Eduardo ( @effffn) and Rodrigo Montoro ( @spookerlabs ) have presented "Mobile Snitch -Devices ...
Read MoreMicrosoft Patch Tuesday, October 2012 – Legend of Zelda Edition
Hope you enjoyed last months light patch Tuesday with only two bulletins as this month we are right ...
Read MoreMicrosoft Advanced Notification for October 2012 – Lync, SQL, Headache
Microsoft has released its Advanced Notification for October 2012. After last months release of ...
Read MoreThe Grey Line Between Feature and Vulnerability, iOS edition
I do a lot of Mobile Application Penetration testing for some of our largest clients. Mobile is the ...
Read MoreTrustwave Re-Certified as an Approved Scanning Vendor by PCI SSC
Each year Trustwave undergoes a rigorous testing process maintained by the PCI Security Standards ...
Read MoreJames Bond's Dry Erase Marker: The Hotel PenTest Pen
You may have seen the talk and demonstration by Cody Brocious that allows him to open an Onity ...
Read MoreAnnouncing the availability of ModSecurity extension for Nginx
ModSecurity for Nginx ModSecurity for Nginx is a web server plug-in for the Nginx web server ...
Read MoreHow Should WAFs Handle Authorized Vulnerability Scanning Traffic?
I have been asked this question more and more over the years as organizations are dealing with both ...
Read MoreUpdate from Trustwave SpiderLabs EMEA
Europe, Middle East and Africa consists of around 120 countries depending on the definition of each ...
Read MoreGood things happen when Forensics and Malware Analysis work together.
The SpiderLabs Incident Response team worked a case earlier this year where previously unseen ...
Read MoreSmart Phone + Mail Server = Location Tracking
My last two posts have touched on the privacy perspective in relation tomobile applications. This ...
Read MoreAdding Anti-CSRF Support to Burp Suite Intruder
In the web application penetration testing industry, Burp Suite is considered a must-have tool – it ...
Read MoreUsing Mobile Applications for attacking Web Applications
This simple blog post was motivated by my desire to look at some mobile applications that I happen ...
Read MoreFinSpy Mobile - Configuration and Insight
A couple of weeks ago, Citizen Lab announced the discovery of the mobile component to the ...
Read MoreGetting in with the Proxmark 3 and ProxBrute
As a member of the Physical Security team here at SpiderLabs, some of my job responsibilities ...
Read MoreOops, I pwned your router - Part Two
In the last blog post, "Opps I pwned your router Part One", I talked about some of poor security ...
Read MoreGuidance for firms using the NetAccess N-1000
SpiderLabs' Incident Response team has recently seen credit card fraud involving the suspected ...
Read MoreHey, I just met you, and this is crazy, but here's my hashes, so hack me maybe?
Those familiar with password cracking know that KoreLogic's rule set for John the Ripper has become ...
Read MoreDid I do that? (PenTest Faux Pas)
Many times, in the course of explaining what I do to others that are unfamiliar with information ...
Read More