Assessing iOS Applications – setting up a test environment and grabbing low hanging fruit
This guide should serve as an introduction for those wishing to get into iOS application security ...
Read More
Teaching Security Self-Defense
My background in IT comes mostly from a nomadic perspective. In my years of IT and InfoSec, I've ...
Read MoreSmuggler - An interactive 802.11 wireless shell without the need for authentication or association
I've always been fascinated by wireless communications. The ability to launch seemingly invisible ...
Read MoreBe Off the Beaten XPath, Go Blind
XPath (XML Path Language) is a language used to query XML documents in order to extract data. XML ...
Read MoreSpiderLabs Radio December 28, 2012 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...
Read MoreSpiderLabs Radio December 21, 2012 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...
Read MoreSimple Ciphers, and a little SpiderLabs Crypto Contest
Millions have died and millions have been saved because of cryptography. There is no telling what ...
Read MoreFraud, Passwords, and Pwnage on the Interwebz
This past weekend I was lucky enough to attend Microsoft's BlueHat Conference in Redmond WA and ...
Read MoreSetting HoneyTraps with ModSecurity: Project Honeypot Integration
Following up my previous blog post which outlined how to activate additional HTTP ports to catch ...
Read MoreFinding Zero Days Reading Your Mind in the Year 2052
A number of months ago, I was approach by the organizers of TEDxNaperville to speak at their next ...
Read MoreSetting HoneyTraps with ModSecurity: Unused Web Ports
This blog post will show an easy configuration update that you can make to your web servers running ...
Read MoreYou down with LNK?
Oftentimes on an Internal pen test, I find myself with a limited-privilege domain user account. On ...
Read MorePCAP Files Are Great Arn't They??
One of the most important skills in anyone's armory responsible for looking after the security of a ...
Read MoreSpiderLabs Radio December 14, 2012 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This week's news covers ...
Read MoreAbusing the Android Debug Bridge
The android debug bridge (or ADB for short) is a valuable tool, it is what allows smart phone ...
Read MoreMy 5 Top Ways to Escalate Privileges
During a penetration test, rarely will the tester get access to a system with the administrator ...
Read MoreThe Dexter Malware: Getting Your Hands Dirty
A very interesting piece of malware that targets Point of Sale systems has recently surfaced in the ...
Read MoreAbusing SAP Servers
During some recent penetration tests I have noticed that large companies have many similarities in ...
Read More[Honeypot Alert] Turning Local File Inclusion into Reflected Code Execution
Which web application attack type is more severe: Local File Inclusion (LFI) or Code Execution? ...
Read MoreMicrosoft Patch Tuesday, December 2012 – 99 Bottles of Beer on the Wall
The head of Trustwave SpiderLabs Nicholas Percoco has had an unusual goal this year of drinking a ...
Read MoreHow to Hack and Not Get Caught
The following thoughts on internal network penetration strategies are drawn from "OPFOR4Ever," ...
Read MoreClass 101 - Automating the process of fingerprinting Web Applications and Identifying Vulnerabilities.
First of all, this blog post is not for Web Application experts, instead I will cover some basic ...
Read MoreSpiderLabs Radio December 7, 2012 w/ Space Rogue
We are back with a third (new) episode of SpiderLabs Radio hosted by Space Rogue. This weeks news ...
Read More[Honeypot Alert] SQL Injection Scanning Detected in WordPress Error Logs
Normally for these Web Honeypot alert blog posts, I show snippets of the Apache access_log file ...
Read MoreMicrosoft Advance Notification for December 2012
Next week is Patch Tuesday, so this week we get the advance notification for the last updates ...
Read MoreBlackberry OS 10 BlackLists Batman and PoohBear
A Blackberry oriented website in the UK was the first to notice an interesting new feature in the ...
Read MoreCCCDC Blue Teams vs Corporate Blue Team Comparision
This weekend was the Community College Cyber Defense competition at Iowa State University. I had ...
Read MoreProxmark 3, now with more Android
It's no secret; I'm a fan of the Proxmark 3 RFID testing board. It's a device straight out of the ...
Read More