PoSeidon Completionist
March 08, 2016 | Eric Merritt
Introduction Most gamers have explored every nook and cranny of their favorite ...
Data Extraction via String Concatenation in a Blind SQL Injection Vulnerability
March 07, 2016
Day One: In Which The Heavens Part, But Only Slightly A few weeks ago while ...
Angler Takes Malvertising to New Heights
March 05, 2016 | SpiderLabs Researcher
We have just discovered an advertising campaign that has been placing malicious ...
Microsoft Patch Tuesday, February 2016
February 09, 2016 | Karl Sigler
February Patch Tuesday is here with double the number of vulnerabilities that ...
Angler Exploit Kit – Gunning For the Top Spot
February 09, 2016 | Rami Kogan
They say that with great power comes great responsibility. In the world of ...
Base64 versus Plaintext Observations
February 05, 2016 | Chaim Sanders
Recently we have been working on the libmodsecurity project. As part of the ...
Neutrino Exploit Kit Not Responding – Bug or Feature?
February 04, 2016 | Daniel Chechik
A couple of weeks ago we were looking at some exploit kits in one of our lab ...
Sending ModSecurity Logs to MySQL
February 02, 2016 | Chaim Sanders
Previous Work
Microsoft Patch Tuesday, January 2016
January 12, 2016 | SpiderLabs Researcher
It's a new year and with it comes a fresh batch of CVEs. As expected this ...
About CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation
January 07, 2016 | Martin Rakhmanov
SAP released an update for SAP ASE 16.0 and 15.7 that addresses a serious ...
ModSecurity Python Bindings: Parsing ModSecurity rules from Python
December 29, 2015 | Felipe "Zimmerle" Costa
One of the good things about the next generation of ModSecurity, libModSecurity ...
An Overview of the Upcoming libModSecurity
December 28, 2015 | Felipe "Zimmerle" Costa
libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax ...
Neutrino Exploit Kit – One Flash File to Rule Them All
December 28, 2015 | Daniel Chechik
There's been a bit of talk about the Neutrino exploit kit lately, most of it ...
Endless Evasion Racing Game
December 27, 2015 | Rami Kogan
In the past year we have been exploring the Magnitude Exploit Kit - one of the ...
3-in-1 Malware Infection through Spammed JavaScript Attachments
December 22, 2015 | Rodel Mendrez
Recently we've observed a massive uptick of malicious spam with JavaScript ...
Protecting Your Sites from Apache.Commons Vulnerabilities
December 21, 2015
Overview A few weeks ago, FoxGlove Security released this important blog post ...
Defender for IoT’s Firmware Analysis Tool is Exceptional
December 18, 2015 | David Broggy
One of my "pastimes," if you will, is to check out the features of various ...
Joomla 0-Day Exploited In the Wild (CVE-2015-8562)
December 18, 2015 | Assi Barak
A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot ...
Mom Spies a Hack
December 15, 2015 | Jonathan Yarema
Have you ever wondered if all that informal training you do with your friends ...
Microsoft Patch Tuesday, December 2015
December 08, 2015
The December Microsoft Path Tuesday is upon us and it does not bring any happy ...
Another Brick in the FrameworkPoS
December 07, 2015 | Eric Merritt
Introduction FrameworkPoS is a well-documented family of malware that targets ...
New Memory Scraping Technique in Cherry Picker PoS Malware
November 17, 2015 | Eric Merritt
Introduction Working primarily with point of sale malware, we regularly see the ...
Shining the Spotlight on Cherry Picker PoS Malware
November 16, 2015 | Eric Merritt
Introduction For the last five years Trustwave has been monitoring a threat ...
BOM Obfuscation in Spam
November 10, 2015 | Phil Hay
Spammers try all sorts of tricks to obfuscate, including trying to obfuscate ...
Microsoft Patch Tuesday, November 2015
November 10, 2015
November's Patch Tuesday marks a return to business as usual. Where October was ...
SpiderLabs Radio for the Week of November 2, 2015 - Final Episode
November 08, 2015
In this week's episode:
Oracle Database 11.2 SQLi in XML index statistics processing (CVE-2015-4900)
November 06, 2015 | Martin Rakhmanov
In the October 2015 'Critical Patch Update' Oracle fixed a flaw in XML index ...
About Lenovo System Update Vulnerabilities and CVE-2015-6971
October 26, 2015 | Martin Rakhmanov
Over the past seven months, a number of vulnerabilities in Lenovo System Update ...