Hacking with Drain Cleaner – Yet Another BitLocker Bypass Technique

As hard-wired as any Application Specific Integrated Circuit it seems the Infosec community can't ...

Read More

Choppy Regulatory Waters ahead for EU SMEs?

There's been a reasonable amount of coverage of the (proposed) data protection legal framework ...

Read More

Photobucket: An Identity Thief's Playground

Photobucket is a popular social media site that acts as gallery and cloud storage for user photos. ...

Read More

Internet Explorer - 2012 Last Minute 0-Day

Using Zero Days attacks at end of the year are not the most considerate thing to do for the ...

Read More

Wardrive, Raspberry Pi Style!

I purchased a Raspberry Pi a few weeks back. I found that I could power it, with a WiFi card and a ...

Read More

Getting Terminal Access to a Cisco Linksys E-1000

Over the past couple weeks, I've been spending a lot of time hacking on various embedded devices to ...

Read More

Assessing iOS Applications – setting up a test environment and grabbing low hanging fruit

This guide should serve as an introduction for those wishing to get into iOS application security ...

Read More

Teaching Security Self-Defense

My background in IT comes mostly from a nomadic perspective. In my years of IT and InfoSec, I've ...

Read More

Smuggler - An interactive 802.11 wireless shell without the need for authentication or association

I've always been fascinated by wireless communications. The ability to launch seemingly invisible ...

Read More

Be Off the Beaten XPath, Go Blind

XPath (XML Path Language) is a language used to query XML documents in order to extract data. XML ...

Read More

SpiderLabs Radio December 28, 2012 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...

Read More

SpiderLabs Radio December 21, 2012 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...

Read More

Simple Ciphers, and a little SpiderLabs Crypto Contest

Millions have died and millions have been saved because of cryptography. There is no telling what ...

Read More

Fraud, Passwords, and Pwnage on the Interwebz

This past weekend I was lucky enough to attend Microsoft's BlueHat Conference in Redmond WA and ...

Read More

Setting HoneyTraps with ModSecurity: Project Honeypot Integration

Following up my previous blog post which outlined how to activate additional HTTP ports to catch ...

Read More

Finding Zero Days Reading Your Mind in the Year 2052

A number of months ago, I was approach by the organizers of TEDxNaperville to speak at their next ...

Read More

Setting HoneyTraps with ModSecurity: Unused Web Ports

This blog post will show an easy configuration update that you can make to your web servers running ...

Read More

You down with LNK?

Oftentimes on an Internal pen test, I find myself with a limited-privilege domain user account. On ...

Read More

PCAP Files Are Great Arn't They??

One of the most important skills in anyone's armory responsible for looking after the security of a ...

Read More

SpiderLabs Radio December 14, 2012 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This week's news covers ...

Read More

Abusing the Android Debug Bridge

The android debug bridge (or ADB for short) is a valuable tool, it is what allows smart phone ...

Read More

My 5 Top Ways to Escalate Privileges

During a penetration test, rarely will the tester get access to a system with the administrator ...

Read More

The Dexter Malware: Getting Your Hands Dirty

A very interesting piece of malware that targets Point of Sale systems has recently surfaced in the ...

Read More

Abusing SAP Servers

During some recent penetration tests I have noticed that large companies have many similarities in ...

Read More

[Honeypot Alert] Turning Local File Inclusion into Reflected Code Execution

Which web application attack type is more severe: Local File Inclusion (LFI) or Code Execution? ...

Read More

Microsoft Patch Tuesday, December 2012 – 99 Bottles of Beer on the Wall

The head of Trustwave SpiderLabs Nicholas Percoco has had an unusual goal this year of drinking a ...

Read More

How to Hack and Not Get Caught

The following thoughts on internal network penetration strategies are drawn from "OPFOR4Ever," ...

Read More

Class 101 - Automating the process of fingerprinting Web Applications and Identifying Vulnerabilities.

First of all, this blog post is not for Web Application experts, instead I will cover some basic ...

Read More