Showing 28 results for: June 2013 ×

SpiderLabs Radio June 28, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and covers Snowden says NSA Attacked Beijing, Stuxnet leak Found?, More Bad Apps in Google Play, Mobile fake AV, Blizzard Shuts Down Mobile,...

Corporate Passwords Part 1

With the vast amount of research and content that was done by SpiderLabs for the Global Security Report, it made it impractical to include all of the content that was written for this year's password study. But instead of letting...

Physical Address Strangeness in Spam

Ten years ago, Congress passed the "CAN-SPAM Act" (also known as the You-CAN-SPAM Act, since it defined legal spam and supersedes any stricter state antispam laws). One of the provisions of the act is that there must be a legitimate...

Digging Into the New Apache Injection Module

I recently got a chance to dig into a couple variants of the new Apache injection module that Sucuri recently discovered (check out their nice write-up here). Unfortunately this thing still doesn't have a cool whiz-bang name like most of...

Old Exploits Still Do the Trick

We are all aware that patching is very important. Many websites, however, take the risk of not updating their software for various reasons: it requires manual modifications, adjustment of the current code to work with the changes, the layout gets...

Welcome to the Spider’s Lair

"Will you step into my parlor?" said the spider to the fly; "'Tis the prettiest little parlor that ever you did spy. The way into my parlor is up a winding stair, And I have many pretty things to show...

Debugging Android Libraries using IDA

During a recent test, I encountered a native JNI library used by an Android application. I needed to understand this library and what it did, so the first step was to load the library in IDA to see what it...

SpiderLabs Radio June 21, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and covers Microsoft Bug Bounty, ZamFoo, DNS Cyberattack? Nope, Bad Pigs, Guccifer Cyber Hotline, Vet CISSP Scholarship, G8, OpPetrol Dud, Carberp For Sale,...

The Problem With Networks .....

Where do I start with this open-ended statement? I guess from a pen testing perspective, quite a lot. Internal pen test results tend to open up a can of worms for a company. There you are, managing your network, covering...

CBC-R: It's not just for padding oracles!

This is the short, technical version of a technique that I'll be writing more about in a few days. This blog post is geared towards readers already familiar with current topics in cryptanalysis. In Rizzo and Duong's paper on practical...

Sometimes, The PenTest Gods Shine On You

Settling down for a hacking session usually means lots of hard work and a long grind towards target data. You've got to juggle a large stack of systems and testing constraints, all while learning about the environment from the ground...

SpiderLabs Radio June 14, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and covers The Office of Tailored Access Operations, CyberWar Target List, Researchers Complain about B54, 10yrs for defacement, 7yrs for Piracy, Bug Bounty...

TWSL2013-006: Cross-Site Scripting Vulnerability in Coldbox

Trustwave SpiderLabs has published a new advisory yesterday for a reflective cross-site scripting vulnerability discovered in Coldbox, which is developed by Ortus Solutions. Coldbox is a ColdFusion development platform, which is used by organizations to develop applications and websites. In...