Rogue Certificates Set on Flame
June 05, 2012 | Rami Kogan
It was only a matter of time before we felt Flame's aftershock. Yesterday ...
Dynamic DAST/WAF Integration: Realtime Virtual Patching
June 05, 2012 | Ryan Barnett
At the recent OWASP AppSecDC conference, I presented on this topic. I received ...
Now IronSpider - Go hard or Go home, I'm an Ironman!
June 04, 2012 | SpiderLabs Researcher
Probably in the same period I started at Trustwave SpiderLabs I decided to ...
iOS Application Security: Review of Top 50 Free iPad Apps [Part 2 of 2]
June 01, 2012 | Admin
The View From The Top Isn't Much Better
Defeating Flame String Obfuscation with IDAPython
June 01, 2012 | Josh Grunzweig
Like many other security research firms, SpiderLabs Research has been actively ...
Oracle Databases, a Penetration Tester’s View of Unauthorized Access to Customer Records
May 31, 2012 | David Kirkpatrick
When penetration-testing you get to see lots of seemingly unbelievable security ...
[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Credit Card Validation Scripts
May 31, 2012 | Ryan Barnett
In our previous blog post "Inside the Attacker's Toolbox: Botnet Web Attack ...
Putting Out the Flame
May 30, 2012 | SpiderLabs Researcher
There's a lot of buzz going around in the security field about a big piece of ...
iOS Application Security: Top 50 Free iPad Apps - The View From The Top Isn’t Much Better [Part 1 of 2]
May 25, 2012 | Admin
Hello. I'm Tom Neaves. I recently joined SpiderLabs as a Senior Security ...
Reading between the lines: Harvesting Credit Cards from ISO8583-1987 Traffic
May 25, 2012 | Solomon Bhala
Having investigated cardholder data security breaches for a few years now, I ...
Connecting the Dots w/ PenTest Manager
May 24, 2012 | Admin
We are evolving how the penetration testing industry reports vulnerabilities. ...
“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 2 of 5)
May 22, 2012 | SpiderLabs Researcher
This is the second blog in this series of blogs. The previous blog provided a ...
HULK vs. THOR - Application DoS Smackdown
May 18, 2012 | Admin
SpiderLabs Research Team Contributions from:
About me, myself and BeEF
May 17, 2012 | Antisnatchor
Hello followers of SpiderLabs Anterior.
[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Web Attack Scripts
May 17, 2012 | Ryan Barnett
Have you ever wondered what script/code/tool was behind the automated web ...
Too XXE For My Shirt
May 16, 2012 | Dan Crowley
Until tonight, I'd never gotten a chance to try an xml external entity (XXE) ...
“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 4 of 5)
May 15, 2012 | SpiderLabs Researcher
This is the fourth part in a series of blogs. The prior blogs describe the ...
“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 1 of 5)
May 15, 2012 | SpiderLabs Researcher
In the next series of blogs we will describe in detail an attack from one of ...
It Takes Two to Tango (myself, and your unprotected file share)
May 11, 2012 | Nathan Drier
BananaStand learned from last time (to see last time, go here ). Systems were ...
THOTCON 0x3 - Hacker Brew Contest
May 08, 2012 | Ryan Merritt
This year's instantiation of the THOTCON hacking conference issued a unique ...
Bypass Vulnerabilities in Squid and McAfee Web Access Gateway
May 08, 2012 | Jonathan Claudius
About two weeks ago, a Brazilian security researcher by the name of Gabriel ...
PHP-CGI Exploitation by Example
May 08, 2012 | Jonathan Claudius
Late last week, a vulnerability in PHP-CGI was disclosed, which allows all ...
Microsoft Patch Tuesday: Help Is On The Way!
May 08, 2012 | Admin
This may sound a bit odd but "nosteve" who usually gives his take on the patch ...
TWSL2012-004: Multiple Vulnerabilities in Zen Cart
May 08, 2012 | Robert Foggia
The SpiderLabs team at Trustwave published a new advisory yesterday, which ...
[Honeypot Alert] (UPDATE) Active Exploit Attempts for PHP-CGI Vuln
May 07, 2012 | Ryan Barnett
UPDATE - we have received more exploit attempt details from web hosting ...
A Wild Exploit Kit Appears... Meet RedKit
May 02, 2012 | Arseny Levin
During our research we have recently encountered a new private exploit kit. The ...
Recent Mass SQL Injection Payload Analysis
May 01, 2012 | Ryan Barnett
There have been a number of mass SQL Injection campaigns targeting ...
RedKit Payload - Binary Fun
May 01, 2012 | Josh Grunzweig
Before I jump into this blog post, I'd like to point out some interesting ...