SpiderLabs Radio: March 13, 2014
March 13, 2014 | Admin
In this episode we talk about Microsoft Patch Tuesday providing patches for an ...
WordPress XML-RPC PingBack Vulnerability Analysis
March 12, 2014 | Ryan Barnett
There were news stories this week outlining how attackers are abusing the ...
Deep Analysis of CVE-2014-0502 – A Double Free Story
March 12, 2014 | Ben Hayak
A lot has already been said about CVE-2014-0502, the Adobe Flash Player ...
Detecting A Surveillance State - Part 1 Hardware Implants
March 11, 2014 | Admin
This is the first in a series of four blog posts that will cover defenses and ...
Touchlogging Part 3 - Final Thoughts
March 11, 2014 | Neal Hindocha
This is the third and final part on the subject of Touchlogging. I do recommend ...
Microsoft Patch Tuesday, March 2014
March 11, 2014 | Admin
March's Patch Tuesday includes five bulletins, two rated "Critical" and three ...
SpiderLabs Radio: March 7, 2014
March 08, 2014 | Admin
In this episode we talk about a new Russian rootkit called Uroburos, another ...
Touchlogging Part 2 - Android
March 06, 2014 | Neal Hindocha
This is part two in my Touchlogging series, you can find part one here.
Bloodletting the Arms Race: Using Attacker's Techniques for Defense
March 06, 2014 | Admin
Submitted by Ziv Mador and Ryan Barnett
Microsoft Advance Notification for March 2014
March 06, 2014 | Admin
The Microsoft Security release for March will include patches for Windows, ...
Gamut Spambot Analysis
March 04, 2014 | Rodel Mendrez
In this blog post, we'll be describing the functionality of a spamming botnet ...
Touchlogging Part 1 - iOS
March 03, 2014 | Neal Hindocha
Although there have been numerous articles posted, I thought I would write ...
SpiderLabs Radio: February 27, 2014
February 27, 2014 | Admin
In this episode we talk about the Apple "gotofail" SSL vulnerability, SEA is ...
Look What I Found: Pony is After Your Coins!
February 24, 2014 | Admin
In our previous episode of "Look What I Found" we detailed our discovery of a ...
SpiderLabs Radio: February 20, 2014
February 21, 2014 | Admin
In this episode we look at the new Linksys worm dubbed TheMoon, two new ...
Internet Explorer Zero Day: CVE-2014-0322
February 19, 2014 | Rami Kogan
Recently, several security vendors reported about a new IE 0day which affects ...
ModSecurity Advanced Topic of the Week: Detecting Browser Fingerprint Changes During Sessions
February 19, 2014 | Ryan Barnett
This blog post will discuss a section from Recipe 8-5: Detecting Browser ...
Responder 2.0 - Owning Windows Networks part 3
February 18, 2014 | Admin
The power and flexibility of Responder has grown significantly over the past ...
FAQ: Pony Malware Payload Discovery
February 18, 2014 | Admin
Our team's discovery of the spoils of yet another instance of Pony 1.9 has kept ...
Wait a minute... that’s not a real JPG!
February 17, 2014 | Richard Wells
When attackers compromise a website and want to harvest credit cards, they need ...
SpiderLabs Radio: February 13, 2014
February 14, 2014 | Admin
In this episode we look at Facebook's open-sourcing of the Android crypto API ...
“Reversing” Non-Proxy Aware HTTPS Thick Clients w/ Burp
February 14, 2014 | Jonathan Claudius
A little over a month ago, I published a Metasploit auxiliary module for ...
JackPOS – The House Always Wins
February 11, 2014 | Josh Grunzweig
A new point of sale (POS) malware family could be a jackpot for credit card ...
CVE-2014-0050: Exploit with Boundaries, Loops without Boundaries
February 11, 2014 | Oren Hafif
In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and ...
The Keystone Rocks - Foundation Chips of Pentesting Tips Part 1
February 11, 2014 | Martin Murfitt
The knowledgebase of a penetration tester can be broadly split into two ...
SpiderLabs Radio: February 7, 2014
February 07, 2014 | Admin
In this episode I talk about a new Adobe zero day in Flash Player, the ...
Microsoft Advance Notification for February 2014
February 06, 2014 | Admin
***Update as of Monday, February 10, 2014***
Spammers Are Taking Advantage of Your Whitelists by Spoofing Legitimate Brands
February 05, 2014 | Admin
***EDITOR'S NOTE: The content of this article does not make or imply any claims ...