Microsoft Patch Tuesday, January 2013 – Hot Sauce
I had lunch today at a great little Cajun restaurant in Chicago called Heaven on Seven, so named ...
Read MoreGoodies released with Trustwave SWG Security Update 141
As cliché as it may sound, security is done in layers and so, using our generic rules, we were able ...
Read MoreSpiderLabs Radio January 04, 2013 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...
Read MoreDissecting a CVE-2012-4792 Payload
A little while ago I was fortunate enough to get ahold of a sample that was dropped on a system ...
Read MoreMicrosoft Advance Notification for January 2013
If you were hoping for a nice relaxing Patch Tuesday after the holidays, well, sorry to disappoint ...
Read MoreHacking with Drain Cleaner – Yet Another BitLocker Bypass Technique
As hard-wired as any Application Specific Integrated Circuit it seems the Infosec community can't ...
Read MoreChoppy Regulatory Waters ahead for EU SMEs?
There's been a reasonable amount of coverage of the (proposed) data protection legal framework ...
Read MorePhotobucket: An Identity Thief's Playground
Photobucket is a popular social media site that acts as gallery and cloud storage for user photos. ...
Read MoreInternet Explorer - 2012 Last Minute 0-Day
Using Zero Days attacks at end of the year are not the most considerate thing to do for the ...
Read MoreWardrive, Raspberry Pi Style!
I purchased a Raspberry Pi a few weeks back. I found that I could power it, with a WiFi card and a ...
Read MoreGetting Terminal Access to a Cisco Linksys E-1000
Over the past couple weeks, I've been spending a lot of time hacking on various embedded devices to ...
Read MoreAssessing iOS Applications – setting up a test environment and grabbing low hanging fruit
This guide should serve as an introduction for those wishing to get into iOS application security ...
Read MoreTeaching Security Self-Defense
My background in IT comes mostly from a nomadic perspective. In my years of IT and InfoSec, I've ...
Read MoreSmuggler - An interactive 802.11 wireless shell without the need for authentication or association
I've always been fascinated by wireless communications. The ability to launch seemingly invisible ...
Read MoreBe Off the Beaten XPath, Go Blind
XPath (XML Path Language) is a language used to query XML documents in order to extract data. XML ...
Read MoreSpiderLabs Radio December 28, 2012 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...
Read MoreSpiderLabs Radio December 21, 2012 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...
Read MoreSimple Ciphers, and a little SpiderLabs Crypto Contest
Millions have died and millions have been saved because of cryptography. There is no telling what ...
Read MoreFraud, Passwords, and Pwnage on the Interwebz
This past weekend I was lucky enough to attend Microsoft's BlueHat Conference in Redmond WA and ...
Read MoreSetting HoneyTraps with ModSecurity: Project Honeypot Integration
Following up my previous blog post which outlined how to activate additional HTTP ports to catch ...
Read MoreFinding Zero Days Reading Your Mind in the Year 2052
A number of months ago, I was approach by the organizers of TEDxNaperville to speak at their next ...
Read MoreSetting HoneyTraps with ModSecurity: Unused Web Ports
This blog post will show an easy configuration update that you can make to your web servers running ...
Read MoreYou down with LNK?
Oftentimes on an Internal pen test, I find myself with a limited-privilege domain user account. On ...
Read MorePCAP Files Are Great Arn't They??
One of the most important skills in anyone's armory responsible for looking after the security of a ...
Read MoreSpiderLabs Radio December 14, 2012 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This week's news covers ...
Read MoreAbusing the Android Debug Bridge
The android debug bridge (or ADB for short) is a valuable tool, it is what allows smart phone ...
Read MoreMy 5 Top Ways to Escalate Privileges
During a penetration test, rarely will the tester get access to a system with the administrator ...
Read MoreThe Dexter Malware: Getting Your Hands Dirty
A very interesting piece of malware that targets Point of Sale systems has recently surfaced in the ...
Read More