Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Sheepl : Automating People for Red and Blue Tradecraft

Whilst there is a wealth of information out there about how to build environments that can be used for training, offensive tradecraft development and blue team response detection, a vital part of these environments is hard to emulate. A computer...

Decoding Hancitor Malware with Suricata and Lua

Many types of malware send and receive data via HTTP. They may either be sending updates back to their command and control (CnC) centers or they may receive updates. Typically these won't be sent in plain text but rather with...

Simplifying Password Spraying

A short intro to Password Spraying and an introduction to a tool built to simplify it

Using Buildroot for Security Research of IoT and Other Embedded Systems

These days many vendors, like IoT vendors, use Linux running on top of ARM CPU for their embedded solutions. Some of these vendors use a tool called buildroot (https://buildroot.org) to produce a root filesystem for the device. This becomes obvious...

Introducing Burplay, A Burp Extension for Detecting Privilege Escalations

The seventh entry on the most recent OWASP Top 10 release (from 2013, due to the 2017 release candidate being rejected!) is "Missing Function Level Access Control", which is essentially what leads to Privilege Escalation issues. This common vulnerability related...

Cuckoo Linux Subsystem: Some Love for Windows 10

I normally use Linux for my malware analysis lab machine. But, recently, I got interested in the Windows Subsystem for Linux (WSL) and I thought I should give it a try. And so far, I am enjoying the ease of...

Advanced Malware Detection with Suricata Lua Scripting

Normal IDPS signatures using either Snort or Suricata have quite a few options and, if regex is added in, can be very effective and flexible for matching network traffic. However, there are some instances where those options just don't quite...

Airachnid: Web Cache Deception Burp Extender

Introduction Cross-Site Request Forgery (CSRF) attacks are well established and understood, having been in the OWASP top ten for ten years. For those of you not so familiar with this vulnerability, it takes place when a user can be coerced...

Hey Buddy, Can You Spare a Log? Adventures in Log-Based Threat Hunting

Introduction A long time ago, in a blog far, far away (August 1, 2016: Slinging Hash: Speeding Cyber Threat Hunting Methodologies via Hash-Based Searching) I presented how I used hash algorithms to speed up searching large DNS log files. The...

CVE-2017-5521: Bypassing Authentication on NETGEAR Routers

Home routers are the first and sometimes last line of defense for a network. Despite this fact, many manufacturers of home routers fail to properly audit their devices for security issues before releasing them to the market. As security researchers,...

Intercepting SSL And HTTPS Traffic With mitmproxy and SSLsplit

Looking for vulnerabilities in mobile applications and smart home devices presents multiple challenges. One of which is ability to intercept and edit encrypted communication between a device and the server it talks to. Knowing the content of communication is very...

How To Decrypt Ruby SSL Communications with Wireshark

Debugging a program that communicates with a remote endpoint usually involves analyzing the network communications. A common method is capturing the traffic using a packet analyzer tool such as tcpdump or Wireshark. However, this process can be tricky when the...

Alina POS malware 'sparks' off a new variant

Alina is a well-documented family of malware used to scrape Credit Card (CC) data from Point of Sale (POS) software. We published a series of in-depth write-ups on the capabilities Alina possesses as well as the progression of the versions....

Cracking IKE Mission:Improbable (Part3)

Introduction As discussed in parts 1 and 2 of this series, the most common VPN endpoints (responders) found supporting Aggressive Mode negotiation are Cisco devices. However, they are also almost always supported by a second factor authentication mechanism known as...

Responder 2.0 - Owning Windows Networks part 3

Introduction: The power and flexibility of Responder has grown significantly over the past year. Responder is a powerful and easy-to-use tool for penetration testers looking to highlight and exploit weaknesses in a number of popular default network configurations. In this...

CVE-2014-0050: Exploit with Boundaries, Loops without Boundaries

In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and Apache Tomcat Denial-of-Service in detail. The article reviews the vulnerability's technical aspects in depth and includes recommendations that can help administrators defend from future exploitation of this security issue....

Stay Connected


Subscribe

Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.


Trending Topics