The WannaCry Ransomware Campaign
May 13, 2017 | Karl Sigler
By now you have likely heard about the WannaCry (aka WannaCrypt) ransomware ...
Airachnid: Web Cache Deception Burp Extender
May 09, 2017 | Johan Snyman
Introduction
Carbanak Continues To Evolve: Quietly Creeping into Remote Hosts
April 28, 2017 | James Antonakos
Introduction
Multiple Vulnerabilities in Avast Antivirus
April 25, 2017 | Martin Rakhmanov
Last year I decided to do some security research on an antivirus product. Avast ...
Microsoft Patch Tuesday, April 2017
April 11, 2017 | SpiderLabs Researcher
April Patch Tuesday is here and, like the change of the seasons, this release ...
Understanding and Discovering Open Redirect Vulnerabilities
April 10, 2017 | SpiderLabs Researcher
One of the most common and largely overlooked vulnerabilities by web developers ...
And Then? Where is the Risk with Steganography?
March 30, 2017 | Jesus Olguin
In the previous posts, Steganography... what is that? and Steganalysis, the ...
Protecting Yourself from MongoDB Ransomware
March 29, 2017 | Christopher Bielinski
In the realm of malware, ransomware has been king for the last few years, ...
Exploiting Privilege Escalation in Serv-U by SolarWinds
March 22, 2017 | Leopold von Niebelschuetz-Godlewski
I was recently working on an external network penetration test where I ...
Authentication and Encryption in PAS Web Shell Variant
March 16, 2017 | Sachin Deodhar
Introduction During a recent incident response case, we were tasked with ...
Database Security Knowledgebase Update 5.12
March 15, 2017 | Lolita Chandra
This month's update for Database Security Knowledgebase is now available. ...
Hey Buddy, Can You Spare a Log? Adventures in Log-Based Threat Hunting
March 15, 2017 | James Antonakos
A long time ago, in a blog far, far away (August 1, 2016: Slinging Hash: ...
Microsoft Patch Tuesday, March 2017
March 14, 2017 | SpiderLabs Researcher
We knew that the Microsoft's Valentine's gift to cancel Patch Tuesday on ...
Undocumented Backdoor Account in DBLTek GoIP
March 01, 2017 | Neil Kettle
Trustwave recently reported a remotely exploitable issue in the Telnet ...
Hanz Ostmaster’s revenge: An SSL Validation issue
February 10, 2017 | Chaim Sanders
Why would I title a blog post with the name 'Hanz Ostmaster'? Don't worry, it's ...
Unauthenticated Backdoor Access in Unanet
February 08, 2017 | Chaim Sanders
The default configuration of the Unanet web application has a backdoor that can ...
Database Security Knowledgebase Update 5.11
February 03, 2017 | Lolita Chandra
This month's update for Database Security Knowledgebase is now available.
Underground Scams: Cutting the Head Off a Snake
February 02, 2017 | Simon Kenin
Shortly after publishing our post about Terror EK, "King Cobra" (a Twitter ...
CVE-2017-5521: Bypassing Authentication on NETGEAR Routers
January 30, 2017 | Simon Kenin
Home routers are the first and sometimes last line of defense for a network. ...
SVG Files Are Not As Benign As It May Seem
January 27, 2017 | Rodel Mendrez
Bad guys are getting quite creative trying to evade spam filters and antivirus ...
Creating the ModSecurity v3 IDS connector as part of Google Summer of Code
January 27, 2017 | Trustwave SpiderLabs
A note from the Trustwave Spiderlabs ModSecurity team:
Two Privilege Escalation Vulnerabilities in McAfee Security Scan Plus
January 23, 2017 | Martin Rakhmanov
This post will discuss two separate Local Privilege Escalation vulnerabilities ...
Is ModSecurity’s SecRules Turing Complete?
January 20, 2017 | Chaim Sanders
Have you ever seen a rule for ModSecurity? They may look similar to the ...
Operation Grand Mars: a comprehensive profile of Carbanak activity in 2016/17
January 18, 2017 | SpiderLabs Researcher
The Trustwave SpiderLabs team has been actively tracking a malicious campaign ...
Microsoft Patch Tuesday, January 2017
January 10, 2017 | SpiderLabs Researcher
It's everyone's favorite Patch Tuesday, January's Patch Tuesday. Historically ...
Steganalysis, the Counterpart of Steganography
December 22, 2016 | Jesus Olguin
In my last blog post I discussed the art of embedding secret messages in any ...
Raiding the Piggy Bank: Webshell Secrets Revealed
December 19, 2016 | James Antonakos
Introduction
Microsoft Patch Tuesday, December 2016
December 13, 2016 | SpiderLabs Researcher
December's Patch Tuesday is here to greet you with the pleasant tidings of ...