Showing 22 results for: July 2012 ×

PenTest Manager 2.0 - Attack Sequences

Trustwave recently launched PenTest Manager 2.0, a major enhancement of the innovative Trustwave reporting tool used by SpiderLabs team member during penetration testing. PenTest Manager 2.0 provides a significant reporting upgrade in the form of Attack Sequences. These allow for...

Announcing the availability of ModSecurity extension for IIS

This blog post has also been posted on the Microsoft Security Research and Defense site: By: Greg Wroblewski, Microsoft Security Engineering Center Ryan Barnett, Trustwave SpiderLabs Vulnerabilities in on-line services, like cross-site scripting, cross-site request forgery, or even information disclosure,...

Spiders are FUN! Party at DEF CON

Hey folks! This week a fair ammount of us (15k) are heading to Vegas for Black Hat / BSides / DEF CON. This year SpiderLabs is having their Party to celebrate the year! Open Bar, and DJ's, and a special...

Reducing web application attack surface

For as long as companies rely on web sites to do business with their customers and partners, attackers will keep targeting these web applications searching for new (and old) vulnerabilities and trying to exploit them. Reducing the attack surface has...

Spam Down II: Grum Down

So the media is abuzz with news of the takedown of the Grum botnet, which has caused a big reduction in spam. Make no mistake this is welcome news indeed, and credit to Atif Mushtaq from FireEye for taking action....

Beyond Apache: ModSecurity for IIS/Nginx is Coming

The Trustwave SpiderLabs Research Team is proud to announce that, through a collaboration with the Microsoft Security Response Center (MSRC) Team and community member Alan Silva (@AlanJumpi), we will be releasing ModSecurity versions for both the Microsoft Internet Information Services...

Analyzing PDF Malware - Part 3D

Part 3D of a demonstration on analyzing malware embedded within a suspicious PDF document. This finale post of the series illuminates the ultimate goal of the malware and concludes with a discussion on ways to protect yourself from similar attack vectors.

Pentesting like an Eastern European

Through SpiderLabs' Incident Response (IR) and Penetration Testing services we get a chance to both see 'bad actor' techniques in the field and help our clients test how their security controls will stand up to them. One trend we've seen in our IR engagements is a move away from malicious parties stealing 'data at rest' to targeting it as flows through IT infrastructure. This post gives a general overview of how attackers are targeting dynamic data and elaborates on some of the tools and techniques SpiderLabs use to steal information stored in memory during our penetration tests.

Hashcat Per Position Markov Chains

I just wanted to let you guys know about some interesting work Atom has been doing recently with Hashcat, more specifically their implementation of Markov chains. The Markov model is a mathematical system that has had numerous uses and variations...

Spam Down: Where is Lethic?

At Trustwave SpiderLabs we keep a close eye on spam trends. We keep and publish a bunch of statistics relating to spam, and last week people were asking me where these were as the old M86 website is phased out....

TrustKeeper Scan Engine Update - July 12, 2012

The latest update to the TrustKeeper scan engine has been released. This update includes a lot of under-the-hood work for core protocol libraries such as SSL, SNMP, Kerberos and SSH. These improvements allow the scan engine to be more efficient...

How much data? Apache, Ubuntu and the Lies of the Logs.

Forensic investigators rely heavily on log file data in order to analyse attacks and draw conclusions regarding attacker actions. However, this blog post shows that we don't just have to worry about attackers trying to cover their tracks by destroying logs; Linux distributions themselves mess about with log file formats in a misleading manner and further thwart investigations.

Analyzing PDF Malware - Part 3C

Part 3C of a demonstration on analyzing malware embedded within a suspicious PDF document. This part specifically deals with dynamic analysis of the discovered shellcode itself within a virtual machine.

Stolen Laptop Recovery via OSX Trap Partition

My Macbook Air has 2 partitions, one that is my normal everyday partition that is encrypted with FileVault2, and a 2nd partition that has Prey http://preyproject.com/ installed and ready to set my Mac as stolen as soon as it is...

Apex Secure Coding Considerations

Apex is an on-demand language that extends the Force.com platform by providing the ability to write applications that run on salesforce.com servers. Unlike other general-purpose languages such as C# or Java which can be used to build many different types...