Phishing Evolves: Rogue IVRs

As someone who's worked in the financial industry for years, I'm fascinated by methods used by ...

Read More

The Patsy Proxy: Getting others to do your dirty work

Patsy (slang) - A person easily taken advantage of, cheated, blamed, or ridiculed. My girlfriend ...

Read More

Client-side Payload - The Brazilian Way.

My name is Wendel Guglielmetti Henrique, and I'm a senior security consultant at Trustwave's ...

Read More

WAF Normalization and I18N

Submitted By Breno Silva Pinto and Ryan Barnett

Read More

TWSL2012-019: Cross-Site Scripting Vulnerability in Support Incident Tracker

Trustwave SpiderLabs has published a new advisory today for a Cross-Site Scripting vulnerability ...

Read More

Backward Compatibility Plays to Malware’s Hands

Maintaining backward compatibility in software products is hard. Technology evolves on a daily ...

Read More

How to Get the Most Out of a PenTest

Being a PenTester for Trustwave Spiderlabs, I work with a huge amount of clients ranging from three ...

Read More

Stripe-CTF Walkthrough

I had the opportunity to do the Stripe-CTF (Capture The Flag) contest this past week, and enjoyed ...

Read More

How Antivirus Saved the Day…Sort of.

Recently, I found myself in a common situation—helping a comrade in our Incident Response division ...

Read More

It's a sunny (zero) day for Java

Java exploits have been used for distributing malware for a while. See for example our blog post ...

Read More

PTJ Undermines Your Blinky Light Box

So, you just bought that fancy new box with the blinky lights that's supposed to somehow keep you ...

Read More

All Your Password Hints Are Belong to Us

This past weekend I ended up coming into the SpiderLabs office and "nerded out" with my good friend ...

Read More

DEF CON 20: French Fry, Pizza, or Rotten Apples?

If you currently do a search online for a female's perspective about DEF CON, everything is coming ...

Read More

Microsoft Patch Tuesday August 2012 – Staying Alive In Gale Crater

As you install the nine updates that came out of Microsoft this month, five of which are critical ...

Read More

Poems from The Palms

SpiderLabs gathered for its annual meeting in Las Vegas recently. Though no poet laureate as people ...

Read More

One Factor, Two Factor, Three Factor, More

There has been a lot of talk online today about how Matt Honan, a reporter for Gizmodo, was the ...

Read More

Stamping Out Hash Corruption, Like a Boss

Have you ever dumped LM and NTLM password hashes from a Windows system using the registry and never ...

Read More

TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow sFlow Analyzer

The SpiderLabs team at Trustwave published a new advisory today, which details four vulnerabilities ...

Read More

Announcing the availability of ModSecurity extension for IIS

This blog post has also been posted on the Microsoft Security Research and Defense site: By: Greg ...

Read More

PenTest Manager 2.0 - Attack Sequences

Trustwave recently launched PenTest Manager 2.0, a major enhancement of the innovative Trustwave ...

Read More

Reducing web application attack surface

For as long as companies rely on web sites to do business with their customers and partners, ...

Read More

Spiders are FUN! Party at DEF CON

Hey folks! This week a fair amount of us (15k) are heading to Vegas for Black Hat / BSides / DEF ...

Read More

Beyond Apache: ModSecurity for IIS/Nginx is Coming

The Trustwave SpiderLabs Research Team is proud to announce that, through a collaboration with the ...

Read More

Spam Down II: Grum Down

So the media is abuzz with news of the takedown of the Grum botnet, which has caused a big ...

Read More

Analyzing PDF Malware - Part 3D

Read More

Pentesting like an Eastern European

Through SpiderLabs' Incident Response and Penetration Testing services we get a chance to both ...

Read More

Spam Down: Where is Lethic?

At Trustwave SpiderLabs we keep a close eye on spam trends. We keep and publish a bunch of ...

Read More

Hashcat Per Position Markov Chains

I just wanted to let you guys know about some interesting work Atom has been doing recently with ...

Read More