Showing 19 results for: August 2012 ×

The Patsy Proxy: Getting others to do your dirty work

Patsy (slang) - A person easily taken advantage of, cheated, blamed, or ridiculed. My girlfriend (@savagejen) and I will be presenting at Derbycon this year about some research we've done into systems not configured as proxies, but which will pass...

Phishing Evolves: Rogue IVRs

As someone who's worked in the financial industry for years, I'm fascinated by methods used by phishers to encourage people to part with their money. Most of us can easily recognize and avoid the more obvious and clumsy phishing attacks...

Stripe-CTF Walkthrough

I had the opportunity to do the Stripe-CTF (Capture The Flag) contest this past week, and enjoyed it immensely. Stripe is credit card processing software for developers so it was great to see them organize a second CTF contest. I...

How to Get the Most Out of a PenTest

Being a PenTester for Trustwave Spiderlabs, I work with a huge amount of clients ranging from three employees in a garage, to the who's who of the Fortune 100. Over the past few years, I've done hundreds of PenTests and...

Backward Compatibility Plays to Malware's Hands

Maintaining backward compatibility in software products is hard. Technology evolves on a daily basis, and while it feels "right" to go ahead and ditch the old technology in favor of the new, it sometimes might cause issues, especially when a...

TrustKeeper Scan Engine Update - August 29, 2012

Today marks the next update to the TrustKeeper Scan Engine and as usual, we have been slaving away in the dungeon annihilating new vulnerabilities with sword and shield. This update includes a recent Dell SonicWALL Scrutinizer (also know as Plixer...

WAF Normalization and I18N

Submitted By Breno Silva Pinto and Ryan Barnett WAF Normalization and I18N Web application firewalls must be able to handle Internationaliztion (I18N) and thus properly handle various data encodings including Unicode and UTF-8 in order to prevent not only evasion...

Client-side Payload - The Brazilian Way.

My name is Wendel Guglielmetti Henrique, and I'm a senior security consultant at Trustwave's SpiderLabs. I have over 12 years experience in Information Technology, with the last 7 years dedicated to penetration testing. My recent presentations include RSA Conference 2012...

How Antivirus Saved the Day…Sort of.

Recently, I found myself in a common situation—helping a comrade in our Incident Response division on an ongoing forensic investigation. The information provided was simple, as two pieces of malware were discovered on a point of sale device, and at...

PTJ Undermines Your Blinky Light Box

So, you just bought that fancy new box with the blinky lights that's supposed to somehow keep you safe from the bad guys. While it is true that some of these machines run on unicorn blood and fairy dust, they...

It's a sunny (zero) day for Java

Java exploits have been used for distributing malware for a while. See for example our blog post from last month. Today a new Java 0-day vulnerability has surfaced up. It came with a public PoC armed and ready for exploitation,...

All Your Password Hints Are Belong to Us

This past weekend I ended up coming into the SpiderLabs office and "nerded out" with my good friend Ryan Reynolds to follow-up on the research we released at DEFCON and BlackHat this year. As some of you may already know,...

DEF CON 20: French Fry, Pizza, or Rotten Apples?

If you currently do a search online for a female's perspective about DEF CON, everything is coming up sexual harassment. I've been asked a dozen times about my experiences in the past week alone and I can't say anything overly...

TrustKeeper Scan Engine Update - August 20, 2012

The past couple weeks have been a blur for our entire team as we've been heads down on cranking out vulnerabilities for the TrustKeeper Scan Engine. In fact, we ended up breaking a new internal record for sheer number of...

Poems from The Palms

SpiderLabs gathered for its annual meeting in Las Vegas recently. Though no poet laureate as people don't generally pay for poetry until the author is decomposing, I would like to share the following which was inspired during the event and...

Stamping Out Hash Corruption, Like a Boss

Have you ever dumped LM and NTLM password hashes from a Windows system using the registry and never been able to crack the hashes or pass the hash? If so, maybe this blog post will be of specific interest and/or...

One Factor, Two Factor, Three Factor, More

There has been a lot of talk online today about how Matt Honan, a reporter for Gizmodo, was the victim of a cyber attack that left his iPhone, iPad and even MacBook erased and useless. Matt is placing a lot...