Stolen Laptop Recovery via OSX Trap Partition
My Macbook Air has 2 partitions, one that is my normal everyday partition that is encrypted with ...
Read More
Wham Bam, the Cutwail/Blackhole Combo
Over the past few weeks we have seen a resurgence of malicious spam with links leading off to the ...
Read MoreOops, I pwned your router- Part One
Embedded computing is very much about making a computer as small as possible, yet still being able ...
Read MoreAnalyzing PDF Malware - Part 3B
Down that dusty trail… As the big blue letters above state, this is part 3B of the Analyzing PDF ...
Read MoreeHarmony Password Dump Analysis
Unless you've been hauled up in a bunker, eating MREs and watching Doomsday Preppers marathons, ...
Read MoreI Forgot Your Password
I'm now going into my second year in application security, and as I learn more and more, my ...
Read MoreSecurity Capture the Flag Competitions
Many people look at capture the flag competitions with varying reactions. Some look at them as ways ...
Read MoreFive E-Commerce Security Myths (Part 2)
In part 1 of this series I gave an introduction into how most merchants accept payments and how ...
Read MoreFive E-Commerce Security Myths (Part 1)
Compromises of e-commerce websites are increasingly common. In our 2012 Global Security Report we ...
Read MoreCVSS for Penetration Test Results (Part I)
Trustwave has been adding support for the Common Vulnerability Scoring System (CVSS) in PenTest ...
Read MoreMetasploit = tips, tricks, hashes and tokens
Metasploit is one of the many tools that can be used during a penetration test, and it actually ...
Read MoreInternet Explorer Vulnerabilities Gone Wild
It's a busy time for Internet Explorer: Patch Tuesday addressed quite a few issues in IE, and an ...
Read More[Honeypot Alert] PHP-CGI Vuln Targeted For Database Dumping
Thanks to my SpiderLabs Research colleague @claudijd for collaborating with this analysis.
Read MoreModSecurity and OWASP CRS Updates Available
Security Fix Release: ModSecurity v2.6.6 The ModSecurity Development Team has released version ...
Read MoreUsing Nmap to Screenshot Web Services
As part of Trustwave SpiderLabs network penetration testing team, I perform many internal ...
Read MoreMicrosoft Patch Tuesday: RDP - Keep on Knockin' But You Can't Come In
Another month, another Patch Tuesday. This one has seven bulletins three of which are rated ...
Read MoreIntroducing CryptOMG
CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic implementations. ...
Read MoreThe Return of Zuc.A and and Ancient OSX Viruses?
A few weeks ago I caught a tweet from Chris Wysopal (@WeldPond) noticing how the new version of ...
Read MoreZap(ped) into Foca(s)
An external penetration test isn't just about the network addresses to pwn, but sometimes about the ...
Read MoreDiscussions on Targeted Attacks
Even though targeted attacks performed by groups such as LulzSec and Anonymous has gotten less ...
Read MoreDynamic DAST/WAF Integration: Realtime Virtual Patching
At the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...
Read MoreRogue Certificates Set on Flame
It was only a matter of time before we felt Flame's aftershock. Yesterday morning it finally ...
Read MoreDynamic DAST/WAF Integration: Realtime Virtual Patching
At the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...
Read MoreNow IronSpider - Go hard or Go home, I'm an Ironman!
Probably in the same period I started at Trustwave SpiderLabs I decided to start my training for an ...
Read MoreDefeating Flame String Obfuscation with IDAPython
Like many other security research firms, SpiderLabs Research has been actively investigating the ...
Read MoreiOS Application Security: Review of Top 50 Free iPad Apps [Part 2 of 2]
The View From The Top Isn't Much Better
Read More