MySQL/MariaDB: Trade You a Banana for Root Access?
Summary
Read MoreThe Return of Zuc.A and and Ancient OSX Viruses?
A few weeks ago I caught a tweet from Chris Wysopal (@WeldPond) noticing how the new version of ...
Read MoreZap(ped) into Foca(s)
An external penetration test isn't just about the network addresses to pwn, but sometimes about the ...
Read MoreDiscussions on Targeted Attacks
Even though targeted attacks performed by groups such as LulzSec and Anonymous has gotten less ...
Read MoreDynamic DAST/WAF Integration: Realtime Virtual Patching
At the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...
Read MoreRogue Certificates Set on Flame
It was only a matter of time before we felt Flame's aftershock. Yesterday morning it finally ...
Read MoreDynamic DAST/WAF Integration: Realtime Virtual Patching
At the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...
Read MoreNow IronSpider - Go hard or Go home, I'm an Ironman!
Probably in the same period I started at Trustwave SpiderLabs I decided to start my training for an ...
Read MoreDefeating Flame String Obfuscation with IDAPython
Like many other security research firms, SpiderLabs Research has been actively investigating the ...
Read MoreiOS Application Security: Review of Top 50 Free iPad Apps [Part 2 of 2]
The View From The Top Isn't Much Better
Read More[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Credit Card Validation Scripts
In our previous blog post "Inside the Attacker's Toolbox: Botnet Web Attack Scripts" we analyzed ...
Read MoreOracle Databases, a Penetration Tester’s View of Unauthorized Access to Customer Records
When penetration-testing you get to see lots of seemingly unbelievable security failures, but ...
Read MorePutting Out the Flame
There's a lot of buzz going around in the security field about a big piece of malware, code named ...
Read MoreSakura Exploit Kit 1.1
Even though it's sometimes easy to forget that there are exploit kits other than BlackHole, other ...
Read MoreReading between the lines: Harvesting Credit Cards from ISO8583-1987 Traffic
Having investigated cardholder data security breaches for a few years now, I have noticed changes ...
Read MoreiOS Application Security: Top 50 Free iPad Apps - The View From The Top Isn’t Much Better [Part 1 of 2]
Hello. I'm Tom Neaves. I recently joined SpiderLabs as a Senior Security Consultant based out of ...
Read MoreConnecting the Dots w/ PenTest Manager
We are evolving how the penetration testing industry reports vulnerabilities. Traditional PDF ...
Read More“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 2 of 5)
This is the second blog in this series of blogs. The previous blog provided a general overview of ...
Read More[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Web Attack Scripts
Have you ever wondered what script/code/tool was behind the automated web attacks that you see in ...
Read MoreToo XXE For My Shirt
Until tonight, I'd never gotten a chance to try an xml external entity (XXE) attack. Earlier, I was ...
Read More“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 4 of 5)
This is the fourth part in a series of blogs. The prior blogs describe the technical details of the ...
Read More“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 1 of 5)
In the next series of blogs we will describe in detail an attack from one of the most sophisticated ...
Read MoreIt Takes Two to Tango (myself, and your unprotected file share)
BananaStand learned from last time (to see last time, go here ). Systems were patched, ACL's were ...
Read MoreBypass Vulnerabilities in Squid and McAfee Web Access Gateway
About two weeks ago, a Brazilian security researcher by the name of Gabriel Menezes Nunes released ...
Read MoreMicrosoft Patch Tuesday: Help Is On The Way!
This may sound a bit odd but "nosteve" who usually gives his take on the patch Tuesday release is ...
Read More