Showing 177 results for: 2014 ×

Building my own personal password cracking box

Since 2003, I've spent a majority of my workdays hacking systems. I've collected tons of penetration testing tips and tricks and have shared some of them on this blog. As a part of my work as a penetration tester, cracking...

No Country For Old Vulnerabilities

Finding a common cross-site scripting vulnerability in Cisco's new IOS Software Checker Feature. During my normal day-to-day work I interface with a number of websites while researching the details of recently released vulnerabilities. It was a pleasant surprise when one...

Signed Ruby Gems: A c7decrypt walk-through

As someone who's responsible for a number of Ruby projects, both open-source and commercially developed, I'm always on the look out for new ways to improve how they are secured and delivered to end-users. The most common method for delivering...

Alina POS malware "sparks" off a new variant

Alina is a well-documented family of malware used to scrape Credit Card (CC) data from Point of Sale (POS) software. We published a series of in-depth write-ups on the capabilities Alina possesses as well as the progression of the versions....

SpiderLabs Radio for the week of December 8, 2014

In this episode: Last Patch Tuesday of 2014 New POODLEv2 Malware signed with Sony certificate Happy Holidays and Farewell until 2015 We'd love to hear what you think or what you'd like to hear in future episodes. Please feel free...

Microsoft Patch Tuesday, December 2014

December's Microsoft Patch Tuesday is upon us and, hopefully, marks the last batch of bulletins for 2014. Although not as big as November's release, it still clocks in with three Critical and four Important bulletins. Internet Explorer is back with...

SpiderLabs Radio for the week of December 1, 2014

In this episode: The Sony Breach Operation Cleaver We'd love to hear what you think or what you'd like to hear in future episodes. Please feel free to leave comments below! Listen to this and archived episodes on Trustwave SpiderLabs...

Microsoft Advance Notification for December 2014

Microsoft will publish the last scheduled security release of the year on Tuesday, December 9th. This patch Tuesday release will include three bulletins rated "Critical" and four bulletins rated as "Important". Internet Explorer, Office, Exchange, and Windows will all be...

Magnitude Exploit Kit Backend Infrastructure Insight - Part II

Welcome back to another edition of "exposing Magnitude exploit-kit internals"! As already mentioned in our previous posts (1st and 2nd), the back-end infrastructure of this highly prevalent Exploit Kit has been revealed to be pretty exciting from the security research...

SpiderLabs Radio for the week of November 17, 2014

In this episode: The Out of Band Microsoft Kerberos Vulnerability Popular Messaging App WhatsApp Adds End-to-End Encryption Tech Collective to Offer Free Certificate Authority ATT Stops SuperCookie Injection An Update on Tor added Malware: OnionDuke We'd love to hear what...

SpiderLabs Radio for the week of November 10, 2014

In this episode: Microsoft Patch Tuesday discloses critical vulnerabilities DarkHotel targets high level executives The Wirelurker campaign unleashes the Masque attack We'd love to hear what you think or what you'd like to hear in future episodes. Please feel free...

Microsoft Patch Tuesday, November 2014

Compared to previous Microsoft Patch Tuesday's, November's is a pretty big one clocking in at 14 bulletins and nearly 40 individual CVEs. This is about twice the number of bulletins we typically seen month to month. This includes 4 Critical,...