[Honeypot Alert] PHP-CGI Vuln Targeted For Database Dumping
June 19, 2012 | Ryan Barnett
Thanks to my SpiderLabs Research colleague @claudijd for collaborating with ...
ModSecurity and OWASP CRS Updates Available
June 15, 2012 | Ryan Barnett
Security Fix Release: ModSecurity v2.6.6 The ModSecurity Development Team has ...
Using Nmap to Screenshot Web Services
June 14, 2012 | Ryan Linn
As part of Trustwave SpiderLabs network penetration testing team, I perform ...
Microsoft Patch Tuesday: RDP - Keep on Knockin' But You Can't Come In
June 12, 2012
Another month, another Patch Tuesday. This one has seven bulletins three of ...
Introducing CryptOMG
June 12, 2012 | Andrew Jordan
CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic ...
MySQL/MariaDB: Trade You a Banana for Root Access?
June 12, 2012 | Jonathan Claudius
Summary
The Return of Zuc.A and and Ancient OSX Viruses?
June 11, 2012 | Space Rogue
A few weeks ago I caught a tweet from Chris Wysopal (@WeldPond) noticing how ...
Zap(ped) into Foca(s)
June 08, 2012 | Theresa
An external penetration test isn't just about the network addresses to pwn, but ...
Analyzing PDF Malware - Part 3A
June 08, 2012 | Ryan Merritt
When we last left our heroes…
Discussions on Targeted Attacks
June 06, 2012
Even though targeted attacks performed by groups such as LulzSec and Anonymous ...
Dynamic DAST/WAF Integration: Realtime Virtual Patching
June 05, 2012 | Ryan Barnett
At the recent OWASP AppSecDC conference, I presented on this topic. I received ...
Rogue Certificates Set on Flame
June 05, 2012 | Rami Kogan
It was only a matter of time before we felt Flame's aftershock. Yesterday ...
Dynamic DAST/WAF Integration: Realtime Virtual Patching
June 05, 2012 | Ryan Barnett
At the recent OWASP AppSecDC conference, I presented on this topic. I received ...
Now IronSpider - Go hard or Go home, I'm an Ironman!
June 04, 2012 | SpiderLabs Researcher
Probably in the same period I started at Trustwave SpiderLabs I decided to ...
Defeating Flame String Obfuscation with IDAPython
June 01, 2012 | Josh Grunzweig
Like many other security research firms, SpiderLabs Research has been actively ...
iOS Application Security: Review of Top 50 Free iPad Apps [Part 2 of 2]
June 01, 2012
The View From The Top Isn't Much Better
[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Credit Card Validation Scripts
May 31, 2012 | Ryan Barnett
In our previous blog post "Inside the Attacker's Toolbox: Botnet Web Attack ...
Oracle Databases, a Penetration Tester’s View of Unauthorized Access to Customer Records
May 31, 2012 | David Kirkpatrick
When penetration-testing you get to see lots of seemingly unbelievable security ...
Putting Out the Flame
May 30, 2012 | SpiderLabs Researcher
There's a lot of buzz going around in the security field about a big piece of ...
Sakura Exploit Kit 1.1
May 29, 2012 | Moshe Basanchig
Even though it's sometimes easy to forget that there are exploit kits other ...
Reading between the lines: Harvesting Credit Cards from ISO8583-1987 Traffic
May 25, 2012 | Solomon Bhala
Having investigated cardholder data security breaches for a few years now, I ...
iOS Application Security: Top 50 Free iPad Apps - The View From The Top Isn’t Much Better [Part 1 of 2]
May 25, 2012
Hello. I'm Tom Neaves. I recently joined SpiderLabs as a Senior Security ...
Connecting the Dots w/ PenTest Manager
May 24, 2012
We are evolving how the penetration testing industry reports vulnerabilities. ...
“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 2 of 5)
May 22, 2012 | SpiderLabs Researcher
This is the second blog in this series of blogs. The previous blog provided a ...
HULK vs. THOR - Application DoS Smackdown
May 18, 2012
SpiderLabs Research Team Contributions from:
[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Web Attack Scripts
May 17, 2012 | Ryan Barnett
Have you ever wondered what script/code/tool was behind the automated web ...
About me, myself and BeEF
May 17, 2012 | Antisnatchor
Hello followers of SpiderLabs Anterior.
Too XXE For My Shirt
May 16, 2012 | Dan Crowley
Until tonight, I'd never gotten a chance to try an xml external entity (XXE) ...