Showing 23 results for: January 2013 ×

SpiderLabs Radio January 25, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue covers the redirect of MIT.edu, Quebec College expeling a student after he found a security vulnerability. Barracuddaa, GitHub becomes a password repository, MEGA's bad crypto, Siemens added to John the...

Owning Windows Networks with Responder 1.7

A lot has been happening with Responder lately! Everything is still written in pure python for portability's sake, there's no need to install any third-party libraries. For starters, Responder is a passive credentials gathering tool. It listens for specific NBT-NS...

TrustKeeper Scan Engine Update - January 23, 2013

The latest update to the TrustKeeper Scan Engine is now available! This update includes coverage for over 30 vulnerabilities for products such as Apache Tomcat, Microsoft Windows, ASP.Net, and Atlassian Jira as well as many under the hood improvments to...

SpiderLabs Crypto Contest - Winner!

We have a winner! @TimoHirvonen Congratulations Timo! His gift will be a Trustwave Spiderlabs goodie package which includes a Trustwave cinchpack, the latest Spiderlabs tshirt, several stickers, a Throwing Star LAN Tap, and an exclusive Spiderlabs challenge coin. There were...

Defeating AES without a PhD

"Cryptography is typically bypassed, not penetrated." – Adi Shamir FAITH IN THE ARCANE When I tell a developer that I broke their cryptosystem, there's usually a pregnant pause in the conversation where they take it in, like a young child...

Q&A w/ SpiderLabs Research: Java 0day CVE-2013-0422

Q: What's going on? People are talking about some Java 0day which threatens the whole world… Bring me up to speed, now! A: About a week ago, an independent researcher has reported a previously unknown (0day) Java vulnerability being used...

TrustKeeper Scan Engine Update - January 16, 2013

Last week marked the release of the first update to the TrustKeeper scan engine of 2013. To ring in the new year, we included tests for almost 50 new vulnerabilities, including many recent ones in IBM WebSphere Application Server and...

Microsoft Patch Tuesday, January 2013 - Part II

It's now official, there is another bulletin (MS13-008) release for the month of January and affected Microsoft Windows users should be expecting a out-band security patch soon. This out-of-band security patch fixes one memory corruption vulnerability discovered in Internet Explorer...

SpiderLabs Radio January 11, 2013 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers Ruby, Java, and Fox-It 0-days. Cracked99 Goes to Jail, Multiple Arrests and Sentencing, DDoS on Banks NOT from Iran, Anonymous wants Free Speech,...

First Java 0day For The Year 2013

Today @Kafeine was the first to announce the new Java 0day. This 0day allows an attacker to execute malicious code on any desktop with Java 1.7 u10 (or prior) installed – which is the latest version from Oracle. After some...

SpiderLabs Crypto Contest - Hints

This is a post for those attempting to solve the Crypto contest I introduced a couple weeks ago. There are quite a few people wracking their brains on it so I decided to give some hints. It's difficult to describe...

Dissecting a CVE-2012-4792 Payload

A little while ago I was fortunate enough to get ahold of a sample that was dropped on a system after it was infected via the exploit outlined in CVE-2012-4792. For those that may not have heard, this CVE has...

SpiderLabs Radio January 04, 2013 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers new developments around the Microsoft 0-day, Poke and SnapChat leaking pics, banks and War Z under DDoS, Cracking the Gauss payload, Canada and...

Microsoft Advance Notification for January 2013

If you were hoping for a nice relaxing Patch Tuesday after the holidays, well, sorry to disappoint you. Microsoft will be issuing seven new bulletins next week, two of them are rated as 'Critical'. Both critical bulletins can result in...

Photobucket: An Identity Thief's Playground

Photobucket is a popular social media site that acts as gallery and cloud storage for user photos. Users can upload photos and arrange them into individual galleries or simply leave everything unsorted in one large library. Adding support for smartphones...