Abusing SAP Servers
During some recent penetration tests I have noticed that large companies have many similarities in ...
Read More[Honeypot Alert] Turning Local File Inclusion into Reflected Code Execution
Which web application attack type is more severe: Local File Inclusion (LFI) or Code Execution? ...
Read MoreMicrosoft Patch Tuesday, December 2012 – 99 Bottles of Beer on the Wall
The head of Trustwave SpiderLabs Nicholas Percoco has had an unusual goal this year of drinking a ...
Read MoreHow to Hack and Not Get Caught
The following thoughts on internal network penetration strategies are drawn from "OPFOR4Ever," ...
Read MoreClass 101 - Automating the process of fingerprinting Web Applications and Identifying Vulnerabilities.
First of all, this blog post is not for Web Application experts, instead I will cover some basic ...
Read MoreSpiderLabs Radio December 7, 2012 w/ Space Rogue
We are back with a third (new) episode of SpiderLabs Radio hosted by Space Rogue. This weeks news ...
Read More[Honeypot Alert] SQL Injection Scanning Detected in WordPress Error Logs
Normally for these Web Honeypot alert blog posts, I show snippets of the Apache access_log file ...
Read MoreMicrosoft Advance Notification for December 2012
Next week is Patch Tuesday, so this week we get the advance notification for the last updates ...
Read MoreBlackberry OS 10 BlackLists Batman and PoohBear
A Blackberry oriented website in the UK was the first to notice an interesting new feature in the ...
Read MoreCCCDC Blue Teams vs Corporate Blue Team Comparision
This weekend was the Community College Cyber Defense competition at Iowa State University. I had ...
Read MoreProxmark 3, now with more Android
It's no secret; I'm a fan of the Proxmark 3 RFID testing board. It's a device straight out of the ...
Read More[Honeypot Alert] SQL Injection Scanning Targeting Joomla Plugins
The following SQL Injection attack payloads targeting Joomla components were identified in our web ...
Read MoreThe Return of SpiderLabs Radio: Now with Space Rogue
The SpiderLabs podcast known as SpiderLabs Radio has gone through many different formats over the ...
Read MoreAn Analysis of a Fake Vodafone Bill PDF File
We haven't come across many malicious PDF files recently in our spam traps, so when we found this ...
Read More[Honeypot Alert] User-Agent Field XSS Attacks
Our web honeypots picked up some more XSS attacks today:
Read MoreDetecting Successful XSS Testing with JS Overrides
Do you know when an attacker or security researcher successfully finds a Cross-site Scripting (XSS) ...
Read MoreMicrosoft Patch Tuesday, November 2012 – Lions and Tigers and RCE, Oh My!
I feel some compassion for those system administrators alongthe East Coast of the US this week. Big ...
Read MoreCVE-2012-4969 and the Unnamed Admin Panel
While CVE-2012-4969 isn't new, we are still curious about the various ways this vulnerability can ...
Read MoreMicrosoft Advanced Notification for November 2012 - RCE, Yikes!
Microsoft has released its advance notification for next weeks Patch Tuesday updates.
Read MoreCWE the Vote
It's a nice, sunny day in Cleveland, my friends. Tonight, after the votes are counted, including my ...
Read MoreIntroducing Responder-1.0
Responder is a multi threaded tool that answers to IPv4 LLMNR (Link-local Multicast Name ...
Read MoreTWSL2012-016: Multiple Vulnerabilities in Bitweaver
The Trustwave SpiderLabs team has published a new advisory for multiple vulnerabilities in ...
Read MoreWorm Propagates Through Skype Messages
For the past week, we've received a lot of reports of a worm that propagates through Skype known as ...
Read MoremDNS - Telling the world about you (and your device)
Luiz Eduardo ( @effffn) and Rodrigo Montoro ( @spookerlabs ) have presented "Mobile Snitch -Devices ...
Read MoreMicrosoft Patch Tuesday, October 2012 – Legend of Zelda Edition
Hope you enjoyed last months light patch Tuesday with only two bulletins as this month we are right ...
Read MoreMicrosoft Advanced Notification for October 2012 – Lync, SQL, Headache
Microsoft has released its Advanced Notification for October 2012. After last months release of ...
Read MoreThe Grey Line Between Feature and Vulnerability, iOS edition
I do a lot of Mobile Application Penetration testing for some of our largest clients. Mobile is the ...
Read MoreTrustwave Re-Certified as an Approved Scanning Vendor by PCI SSC
Each year Trustwave undergoes a rigorous testing process maintained by the PCI Security Standards ...
Read More