SpiderLabs Blog

How to Get the Most Out of a PenTest

Being a PenTester for Trustwave Spiderlabs, I work with a huge amount of clients ranging from three ...

Stripe-CTF Walkthrough

I had the opportunity to do the Stripe-CTF (Capture The Flag) contest this past week, and enjoyed ...

How Antivirus Saved the Day…Sort of.

Recently, I found myself in a common situation—helping a comrade in our Incident Response division ...

It's a sunny (zero) day for Java

Java exploits have been used for distributing malware for a while. See for example our blog post ...

PTJ Undermines Your Blinky Light Box

So, you just bought that fancy new box with the blinky lights that's supposed to somehow keep you ...

All Your Password Hints Are Belong to Us

This past weekend I ended up coming into the SpiderLabs office and "nerded out" with my good friend ...

DEF CON 20: French Fry, Pizza, or Rotten Apples?

If you currently do a search online for a female's perspective about DEF CON, everything is coming ...

Microsoft Patch Tuesday August 2012 – Staying Alive In Gale Crater

As you install the nine updates that came out of Microsoft this month, five of which are critical ...

Poems from The Palms

SpiderLabs gathered for its annual meeting in Las Vegas recently. Though no poet laureate as people ...

One Factor, Two Factor, Three Factor, More

There has been a lot of talk online today about how Matt Honan, a reporter for Gizmodo, was the ...

Stamping Out Hash Corruption, Like a Boss

Have you ever dumped LM and NTLM password hashes from a Windows system using the registry and never ...

TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow sFlow Analyzer

The SpiderLabs team at Trustwave published a new advisory today, which details four vulnerabilities ...

Announcing the availability of ModSecurity extension for IIS

This blog post has also been posted on the Microsoft Security Research and Defense site: By: Greg ...

PenTest Manager 2.0 - Attack Sequences

Trustwave recently launched PenTest Manager 2.0, a major enhancement of the innovative Trustwave ...

Reducing web application attack surface

For as long as companies rely on web sites to do business with their customers and partners, ...

Spiders are FUN! Party at DEF CON

Hey folks! This week a fair amount of us (15k) are heading to Vegas for Black Hat / BSides / DEF ...

Beyond Apache: ModSecurity for IIS/Nginx is Coming

The Trustwave SpiderLabs Research Team is proud to announce that, through a collaboration with the ...

Spam Down II: Grum Down

So the media is abuzz with news of the takedown of the Grum botnet, which has caused a big ...

Analyzing PDF Malware - Part 3D

Pentesting like an Eastern European

Through SpiderLabs' Incident Response and Penetration Testing services we get a chance to both ...

Spam Down: Where is Lethic?

At Trustwave SpiderLabs we keep a close eye on spam trends. We keep and publish a bunch of ...

Hashcat Per Position Markov Chains

I just wanted to let you guys know about some interesting work Atom has been doing recently with ...

What did the Java applet say to the SWF? Don't leave me alone in this Blackholeee!

Last week as we were analyzing the new version of Blackhole with the new Java exploit ...

Conference tips from your friends at Trustwave SpiderLabs

We are quickly approaching the largest security conference week on the planet. July 25th will start ...

Microsoft Patch Tuesday July 2012 – TLS and Office for Mac?

We have nine bulletins to deal with this month three of which are rated critical. One of those ...

Analyzing PDF Malware - Part 3C

Let me explain, no there is too much, let me sum up… This is part 3C in the ongoing saga of the ...

How much data? Apache, Ubuntu and the Lies of the Logs.

Forensic investigators rely heavily on log file data in order to analyse attacks and draw ...

Apex Secure Coding Considerations

Apex is an on-demand language that extends the Force.com platform by providing the ability to write ...