Showing 22 results for: March 2013 ×

SpiderLabs Radio March 29, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue covers OMG DDoS Nukes Take out Net!, Mt Gox, UhnLab and South Korea, Ubuntu Goes to China, Apple kills Yontoo, iRemember, OpWisonsin arrest, Mossad doxed, keystroke recorders invade campuses and...

Cracking IKE Mission:Improbable (Part 1)

All too often during pen tests I still find VPN endpoints configured to allow insecure Aggressive Mode handshakes. Fortunately, gaining access to the internal network as a result of this vulnerability remains a fairly complex task. Hopefully this series of...

Did Grum Really Get Killed?

For several years before July 2012 takedown, Grum was one of the notorious spam botnets and at one time was responsible for more than 30% of spam worldwide. Last year's Grum botnet takedown was a victorious feat by the security...

SpiderLabs Radio March 22, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue covers Korea, teamSpy, Scan all the Things!, Florida, EA Games, Stubenville, Weev, Carbon Credits, Three Apples, Hack Yourself for media, GSA takes the 5th, Impact Wrestling, Soulja Boy, BBC, Poland,...

SpiderLabs Radio March 15, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue covers China, celebs breached, NVD still offline, Krebs SWATed, Reuters reporter indicted, Guccifer returns, CFT over, DPRK claims cyber attack, Zoosk Passwords, GitHub DDoS, Debian wiki, Avast!, Apple enables HTTPS,...

Fresh Coffee Served by CoolEK

As you may already know, the past few months have been problematic to Oracle when it comes to security issues discovered in the popular and notorious Java browser plugin. The latest vulnerability that has been spotted to be exploited in...

Mimicking Attackers: Building Malware for CCDC

This past weekend my fellow coworkers/friends and myself had the opportunity and the privilege to partake in Michigan State's Collegiate Cyber Defense Competition (CCDC). Specifically, we were asked to act as the 'Red Team', which essentially translates into making the...

SpiderLabs Radio March 8, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue covers Pwn2own, Chrome free, Evernote, Apple restricts Flash, Java java java, Bitcoin Theft, prison hack, DDoS hits Praque, US Banks and Raspberry Pi, NBC again and More! Listen to SpiderLabs...

OS Image Wrangling

On most PenTests, alot of research goes into the things you find along the way. You find obscure software and other setups that can be a goldmine if you spend the time to do some research. On a recent test,...

Microsoft Advance Notification for March 2013

First the raw numbers; we have seven bulletins this month, four critical, and three important. There are three Remote Code Executions, two Elevation of Privilege and two Information Disclosures. Two of the patches definitely require a reboot of your machine,...

The Life Cycle of Web Server Botnet Recruitment

This blog post is an excerpt taken from the recently released Global Security Report (GSR) for 2013. Over the course of the past year, my team has monitored and analyzed vast amounts of data within our Web honeypots and shared...

You Injected What? Where?

While harder to detect, there are still some instances of websites exploitable via partially blind SQL injection. For the purposes of this blog we're going to call the website AngryGrrl's Sock Puppets. It sells a variety of sock puppets of...