OWASP Virtual Patching Survey Results
In a previous blog post, we issued a call for assistance to help OWASP with a virtual patching ...
Read More
Detecting Brazilian Banking Trojans with Snort http_inspect
If you take a look at malware samples down here in Brazil, probably in most of Latin America they ...
Read MoreVirtual Patch for Movable Types XSS (CVE 2012-1262)
My SpiderLabs Research colleague Jonathan Claudius recently identified an XSS flaw in the Movable ...
Read MorePIG - Finding Your Target Without Saying a Word
You see blogs, talks, presentations, and tutorials on how to break into boxes all the time. These ...
Read MoreSpiderLabs Threat Intelligence Program
So a lot of people have been asking me "What do you do at Trustwave?" and I tell them I am the ...
Read More[Honeypot Alert] phpMyAdmin Code Injection Attacks for Botnet Recruitment
Our web honeypots picked up the following attacks today:
Read More#TWContest: And the winner of the @Trustwave @SpiderLabs 2012 Global Security Report contest is...
Here is a summary of the questions and answers:
Read More#TWContest: One in how many organizations use insecure remote access...
The question was… "One in how many organizations use insecure remote access solutions as seen ...
Read MoreCall for Assistance: OWASP Virtual Patching Survey
Identification of web application vulnerabilities is only half the battle with remediation efforts ...
Read More#TWContest: The two main motivations for web-based attacks are...
On Thursday we posted our sixth question of the Trustwave 2012 Global Security Report Twitter ...
Read MoreTrustwave SpiderLabs: My First Nine Days
So as some of you may have heard I now work at Trustwave for their SpiderLabs group headed up by ...
Read More#TWContest: The correct data aggregation technique is...
On Tuesday we posted our fifth question of the Trustwave 2012 Global Security Report Twitter ...
Read MoreTop Ten Web Protection Techniques of 2011
Top Ten Web Hacking Techniques of 2011 Every year the web security community votes on the top web ...
Read More#TWContest: The top 'origin' of attack is...
The question was… "What was the top "origin" of attack as seen through Trustwave SpiderLabs ...
Read MoreCommon Attack Methodologies Identified in European Customers
As you may have heard, Trustwave SpiderLabs released our Global Security Report (GSR) 2012 Report, ...
Read More#TWContest: The 7th most popular password is...
On Friday we posted our third question of the Trustwave 2012 Global Security Report Twitter ...
Read More#TWContest: The industry that ranked third is...
On Thursday we posted our second question of the Trustwave 2012 Global Security Report Twitter ...
Read More#TWContest: 1 out of every ~800 devices on the Internet is vulnerable to…
On Tuesday we posted our first question of the Trustwave 2012 Global Security Report Twitter ...
Read MoreWASC Distributed Web Honeypots Project Update
As the WASC Distributed Web Honeypots Project Sponsor, we are excited to announce that we have ...
Read More[Honeypot Alert] Status Report for January 2012
Monthly Web Honeypot Status Report We have received a tremendous amount of positive feedback on our ...
Read MoreClarifying The Trustwave CA Policy Update
We've seen a number of comments and questions on Twitter regarding a recent Trustwave CA Policy ...
Read MoreIsland Hopping the SpiderLabs Way
More and more, I find myself having to fight with highly segmented networks and ACL's. As a ...
Read MoreHOIC DDoS Analysis and Detection
In a previous blog post, we provided details of a DDoS attack tool called LOIC (Low Orbit Ion ...
Read MoreCuckoo for Cuckoo Box
Cuckoo Sandbox is an automated, open source, malware analysis system that started as a Google ...
Read MoreTWSL2012-002: Multiple Vulnerabilities in WordPress
Trustwave SpiderLabs has published a new advisory today for multiple vulnerabilities discovered in ...
Read MoreOn Null Byte Poisoning and XPath Injection
Recently I released a tool called XMLmao, a configurable testbed for learning to exploit XPath ...
Read More