OWASP Virtual Patching Survey Results

In a previous blog post, we issued a call for assistance to help OWASP with a virtual patching ...

Read More

Detecting Brazilian Banking Trojans with Snort http_inspect

If you take a look at malware samples down here in Brazil, probably in most of Latin America they ...

Read More

Virtual Patch for Movable Types XSS (CVE 2012-1262)

My SpiderLabs Research colleague Jonathan Claudius recently identified an XSS flaw in the Movable ...

Read More

PIG - Finding Your Target Without Saying a Word

You see blogs, talks, presentations, and tutorials on how to break into boxes all the time. These ...

Read More

SpiderLabs Threat Intelligence Program

So a lot of people have been asking me "What do you do at Trustwave?" and I tell them I am the ...

Read More

[Honeypot Alert] phpMyAdmin Code Injection Attacks for Botnet Recruitment

Our web honeypots picked up the following attacks today:

Read More

#TWContest: And the winner of the @Trustwave @SpiderLabs 2012 Global Security Report contest is...

Here is a summary of the questions and answers:

Read More

#TWContest: One in how many organizations use insecure remote access...

The question was… "One in how many organizations use insecure remote access solutions as seen ...

Read More

Call for Assistance: OWASP Virtual Patching Survey

Identification of web application vulnerabilities is only half the battle with remediation efforts ...

Read More

#TWContest: The two main motivations for web-based attacks are...

On Thursday we posted our sixth question of the Trustwave 2012 Global Security Report Twitter ...

Read More

Trustwave SpiderLabs: My First Nine Days

So as some of you may have heard I now work at Trustwave for their SpiderLabs group headed up by ...

Read More

#TWContest: The correct data aggregation technique is...

On Tuesday we posted our fifth question of the Trustwave 2012 Global Security Report Twitter ...

Read More

Patch Tuesday, Feb 2012: What I did this Valentine's Day

Read More

Top Ten Web Protection Techniques of 2011

Top Ten Web Hacking Techniques of 2011 Every year the web security community votes on the top web ...

Read More

#TWContest: The top 'origin' of attack is...

The question was… "What was the top "origin" of attack as seen through Trustwave SpiderLabs ...

Read More

Common Attack Methodologies Identified in European Customers

As you may have heard, Trustwave SpiderLabs released our Global Security Report (GSR) 2012 Report, ...

Read More

#TWContest: The 7th most popular password is...

On Friday we posted our third question of the Trustwave 2012 Global Security Report Twitter ...

Read More

#TWContest: The industry that ranked third is...

On Thursday we posted our second question of the Trustwave 2012 Global Security Report Twitter ...

Read More

#TWContest: 1 out of every ~800 devices on the Internet is vulnerable to…

On Tuesday we posted our first question of the Trustwave 2012 Global Security Report Twitter ...

Read More

WASC Distributed Web Honeypots Project Update

As the WASC Distributed Web Honeypots Project Sponsor, we are excited to announce that we have ...

Read More

[Honeypot Alert] Status Report for January 2012

Monthly Web Honeypot Status Report We have received a tremendous amount of positive feedback on our ...

Read More

Clarifying The Trustwave CA Policy Update

We've seen a number of comments and questions on Twitter regarding a recent Trustwave CA Policy ...

Read More

Death to PDF!

SpiderLabs customers are frustrated with PDF reports:

Read More

Island Hopping the SpiderLabs Way

More and more, I find myself having to fight with highly segmented networks and ACL's. As a ...

Read More

HOIC DDoS Analysis and Detection

In a previous blog post, we provided details of a DDoS attack tool called LOIC (Low Orbit Ion ...

Read More

Cuckoo for Cuckoo Box

Cuckoo Sandbox is an automated, open source, malware analysis system that started as a Google ...

Read More

TWSL2012-002: Multiple Vulnerabilities in WordPress

Trustwave SpiderLabs has published a new advisory today for multiple vulnerabilities discovered in ...

Read More

On Null Byte Poisoning and XPath Injection

Recently I released a tool called XMLmao, a configurable testbed for learning to exploit XPath ...

Read More