SpiderLabs Blog

Hunting For Integer Overflows In Web Servers

Allow me to set the scene and start proceedings off with a definition of an integer overflow, ...

Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients

This is another one of those blog posts from me about how I independently carried out some security ...

(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths

When I’m carrying out security research into a thing, I generally don’t like to Google prior ...

Hidden Data Exfiltration Using Time, Literally

I was looking at my watch last week and my attention was moved towards the seconds over at the ...

SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames

From Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings

I've been pentesting applications for nearly two decades now and throughout that time you get to ...

Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining

As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all ...

From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

For those wondering what GraphQL is…

When User Impersonation Features In Applications Go Bad

A user impersonation feature typically allows a privileged user, such as an administrator, but ...

Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style

I feel I need to clarify, for legal reasons, that this is nothing to do with any Harry Potter game. ...

CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd

A little bit of background for those not familiar with chfn…

From Creative Password Hashes to Administrator: Gone in 60 Seconds (Or Thereabouts)

Picture the scene, you’re on an application penetration test (as a normal user) and you’ve managed ...

Reversing (and Recreating) Cryptographic Secrets Found in .NET Assemblies Using Python

Picture the scene - you’re on a penetration test, somehow you’ve got hold of a bunch of .NET ...