Showing 60 results for: Tools ×

CryptOMG Walkthrough - Challenge 1

It has been about 3 months since CryptOMG was released and I will start going through the challenges one-by-one. CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic implementations. It is available for free on the SpiderLabs Github. The...

Client-side Payload - The Brazilian Way.

My name is Wendel Guglielmetti Henrique, and I'm a senior security consultant at Trustwave's SpiderLabs. I have over 12 years experience in Information Technology, with the last 7 years dedicated to penetration testing. My recent presentations include RSA Conference 2012...

All Your Password Hints Are Belong to Us

This past weekend I ended up coming into the SpiderLabs office and "nerded out" with my good friend Ryan Reynolds to follow-up on the research we released at DEFCON and BlackHat this year. As some of you may already know,...

PenTest Manager 2.0 - Attack Sequences

Trustwave recently launched PenTest Manager 2.0, a major enhancement of the innovative Trustwave reporting tool used by SpiderLabs team member during penetration testing. PenTest Manager 2.0 provides a significant reporting upgrade in the form of Attack Sequences. These allow for...

Pentesting like an Eastern European

Through SpiderLabs' Incident Response (IR) and Penetration Testing services we get a chance to both see 'bad actor' techniques in the field and help our clients test how their security controls will stand up to them. One trend we've seen in our IR engagements is a move away from malicious parties stealing 'data at rest' to targeting it as flows through IT infrastructure. This post gives a general overview of how attackers are targeting dynamic data and elaborates on some of the tools and techniques SpiderLabs use to steal information stored in memory during our penetration tests.

Stolen Laptop Recovery via OSX Trap Partition

My Macbook Air has 2 partitions, one that is my normal everyday partition that is encrypted with FileVault2, and a 2nd partition that has Prey http://preyproject.com/ installed and ready to set my Mac as stolen as soon as it is...

Metasploit => tips, tricks, hashes and tokens

Metasploit is one of the many tools that can be used during a penetration test, and it actually consists of a whole suite of tools, that forms part of a complete attacking framework. Metasploit is not the best tool for...

Using Nmap to Screenshot Web Services

As part of Trustwave SpiderLabs network penetration testing team, I perform many internal penetration tests each year. As part of those tests, we see a lot of web servers. Some of those are internal portals like Sharepoint. Others are non-production...

Introducing CryptOMG

CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic implementations. Cryptography is very easy to do incorrectly, which is pretty apparent throughout the web if you know what to look for. CryptOMG will help train your eye to look...

Zap(ped) into Foca(s)

An external penetration test isn't just about the network addresses to pwn, but sometimes about the web presence that is offered to the world at large. And web presence equals web applications. As a new addition to the SpiderLabs team,...

Defeating Flame String Obfuscation with IDAPython

Like many other security research firms, SpiderLabs Research has been actively investigating the Flame (a.k.a. sKyWIper) malware that was revealed earlier this week. For those unaware of what Flame is, I'll provide a very brief summary. Essentially, Flame is a...

Too XXE For My Shirt

Until tonight, I'd never gotten a chance to try an xml external entity (XXE) attack. Earlier, I was updating XMLmao and XSSmh with the same interface improvements and custom blacklist features already present in SQLol. The idea, eventually, is to...

Bypass Vulnerabilities in Squid and McAfee Web Access Gateway

About two weeks ago, a Brazilian security researcher by the name of Gabriel Menezes Nunes released two URL filter bypass vulnerabilities for both Squid 3.1.9 and McAfee Web Gateway 7.0 (CVE-2012-2213 and CVE-2012-2212 respectively). At a high level, these vulnerabilities...

PenTest Manager: Now with Secure File Transfer

PenTest Manager, the cutting-edge reporting tool created by Trustwave SpiderLabs to manage, track, and report results of penetration tests, has been updated to include secure file transfer to simplify the testing process, where documents and other files need to be...

LIKE, omg!

If you read this blog, you might have seen my earlier post regarding my configurable SQL injection testbed, SQLol. It comes with challenges which I've seen some buzz about. In the latest version, there is a challenge involving use of...

On Null Byte Poisoning and XPath Injection

Recently I released a tool called XMLmao, a configurable testbed for learning to exploit XPath injection flaws, developing new attack techniques for XPath injection flaws or simulating real-world XPath injection scenarios, similar to SQLol. Among other features, it has challenge...

Scripting Metasploit using MSGRPC

While there are many aspects of network pen testers that sets the good testers apart from the bad, three of the critical aspects are time management, data management, and tool mastery. The Metasploit Framework, a tool that is part of...

Introducing SQLol

At the most recent Austin Hackers Association meeting I unveiled a project I've been working on for a couple months now called "SQLol". I was helping a colleague to exploit an SQL injection flaw in the wild with a MySQL...