Linux Kernel ROP - Ropping your way to # (Part 1)
June 10, 2016 | Vitaly Nikolenko
Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique ...
Zero Day Auction for the Masses
June 09, 2016 | SpiderLabs Researcher
UPDATE: The seller once again lowered their price on the 6th of June to ...
Digging in the Spam Folder
June 03, 2016 | James Antonakos
Introduction Unlike spam that appears in my real-world mailbox, the numerous ...
Suzy’s Phishing Season
May 17, 2016 | Simon Kenin
Although most SWG-related blogs talk about exploit kits and malicious code, ...
About SAP ASE DSAM SQL Injection (CVE-2016-4013)
May 11, 2016 | Martin Rakhmanov
SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that ...
Database Security Knowledgebase Update 5.01
May 10, 2016 | Lolita Chandra
This month's update for Database Security Knowledgebase is now available.
Microsoft Patch Tuesday, May 2016
May 10, 2016 | SpiderLabs Researcher
May's Patch Tuesday is here and brings with it 16 Bulletins with 51 unique ...
Microsoft Patch Tuesday, April 2016
April 12, 2016 | SpiderLabs Researcher
April is here and with it comes a new Patch Tuesday. This month Microsoft is ...
Intercepting SSL And HTTPS Traffic With mitmproxy and SSLsplit
April 01, 2016 | Admin
Looking for vulnerabilities in mobile applications and smart home devices ...
TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart
March 25, 2016 | Sriram Akurati
Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. ...
Every Tool in the Tool Box
March 22, 2016 | Eric Merritt
Introduction When I teach people about reverse engineering, I often hear the ...
TWSL2016-005: Memory corruption in a third-party component: how to find what’s wrong
March 10, 2016 | Martin Rakhmanov
In continuation of this post: debugging-sap-ase-net-provider-issues/
TWSL2016-003: Sophos Anti-Virus Mac OS X Version Update File Unlinking Vulnerability
March 10, 2016 | Martin Rakhmanov
While researching inter-process communication on Mac OS X, I found a small ...
Massive Volume of Ransomware Downloaders being Spammed
March 09, 2016 | Rodel Mendrez
We are currently seeing extraordinarily huge volumes of JavaScript attachments ...
PoSeidon Completionist
March 08, 2016 | Eric Merritt
Introduction Most gamers have explored every nook and cranny of their favorite ...
Microsoft Patch Tuesday, March 2016
March 08, 2016 | SpiderLabs Researcher
Today is March's Patch Tuesday with 13 bulletins and 39 unique CVEs, which is ...
Data Extraction via String Concatenation in a Blind SQL Injection Vulnerability
March 07, 2016 | Admin
Day One: In Which The Heavens Part, But Only Slightly A few weeks ago while ...
Angler Takes Malvertising to New Heights
March 04, 2016 | SpiderLabs Researcher
We have just discovered an advertising campaign that has been placing malicious ...
Microsoft Patch Tuesday, February 2016
February 09, 2016 | Karl Sigler
February Patch Tuesday is here with double the number of vulnerabilities that ...
Angler Exploit Kit – Gunning For the Top Spot
February 08, 2016 | Rami Kogan
They say that with great power comes great responsibility. In the world of ...
Base64 versus Plaintext Observations
February 05, 2016 | Chaim Sanders
Recently we have been working on the libmodsecurity project. As part of the ...
Neutrino Exploit Kit Not Responding – Bug or Feature?
February 04, 2016 | Daniel Chechik
A couple of weeks ago we were looking at some exploit kits in one of our lab ...
Sending ModSecurity Logs to MySQL
February 02, 2016 | Chaim Sanders
Previous Work
Microsoft Patch Tuesday, January 2016
January 12, 2016 | SpiderLabs Researcher
It's a new year and with it comes a fresh batch of CVEs. As expected this ...
About CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation
January 07, 2016 | Martin Rakhmanov
SAP released an update for SAP ASE 16.0 and 15.7 that addresses a serious ...
An Overview of the Upcoming libModSecurity
December 28, 2015 | Felipe "Zimmerle" Costa
libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax ...
Neutrino Exploit Kit – One Flash File to Rule Them All
December 28, 2015 | Daniel Chechik
There's been a bit of talk about the Neutrino exploit kit lately, most of it ...
Endless Evasion Racing Game
December 27, 2015 | Rami Kogan
In the past year we have been exploring the Magnitude Exploit Kit - one of the ...