Patch Tuesday, Feb 2012: What I did this Valentine's Day
February 15, 2012 | nosteve
Top Ten Web Protection Techniques of 2011
February 14, 2012 | Ryan Barnett
Top Ten Web Hacking Techniques of 2011 Every year the web security community ...
#TWContest: The top 'origin' of attack is...
February 14, 2012 | SpiderLabs Anterior
The question was… "What was the top "origin" of attack as seen through ...
Common Attack Methodologies Identified in European Customers
February 13, 2012 | Ryan Barnett
As you may have heard, Trustwave SpiderLabs released our Global Security Report ...
#TWContest: The 7th most popular password is...
February 13, 2012 | SpiderLabs Anterior
On Friday we posted our third question of the Trustwave 2012 Global Security ...
#TWContest: The industry that ranked third is...
February 10, 2012 | SpiderLabs Anterior
On Thursday we posted our second question of the Trustwave 2012 Global Security ...
#TWContest: 1 out of every ~800 devices on the Internet is vulnerable to…
February 09, 2012 | SpiderLabs Anterior
On Tuesday we posted our first question of the Trustwave 2012 Global Security ...
WASC Distributed Web Honeypots Project Update
February 08, 2012
As the WASC Distributed Web Honeypots Project Sponsor, we are excited to ...
[Honeypot Alert] Status Report for January 2012
February 06, 2012 | Ryan Barnett
Monthly Web Honeypot Status Report We have received a tremendous amount of ...
Clarifying The Trustwave CA Policy Update
February 04, 2012
We've seen a number of comments and questions on Twitter regarding a recent ...
Death to PDF!
February 03, 2012
SpiderLabs customers are frustrated with PDF reports:
Island Hopping the SpiderLabs Way
February 02, 2012 | Nathan Drier
More and more, I find myself having to fight with highly segmented networks and ...
HOIC DDoS Analysis and Detection
January 27, 2012 | Ryan Barnett
In a previous blog post, we provided details of a DDoS attack tool called LOIC ...
Cuckoo for Cuckoo Box
January 26, 2012 | Ryan Merritt
Cuckoo Sandbox is an automated, open source, malware analysis system that ...
TWSL2012-002: Multiple Vulnerabilities in WordPress
January 24, 2012 | Robert Foggia
Trustwave SpiderLabs has published a new advisory today for multiple ...
On Null Byte Poisoning and XPath Injection
January 23, 2012 | Dan Crowley
Recently I released a tool called XMLmao, a configurable testbed for learning ...
[Honeypot Alert] Simple Page Options Module for Joomla! Local File Inclusion Attack Detected
January 19, 2012 | Ryan Barnett
Our web honeypots generated the following ModSecurity alert today:
Android IRC Bot - This Ain't Your Granny's Android Malware (Or Maybe It Is)
January 18, 2012 | Josh Grunzweig
As I'm sure many of you know, the rise of mobile-based malware has been on the ...
[Honeypot Alert] phpMyAdmin Superglobal Session Manipulation Attack Detected
January 17, 2012 | Ryan Barnett
Our web honeypots have identified attempts to exploit CVE-2011-2505. OSVDB ...
[Honeypot Alert] Is-human Wordpress Plugin Remote Command Execution Attack Detected
January 13, 2012 | Ryan Barnett
Our web honeypot logs picked up an attack aimed at exploiting the Is-human ...
Scripting Metasploit using MSGRPC
January 13, 2012 | Ryan Linn
While there are many aspects of network pen testers that sets the good testers ...
[Honeypot Alert] Extensive 'setup.php' Scanning Detected
January 12, 2012 | Ryan Barnett
The SpiderLabs Research Team has identified an extensive scanning campaign ...
Microsoft Patch Tuesday (January 2012): Media Player and The BEAST
January 10, 2012
The statisticians over at the Patch Tuesday Farmer's Almanac are saying that 7 ...
[Honeypot Alert] Multiple Local File Inclusion Attacks
January 09, 2012 | Ryan Barnett
Our web server honeypot log analysis has picked up some targeted local file ...
ModSecurity Mitigations for ASP.NET HashTable DoS Vulnerability (CVE-2011-3414)
January 09, 2012 | Ryan Barnett
ThreatPost had a news story today about PoC code that was released to the full ...
Introducing SQLol
January 06, 2012 | Dan Crowley
At the most recent Austin Hackers Association meeting I unveiled a project I've ...
ModSecurity Advanced Topic of the Week: Mitigation of 'Slow Read' Denial of Service Attack
January 06, 2012 | Ryan Barnett
Slow-Read DoS Attack Background Another tweak in the ongoing "Slow" DoS attacks ...
Analyzing PDF Malware - Part 2
January 06, 2012
Where were we?