PenTesting: From Low Risk Issues to Sensitive Data Compromising
Yes, I imagine you are probably tired to see blog posts about "real-world" PenTesting, people ...
Read MoreMicrosoft Advanced Notification for September 2012 - Bad News, Good News
Microsoft has released its Advanced Notification for September 2012. The bad news is that there are ...
Read MoreGetting a Start in the Security Industry
This has been a fairly common topic over the last year and I've seen plenty of blog posts and ...
Read MoreHackers and Media Hype: Big Hacks that Never Really Happened
If you combine the dictionary definitions for 'media' and 'hype' you come up with "A means of ...
Read MoreCryptOMG Walkthrough - Challenge 1
It has been about 3 months since CryptOMG was released and I will start going through the ...
Read MorePhishing Evolves: Rogue IVRs
As someone who's worked in the financial industry for years, I'm fascinated by methods used by ...
Read MoreThe Patsy Proxy: Getting others to do your dirty work
Patsy (slang) - A person easily taken advantage of, cheated, blamed, or ridiculed. My girlfriend ...
Read MoreClient-side Payload - The Brazilian Way.
My name is Wendel Guglielmetti Henrique, and I'm a senior security consultant at Trustwave's ...
Read MoreTWSL2012-019: Cross-Site Scripting Vulnerability in Support Incident Tracker
Trustwave SpiderLabs has published a new advisory today for a Cross-Site Scripting vulnerability ...
Read MoreBackward Compatibility Plays to Malware’s Hands
Maintaining backward compatibility in software products is hard. Technology evolves on a daily ...
Read MoreHow to Get the Most Out of a PenTest
Being a PenTester for Trustwave Spiderlabs, I work with a huge amount of clients ranging from three ...
Read MoreStripe-CTF Walkthrough
I had the opportunity to do the Stripe-CTF (Capture The Flag) contest this past week, and enjoyed ...
Read MoreHow Antivirus Saved the Day…Sort of.
Recently, I found myself in a common situation—helping a comrade in our Incident Response division ...
Read MoreIt's a sunny (zero) day for Java
Java exploits have been used for distributing malware for a while. See for example our blog post ...
Read MorePTJ Undermines Your Blinky Light Box
So, you just bought that fancy new box with the blinky lights that's supposed to somehow keep you ...
Read MoreAll Your Password Hints Are Belong to Us
This past weekend I ended up coming into the SpiderLabs office and "nerded out" with my good friend ...
Read MoreDEF CON 20: French Fry, Pizza, or Rotten Apples?
If you currently do a search online for a female's perspective about DEF CON, everything is coming ...
Read MoreMicrosoft Patch Tuesday August 2012 – Staying Alive In Gale Crater
As you install the nine updates that came out of Microsoft this month, five of which are critical ...
Read MorePoems from The Palms
SpiderLabs gathered for its annual meeting in Las Vegas recently. Though no poet laureate as people ...
Read MoreOne Factor, Two Factor, Three Factor, More
There has been a lot of talk online today about how Matt Honan, a reporter for Gizmodo, was the ...
Read MoreStamping Out Hash Corruption, Like a Boss
Have you ever dumped LM and NTLM password hashes from a Windows system using the registry and never ...
Read MoreTWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow sFlow Analyzer
The SpiderLabs team at Trustwave published a new advisory today, which details four vulnerabilities ...
Read MoreAnnouncing the availability of ModSecurity extension for IIS
This blog post has also been posted on the Microsoft Security Research and Defense site: By: Greg ...
Read MorePenTest Manager 2.0 - Attack Sequences
Trustwave recently launched PenTest Manager 2.0, a major enhancement of the innovative Trustwave ...
Read MoreReducing web application attack surface
For as long as companies rely on web sites to do business with their customers and partners, ...
Read MoreSpiders are FUN! Party at DEF CON
Hey folks! This week a fair amount of us (15k) are heading to Vegas for Black Hat / BSides / DEF ...
Read MoreBeyond Apache: ModSecurity for IIS/Nginx is Coming
The Trustwave SpiderLabs Research Team is proud to announce that, through a collaboration with the ...
Read More