From Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings
I've been pentesting applications for nearly two decades now and throughout that time you get to ...
Read MoreI've been pentesting applications for nearly two decades now and throughout that time you get to ...
Read MoreUpdate - June 16, 2023: The second vulnerability mentioned in the June 12 update now has an ...
Read MoreAs is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all ...
Read MoreInformation disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability ...
Read MoreOver the past few days, we have seen phishing attacks that use a combination of compromised ...
Read MoreFor those wondering what GraphQL is…
Read MoreA user impersonation feature typically allows a privileged user, such as an administrator, but ...
Read MoreI feel I need to clarify, for legal reasons, that this is nothing to do with any Harry Potter game. ...
Read MoreIgnoring the little stuff is never a good idea. Anyone who has pretended that the small noise their ...
Read MoreSecurity best practice guidelines always call for changing default passwords as any password left ...
Read MoreTowards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability ...
Read MoreA little bit of background for those not familiar with chfn…
Read MoreIn early March, one of the notorious botnets, Emotet, resumed its spamming activities after a ...
Read MoreTrustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets ...
Read MoreOverview On March 29, a massive supply chain compromise in 3CX software resulted in malware being ...
Read MoreThe Trustwave SpiderLabs research team has been tracking a new threat group calling itself ...
Read MoreTax season is a busy time of year for taxpayers and threat actors. Consumers and businesses focus ...
Read MoreSince it was first released to the public late last year, ChatGPT has successfully captured the ...
Read MoreTrustwave SpiderLabs “noted” in Part 1 and Part 2 of our OneNote research that OneNote has been ...
Read MoreIntroduction Threat actors are taking advantage of Microsoft OneNote's ability to embed files and ...
Read MoreIn part one, we examined how threat actors abuse a OneNote document to install an infostealer. Part ...
Read MoreWe’ve now seen a number of different use cases for ChatGPT from marketing, sales, software ...
Read MoreLast October, Trustwave SpiderLabs blogged about the use and prevalence of HTML email attachments ...
Read MoreAn information disclosure vulnerability has been identified in Money Lover, a finance tracking ...
Read MoreDuring a recent penetration test, Trustwave SpiderLabs researchers discovered a weak input ...
Read MoreTrustwave SpiderLabs has found a vulnerability in the Sinilink XY-WFT1 Remote WiFi home Thermostat. ...
Read MoreWith 2022 having just ended, let's take a look back at the year in ransomware. With the average ...
Read MoreAfter Microsoft announced this year that macros from the Internet will be blocked by default in ...
Read More