Sheepl 2.0: Automating People for Red and Blue Tradecraft
March 04, 2019 | Matt Lorentzen
When I first released Sheepl 0.1 in September 2018 as part of a talk, I wanted ...
Bangladesh Embassy Website in Cairo Compromised
February 27, 2019 | Nikita Kazymirskyi
In the world of Phishing emails, we often see schemes which involve enticing ...
Digging Deep Into Magecart Malware
February 21, 2019 | Rodel Mendrez
Last week, one of my SpiderLabs colleagues was working on a PCI forensic triage ...
Malware Xeroing in on Cloud Accounting Customers
February 15, 2019 | Dr. Fahim Abbasi
We witnessed a sophisticated phishing campaign on 16th August 2017, targeting ...
Stealing Money by Asking for It: Business Email Compromise via Altered Invoices
February 14, 2019 | Phil Hay
We are seeing more reports from organizations being targeted by what could be ...
Password Protected Word Document Delivers HERMES Ransomware
February 13, 2019 | SpiderLabs Researcher
Evading AV detection is part of a malware author's routine in crafting spam ...
Patch Tuesday, February 2019
February 12, 2019 | Karl Sigler
With today's Patch Tuesday for February, things are back to normal with patches ...
Money Laundering: Washing Your Greens in the Underground - Part 3 of 3
February 08, 2019 | SpiderLabs Researcher
“Not having to worry about money is almost like not having to worry about ...
Lifesize Team, Room, Passport & Networker Remote OS Command Injection
February 07, 2019 | Simon Kenin
While working on various vulnerability research projects, I encountered ...
Sextortion Scam Now With Malicious Downloader
February 06, 2019 | Diana Lopera
Sextortion scams were a hit campaign last year and are continuing in 2019 with ...
Sextortion Scam Now With Malicious Downloader
February 06, 2019 | Diana Lopera
Sextortion scams were a hit campaign last year and are continuing in 2019 with ...
Latest Flash 0-Day (CVE-2018-15982) Leaves its Office Doc Friend Behind
January 31, 2019 | SpiderLabs Researcher
CVE-2018-15982 is the Flash 0day that was patched by Adobe at the beginning of ...
Using IPv6 to Bypass Security
January 23, 2019 | SpiderLabs Researcher
Introduction
Living off the LAN
January 23, 2019 | Alejandro Baca
When an attacker uses tools native to the operating system it is referred to as ...
Overview of Meltdown and Spectre
January 22, 2019 | SpiderLabs Researcher
You have probably heard the news of new vulnerabilities that affect most major ...
Spam Masters of Extortion, Illusion and Evasion
January 21, 2019 | Dr. Fahim Abbasi
In 2018 we saw a rise in sextortion scams in which cyber-criminals notified ...
Patch Tuesday, January 2019
January 08, 2019 | Karl Sigler
Historically January has been a relatively light month for Patch Tuesday, but ...
Spam Masters of Extortion, Illusion and Evasion
December 21, 2018 | Dr Fahim Abbasi
In 2018 we saw a rise in sextortion scams in which cyber-criminals notified ...
Kernel Buffer Overflow in Trusteer Rapport for MacOS
December 20, 2018 | Neil Kettle
Trustwave recently reported a Kernel based vulnerability in a driver bundled ...
Rise of the Webminers
December 19, 2018 | Oren Mashal
About a year ago webminers began to appear on more and more websites. It was ...
Hacking Online Coupons
December 18, 2018 | Lena Frid
We all shop online. How many times, just before placing an online order, have ...
Microsoft Patch Tuesday, December 2018
December 11, 2018 | Karl Sigler
The last Patch Tuesday of 2018 is here and we are easing into the New Year with ...
Magecart - An overview and defense mechanisms
December 06, 2018 | Victor Hora
Summary This blog post offers insight into Magecart and offers advice on how to ...
Scavenger: Post-Exploitation Tool for Collecting Vital Data
December 05, 2018 | Philip Pieterse
‘Scavenger’ - definition [noun]: a person who searches for and collects ...
Announcing ModSecurity version 2.9.3
December 05, 2018 | Victor Hora
We are happy to announce ModSecurity version 2.9.3!
Taking Advantage of AJAX for Account Enumeration
November 27, 2018 | Manuel Nader
Context AJAX stands for Asynchronous JavaScript And XML. It’s a set of web ...
Sheepl : Automating People for Red and Blue Tradecraft
November 27, 2018 | Matt Lorentzen
Whilst there is a wealth of information out there about how to build ...
Exploring and Modifying Android and Java Applications for Security Research
November 27, 2018 | Martin Rakhmanov
Sometimes pentesters and security researchers need to modify existing Java ...