SpiderLabs Blog

SharpParty: Process Injection in C#

November 11, 2025 | Will Rabb

Data in the Dark: The Public Sector on the Dark Web

October 15, 2025 | Admin

The dark web serves as a refuge for threat actors to gather intel, trade ...

How Researchers Collect Indicators of Compromise

August 14, 2025 | Messiah Dela Cruz

As security researchers, we actively monitor the latest CVEs and their publicly ...

Storm-0558 and the Dangers of Cross-Tenant Token Forgery

May 21, 2025 | Damian Archer

Modern cloud ecosystems often place a single identity provider in charge of ...

Guarding Against Dependency Attacks: Essential Strategies for Modern Application Development

May 16, 2025 | Damian Archer

Dependency management is one of the biggest challenges in modern software ...

Agent In the Middle – Abusing Agent Cards in the Agent-2-Agent (A2A) Protocol To ‘Win’ All the Tasks

April 21, 2025 | Tom Neaves

I think you’ll agree with me that growth in the AI landscape is pretty full-on ...

Why Principle of Least Privilege Matters More Than Ever in a World of Backdoored Large Language Models (LLMs)

March 24, 2025 | Tom Neaves

The concept of “principle of least privilege” has been around for a long time. ...

Your Money or Your Data: Ransomware Readiness Planning

September 02, 2024 | David Broggy

Today’s blog installment brings us to the end of our 30-week journey that ...

The Willy Wonka World of Application Security Defenses

August 26, 2024 | David Broggy

One doesn’t have to be a magician to understand how to track the hundreds, if ...

The Bug Stops Here: Using DevSecOps Workflows for Pest-Free Applications

August 19, 2024 | David Broggy

Developers and cybersecurity have an interesting relationship. Developers have ...

The Art of Deception: Turning the Tables on Attackers with Active Defenses

August 12, 2024 | David Broggy

Once an attacker enters your network, one of their first actions will be to try ...

Knowing your Enemy: Situational Awareness in Cyber Defenses

July 29, 2024 | David Broggy

Most homeowners know that a lock is a good idea as a basic defense against ...

Using AWS Secrets Manager and Lambda Function to Store, Rotate and Secure Keys

July 16, 2024 | Sally Gebreananeya

When working with Amazon Web Services (AWS), we often find that various AWS ...

Tips for Optimizing Your Security Operations Framework

July 15, 2024 | David Broggy

Building an effective Security Operations framework that provides the right ...

Network Isolation for DynamoDB with VPC Endpoint

July 09, 2024 | Selam Gebreananeya

DynamoDB is a fully managed NoSQL database service offered by Amazon Web ...

Clockwork Blue: Automating Security Defenses with SOAR and AI

July 01, 2024 | David Broggy

It’s impractical to operate security operations alone, using manual human ...

Cyber Exterminators: Monitoring the Shop Floor with OT Security

June 03, 2024 | David Broggy

Pressure is increasing on manufacturers to monitor their shop floors for ...

How to Create the Asset Inventory You Probably Don't Have

May 13, 2024 | David Broggy

This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 ...

Protecting Zion: InfoSec Encryption Concepts and Tips

April 29, 2024 | David Broggy

This is Part 9 in my ongoing project to cover 30 cybersecurity topics in 30 ...

The Invisible Battleground: Essentials of EASM

April 22, 2024 | David Broggy

Know your enemy – inside and out. External Attack Surface Management tools are ...

EDR – The Multi-Tool of Security Defenses

April 22, 2024 | David Broggy

This is Part 8 in my ongoing project to cover 30 cybersecurity topics in 30 ...

The Secret Cipher: Modern Data Loss Prevention Solutions

April 15, 2024 | David Broggy

This is Part 7 in my ongoing project to cover 30 cybersecurity topics in 30 ...

Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

December 10, 2021 | SpiderLabs Researcher

Updates: Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, ...

Still Scanning IP Addresses You’re Doing it Wrong

July 02, 2020 | John Anderson

The traditional approach to a vulnerability scan or penetration test is to find ...

Experiencing a security breach?

Experiencing a security breach?

SharpParty: Process Injection in C#

Stay Informed

Data in the Dark: The Public Sector on the Dark Web

How Researchers Collect Indicators of Compromise

Storm-0558 and the Dangers of Cross-Tenant Token Forgery

Guarding Against Dependency Attacks: Essential Strategies for Modern Application Development

Agent In the Middle – Abusing Agent Cards in the Agent-2-Agent (A2A) Protocol To ‘Win’ All the Tasks

Why Principle of Least Privilege Matters More Than Ever in a World of Backdoored Large Language Models (LLMs)

Your Money or Your Data: Ransomware Readiness Planning

The Willy Wonka World of Application Security Defenses

The Bug Stops Here: Using DevSecOps Workflows for Pest-Free Applications

The Art of Deception: Turning the Tables on Attackers with Active Defenses

Knowing your Enemy: Situational Awareness in Cyber Defenses

Using AWS Secrets Manager and Lambda Function to Store, Rotate and Secure Keys

Tips for Optimizing Your Security Operations Framework

Network Isolation for DynamoDB with VPC Endpoint

Clockwork Blue: Automating Security Defenses with SOAR and AI

Cyber Exterminators: Monitoring the Shop Floor with OT Security

How to Create the Asset Inventory You Probably Don't Have

Protecting Zion: InfoSec Encryption Concepts and Tips

The Invisible Battleground: Essentials of EASM

EDR – The Multi-Tool of Security Defenses

The Secret Cipher: Modern Data Loss Prevention Solutions

Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

Still Scanning IP Addresses You’re Doing it Wrong

Wardrive, Raspberry Pi Style!

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.