[Honeypot Alert] SQL Injection Scanning Targeting Joomla Plugins
The following SQL Injection attack payloads targeting Joomla components were identified in our web ...
Read More
The Return of SpiderLabs Radio: Now with Space Rogue
The SpiderLabs podcast known as SpiderLabs Radio has gone through many different formats over the ...
Read MoreAn Analysis of a Fake Vodafone Bill PDF File
We haven't come across many malicious PDF files recently in our spam traps, so when we found this ...
Read More[Honeypot Alert] User-Agent Field XSS Attacks
Our web honeypots picked up some more XSS attacks today:
Read MoreDetecting Successful XSS Testing with JS Overrides
Do you know when an attacker or security researcher successfully finds a Cross-site Scripting (XSS) ...
Read MoreMicrosoft Patch Tuesday, November 2012 – Lions and Tigers and RCE, Oh My!
I feel some compassion for those system administrators alongthe East Coast of the US this week. Big ...
Read MoreCVE-2012-4969 and the Unnamed Admin Panel
While CVE-2012-4969 isn't new, we are still curious about the various ways this vulnerability can ...
Read MoreMicrosoft Advanced Notification for November 2012 - RCE, Yikes!
Microsoft has released its advance notification for next weeks Patch Tuesday updates.
Read MoreCWE the Vote
It's a nice, sunny day in Cleveland, my friends. Tonight, after the votes are counted, including my ...
Read MoreIntroducing Responder-1.0
Responder is a multi threaded tool that answers to IPv4 LLMNR (Link-local Multicast Name ...
Read MoreTWSL2012-016: Multiple Vulnerabilities in Bitweaver
The Trustwave SpiderLabs team has published a new advisory for multiple vulnerabilities in ...
Read MoreWorm Propagates Through Skype Messages
For the past week, we've received a lot of reports of a worm that propagates through Skype known as ...
Read MoremDNS - Telling the world about you (and your device)
Luiz Eduardo ( @effffn) and Rodrigo Montoro ( @spookerlabs ) have presented "Mobile Snitch -Devices ...
Read MoreMicrosoft Patch Tuesday, October 2012 – Legend of Zelda Edition
Hope you enjoyed last months light patch Tuesday with only two bulletins as this month we are right ...
Read MoreMicrosoft Advanced Notification for October 2012 – Lync, SQL, Headache
Microsoft has released its Advanced Notification for October 2012. After last months release of ...
Read MoreThe Grey Line Between Feature and Vulnerability, iOS edition
I do a lot of Mobile Application Penetration testing for some of our largest clients. Mobile is the ...
Read MoreTrustwave Re-Certified as an Approved Scanning Vendor by PCI SSC
Each year Trustwave undergoes a rigorous testing process maintained by the PCI Security Standards ...
Read MoreJames Bond's Dry Erase Marker: The Hotel PenTest Pen
You may have seen the talk and demonstration by Cody Brocious that allows him to open an Onity ...
Read MoreAnnouncing the availability of ModSecurity extension for Nginx
ModSecurity for Nginx ModSecurity for Nginx is a web server plug-in for the Nginx web server ...
Read MoreHow Should WAFs Handle Authorized Vulnerability Scanning Traffic?
I have been asked this question more and more over the years as organizations are dealing with both ...
Read MoreUpdate from Trustwave SpiderLabs EMEA
Europe, Middle East and Africa consists of around 120 countries depending on the definition of each ...
Read MoreGood things happen when Forensics and Malware Analysis work together.
The SpiderLabs Incident Response team worked a case earlier this year where previously unseen ...
Read MoreSmart Phone + Mail Server = Location Tracking
My last two posts have touched on the privacy perspective in relation tomobile applications. This ...
Read MoreAdding Anti-CSRF Support to Burp Suite Intruder
In the web application penetration testing industry, Burp Suite is considered a must-have tool – it ...
Read MoreUsing Mobile Applications for attacking Web Applications
This simple blog post was motivated by my desire to look at some mobile applications that I happen ...
Read MoreFinSpy Mobile - Configuration and Insight
A couple of weeks ago, Citizen Lab announced the discovery of the mobile component to the ...
Read MoreGetting in with the Proxmark 3 and ProxBrute
As a member of the Physical Security team here at SpiderLabs, some of my job responsibilities ...
Read More