What did the Java applet say to the SWF? Don't leave me alone in this Blackholeee!

Last week as we were analyzing the new version of Blackhole with the new Java exploit ...

Read More

Conference tips from your friends at Trustwave SpiderLabs

We are quickly approaching the largest security conference week on the planet. July 25th will start ...

Read More

Microsoft Patch Tuesday July 2012 – TLS and Office for Mac?

We have nine bulletins to deal with this month three of which are rated critical. One of those ...

Read More

Analyzing PDF Malware - Part 3C

Let me explain, no there is too much, let me sum up… This is part 3C in the ongoing saga of the ...

Read More

How much data? Apache, Ubuntu and the Lies of the Logs.

Forensic investigators rely heavily on log file data in order to analyse attacks and draw ...

Read More

Apex Secure Coding Considerations

Apex is an on-demand language that extends the Force.com platform by providing the ability to write ...

Read More

Stolen Laptop Recovery via OSX Trap Partition

My Macbook Air has 2 partitions, one that is my normal everyday partition that is encrypted with ...

Read More

Wham Bam, the Cutwail/Blackhole Combo

Over the past few weeks we have seen a resurgence of malicious spam with links leading off to the ...

Read More

Oops, I pwned your router- Part One

Embedded computing is very much about making a computer as small as possible, yet still being able ...

Read More

Analyzing PDF Malware - Part 3B

Down that dusty trail… As the big blue letters above state, this is part 3B of the Analyzing PDF ...

Read More

eHarmony Password Dump Analysis

Unless you've been hauled up in a bunker, eating MREs and watching Doomsday Preppers marathons, ...

Read More

I Forgot Your Password

I'm now going into my second year in application security, and as I learn more and more, my ...

Read More

Security Capture the Flag Competitions

Many people look at capture the flag competitions with varying reactions. Some look at them as ways ...

Read More

Five E-Commerce Security Myths (Part 2)

In part 1 of this series I gave an introduction into how most merchants accept payments and how ...

Read More

Five E-Commerce Security Myths (Part 1)

Compromises of e-commerce websites are increasingly common. In our 2012 Global Security Report we ...

Read More

CVSS for Penetration Test Results (Part I)

Trustwave has been adding support for the Common Vulnerability Scoring System (CVSS) in PenTest ...

Read More

Metasploit = tips, tricks, hashes and tokens

Metasploit is one of the many tools that can be used during a penetration test, and it actually ...

Read More

Internet Explorer Vulnerabilities Gone Wild

It's a busy time for Internet Explorer: Patch Tuesday addressed quite a few issues in IE, and an ...

Read More

[Honeypot Alert] PHP-CGI Vuln Targeted For Database Dumping

Thanks to my SpiderLabs Research colleague @claudijd for collaborating with this analysis.

Read More

ModSecurity and OWASP CRS Updates Available

Security Fix Release: ModSecurity v2.6.6 The ModSecurity Development Team has released version ...

Read More

Using Nmap to Screenshot Web Services

As part of Trustwave SpiderLabs network penetration testing team, I perform many internal ...

Read More

Microsoft Patch Tuesday: RDP - Keep on Knockin' But You Can't Come In

Another month, another Patch Tuesday. This one has seven bulletins three of which are rated ...

Read More

Introducing CryptOMG

CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic implementations. ...

Read More

MySQL/MariaDB: Trade You a Banana for Root Access?

Summary

Read More

The Return of Zuc.A and and Ancient OSX Viruses?

A few weeks ago I caught a tweet from Chris Wysopal (@WeldPond) noticing how the new version of ...

Read More

Zap(ped) into Foca(s)

An external penetration test isn't just about the network addresses to pwn, but sometimes about the ...

Read More

Analyzing PDF Malware - Part 3A

When we last left our heroes…

Read More

Discussions on Targeted Attacks

Even though targeted attacks performed by groups such as LulzSec and Anonymous has gotten less ...

Read More