SpiderLabs Blog

GoldenSpy Chapter 4: GoldenHelper Malware Embedded in Official Golden Tax Software

Directly preceding GoldenSpy, another malware family was used to covertly access the networks of ...

Patch Tuesday, October 2020

October's Patch Tuesday is upon us and with it comes patches for 102 CVEs. This release includes 13 ...

Evasive URLs in Spam: Part 2

A URL can be completely valid, yet still misleading. In this blog, we will present another ...

Network Detection for ZeroLogon CVE-2020-1472

ZeroLogon has quickly become popular and well known because of multiple proofs of concept and ...

SAP ASE Information Leaks: CVE-2020-6295 and CVE-2020-6317

Introduction Today I'd like to discuss two information disclosure vulnerabilities that occur in SAP ...

Hijacking a Domain Controller with Netlogon RPC aka Zerologon: CVE-2020-1472

On September 14th, researchers at security firm Secura published a white paper detailing a complete ...

Evasive URLs in Spam

This post is part one of a two part series. You can read part two here.

Blackhole Exploit Kit v2

A few days ago a new version of THE most common exploit kit was released. Unlike most exploit kit ...

ModSecurity Regular Expressions and Disputed CVE-2020-15598

ModSecurity is an open-source Web Application Firewall (WAF) engine maintained by Trustwave. The ...

RATs and Spam: The Node.JS QRAT

The Qua or Quaverse Remote Access Trojan (QRAT) is a Java-based RAT that can be used to gain ...

SpiderLabs Capture the Flag 2020 Results

IBM Db2 Shared Memory Vulnerability (CVE-2020-4414)

I’ve recently blogged about a shared memory vulnerability in Cisco WebEx Meetings Client on Windows ...

From SSRF to Compromise: Case Study

Overview I think every penetration tester has a story about the one that got away. The bug that ...

vBulletin Remote Code Execution (CVE-2020-7373)

Last week, security researcher Amir Etemadieh (aka Zenoflex) disclosed that vBulletin’s patch for ...

Patch Tuesday, August 2020

August's Patch Tuesday is here with 120 CVEs patched. That includes 100 rated as "Important" and 20 ...

Playdate with Bots: Microsoft SQL Honeypots

A good way to keep an eye on attackers and get insight on their techniques and tactics is to use a ...

Microsoft Teams Updater Living off the Land

Introduction During this global pandemic COVID-19 situation, there has been an increasing trend of ...

Are You Really Scanning What You Think

In a previous post we explored the importance of scanning hostnames instead of IP addresses in ...

ASUS Router Vulnerable to Fake Updates and XSS (CVE-2020-15498 & CVE-2020-15499)

Recently ASUS patched two issues I discovered in the RT-AC1900P router firmware update ...

Lockscreen Ransomware Phishing Leads To Google Play Card Scam

Email scammers always seem to invent new ways of trickery to gain cash from their victims. We ...

Patch Tuesday, July 2020

July's Patch Tuesday is here with another large list of CVEs. It includes 20 CVEs rated "Critical" ...

Injecting Magecart into Magento Global Config

At the beginning of June 2020, we were contacted about a breach of a website using the Magento ...

Hackers Leverage Cloud Platforms to Spread Phishing Under the Radar

During April, amid the Covid-19 pandemic, Perception-Point wrote about a phishing campaign that ...

Still Scanning IP Addresses You’re Doing it Wrong

The traditional approach to a vulnerability scan or penetration test is to find the IP addresses ...

GoldenSpy Chapter 3: New and Improved Uninstaller

Background: On June 25th, Trustwave SpiderLabs published our research on a backdoor, dubbed ...

PhishINvite with Malicious ICS Files

In an earlier blog entitled “Phishing in the Cloud”, we outlined that threat actors are actively ...

Adventures in ATM Hacking

Intro Before this pandemic, Neil Burrows and myself (Bruno Oliveira) from Trustwave's SpiderLabs ...

GoldenSpy: Chapter Two – The Uninstaller 

On June 25, 2020 Trustwave SpiderLabs published research showing that the Intelligent Tax software, ...