Dynamic DAST/WAF Integration: Realtime Virtual Patching

At the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...

Read More

Rogue Certificates Set on Flame

It was only a matter of time before we felt Flame's aftershock. Yesterday morning it finally ...

Read More

Dynamic DAST/WAF Integration: Realtime Virtual Patching

At the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...

Read More

Now IronSpider - Go hard or Go home, I'm an Ironman!

Probably in the same period I started at Trustwave SpiderLabs I decided to start my training for an ...

Read More

Defeating Flame String Obfuscation with IDAPython

Like many other security research firms, SpiderLabs Research has been actively investigating the ...

Read More

iOS Application Security: Review of Top 50 Free iPad Apps [Part 2 of 2]

The View From The Top Isn't Much Better

Read More

[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Credit Card Validation Scripts

In our previous blog post "Inside the Attacker's Toolbox: Botnet Web Attack Scripts" we analyzed ...

Read More

Oracle Databases, a Penetration Tester’s View of Unauthorized Access to Customer Records

When penetration-testing you get to see lots of seemingly unbelievable security failures, but ...

Read More

Putting Out the Flame

There's a lot of buzz going around in the security field about a big piece of malware, code named ...

Read More

Sakura Exploit Kit 1.1

Even though it's sometimes easy to forget that there are exploit kits other than BlackHole, other ...

Read More

Reading between the lines: Harvesting Credit Cards from ISO8583-1987 Traffic

Having investigated cardholder data security breaches for a few years now, I have noticed changes ...

Read More

iOS Application Security: Top 50 Free iPad Apps - The View From The Top Isn’t Much Better [Part 1 of 2]

Hello. I'm Tom Neaves. I recently joined SpiderLabs as a Senior Security Consultant based out of ...

Read More

Connecting the Dots w/ PenTest Manager

We are evolving how the penetration testing industry reports vulnerabilities. Traditional PDF ...

Read More

“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 2 of 5)

This is the second blog in this series of blogs. The previous blog provided a general overview of ...

Read More

HULK vs. THOR - Application DoS Smackdown

SpiderLabs Research Team Contributions from:

Read More

[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Web Attack Scripts

Have you ever wondered what script/code/tool was behind the automated web attacks that you see in ...

Read More

About me, myself and BeEF

Hello followers of SpiderLabs Anterior.

Read More

Too XXE For My Shirt

Until tonight, I'd never gotten a chance to try an xml external entity (XXE) attack. Earlier, I was ...

Read More

“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 4 of 5)

This is the fourth part in a series of blogs. The prior blogs describe the technical details of the ...

Read More

“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 1 of 5)

In the next series of blogs we will describe in detail an attack from one of the most sophisticated ...

Read More

It Takes Two to Tango (myself, and your unprotected file share)

BananaStand learned from last time (to see last time, go here ). Systems were patched, ACL's were ...

Read More

Bypass Vulnerabilities in Squid and McAfee Web Access Gateway

About two weeks ago, a Brazilian security researcher by the name of Gabriel Menezes Nunes released ...

Read More

Microsoft Patch Tuesday: Help Is On The Way!

This may sound a bit odd but "nosteve" who usually gives his take on the patch Tuesday release is ...

Read More

THOTCON 0x3 - Hacker Brew Contest

This year's instantiation of the THOTCON hacking conference issued a unique challenge:

Read More

TWSL2012-004: Multiple Vulnerabilities in Zen Cart

The SpiderLabs team at Trustwave published a new advisory yesterday, which details multiple ...

Read More

PHP-CGI Exploitation by Example

Late last week, a vulnerability in PHP-CGI was disclosed, which allows all sorts of bad for folks ...

Read More

[Honeypot Alert] (UPDATE) Active Exploit Attempts for PHP-CGI Vuln

UPDATE - we have received more exploit attempt details from web hosting provider DreamHost. Thanks ...

Read More

A Wild Exploit Kit Appears... Meet RedKit

During our research we have recently encountered a new private exploit kit. The developers behind ...

Read More