Showing 99 results for: 2012 ×Security Research ×

Web Application Defense: Bayesian Attack Analysis

Regular Expressions for Input Validation If your web application defensive strategy against injection attacks relies solely upon the use of blacklist regular expression for input validation, it is only a matter of time before an attacker finds an evasion. Want...

Blackhole Exploit Kit v2

A few days ago a new version of THE most common exploit kit was released. Unlike most exploit kit authors, who try to keep a low profile, the author of Blackhole publishes his work in Russian forums and even writes...

Getting a Start in the Security Industry

This has been a fairly common topic over the last year and I've seen plenty of blog posts and presentations about the subject. For me personally, many just don't cover the information I've found to be essential during my entrance...

The Patsy Proxy: Getting others to do your dirty work

Patsy (slang) - A person easily taken advantage of, cheated, blamed, or ridiculed. My girlfriend (@savagejen) and I will be presenting at Derbycon this year about some research we've done into systems not configured as proxies, but which will pass...

Backward Compatibility Plays to Malware's Hands

Maintaining backward compatibility in software products is hard. Technology evolves on a daily basis, and while it feels "right" to go ahead and ditch the old technology in favor of the new, it sometimes might cause issues, especially when a...

Client-side Payload - The Brazilian Way.

My name is Wendel Guglielmetti Henrique, and I'm a senior security consultant at Trustwave's SpiderLabs. I have over 12 years experience in Information Technology, with the last 7 years dedicated to penetration testing. My recent presentations include RSA Conference 2012...

All Your Password Hints Are Belong to Us

This past weekend I ended up coming into the SpiderLabs office and "nerded out" with my good friend Ryan Reynolds to follow-up on the research we released at DEFCON and BlackHat this year. As some of you may already know,...

Announcing the availability of ModSecurity extension for IIS

This blog post has also been posted on the Microsoft Security Research and Defense site: By: Greg Wroblewski, Microsoft Security Engineering Center Ryan Barnett, Trustwave SpiderLabs Vulnerabilities in on-line services, like cross-site scripting, cross-site request forgery, or even information disclosure,...

Spam Down II: Grum Down

So the media is abuzz with news of the takedown of the Grum botnet, which has caused a big reduction in spam. Make no mistake this is welcome news indeed, and credit to Atif Mushtaq from FireEye for taking action....

Analyzing PDF Malware - Part 3D

Part 3D of a demonstration on analyzing malware embedded within a suspicious PDF document. This finale post of the series illuminates the ultimate goal of the malware and concludes with a discussion on ways to protect yourself from similar attack vectors.

Spam Down: Where is Lethic?

At Trustwave SpiderLabs we keep a close eye on spam trends. We keep and publish a bunch of statistics relating to spam, and last week people were asking me where these were as the old M86 website is phased out....

Analyzing PDF Malware - Part 3C

Part 3C of a demonstration on analyzing malware embedded within a suspicious PDF document. This part specifically deals with dynamic analysis of the discovered shellcode itself within a virtual machine.

Wham Bam, the Cutwail/Blackhole Combo

Over the past few weeks we have seen a resurgence of malicious spam with links leading off to the Blackhole exploit kit. Last week about 2% of spam hitting our traps fell into this category, which is pretty significant given...

Analyzing PDF Malware - Part 3B

Part 3B of a demonstration on analyzing malware embedded within a suspicious PDF document. This part specifically deals with static analysis of discovered shellcode.

MySQL/MariaDB: Trade You a Banana for Root Access?

Summary Over the weekend, an Authentication Bypass Vulnerability for MySQL and MariaDB (CVE-2012-2122) was released by Sergei Golubchik of Monty Program Ab (link). The vulnerability is trivial to exploit and has the potential to expose root user access to the...

The Return of Zuc.A and and Ancient OSX Viruses?

A few weeks ago I caught a tweet from Chris Wysopal (@WeldPond) noticing how the new version of Microsoft Security Essentials had detected the Zuc.A virus on his machine. You might think that's really cool how Microsoft gives away free...