Detecting A Surveillance State - Part 4 Cellular Attacks
May 05, 2014
This is the fourth and final post in my series of posts about state actor ...
Microsoft Internet Explorer 0-Day (CVE-2014-1776)
May 05, 2014 | Trustwave SpiderLabs
A zero-day vulnerability in Microsoft Internet Explorer, CVE-2014-1776, was ...
Lnk files in Email Malware Distribution
May 02, 2014
Recently I have noticed more use of .lnk files used in malware distribution via ...
ModSecurity Advanced Topic of the Week: JSON Support
May 02, 2014 | Ryan Barnett
Submitted by Felipe Costa and Ryan Barnett (SpiderLabs Research - ModSecurity ...
SpiderLabs Radio: May 1, 2014
May 02, 2014
In this episode:
Privilege Escalation Vulnerability in Cisco ASA's SSL VPN
April 25, 2014
Trustwave SpiderLabs security researcher Jonathan Claudius has discovered a ...
SpiderLabs Radio: April 24, 2014
April 25, 2014
In this episode:
NetSupport Information Leakage Using Nmap Script
April 23, 2014 | David Kirkpatrick
NetSupport allows corporations to remotely manage and connect to PC's and ...
SpiderLabs Radio: April 17, 2014
April 18, 2014
In this episode:
Trustwave Analysis of the April 2014 Oracle CPU for Databases
April 17, 2014 | Alex Kaluski
The 17th of April fell this week, which means it is Oracle Critical Patch ...
Announcing ModSecurity v2.8.0
April 16, 2014 | Ryan Barnett
SpiderLabs Radio: April 10, 2014
April 10, 2014
In this episode I bid a fond farewell to Windows XP; Microsoft patches that RTF ...
Farewell to XP
April 09, 2014 | woodbusy
As Karl noted in his Patch Tuesday post, yesterday was the last day of support ...
Detecting A Surveillance State - Part 3 Infected Firmware
April 09, 2014
In this third installment of Detecting A Surveillance State blog series I will ...
Capturing Ghosts: Using inotify to defeat an Android DRM system
April 09, 2014 | Mike Park
Apart from our typical application penetration testing engagements, clients ...
Microsoft Patch Tuesday, April 2014
April 08, 2014
April's Microsoft Patch Tuesday is on par with the prior releases this year. ...
SpiderLabs Radio: April 3, 2014
April 03, 2014
In this episode I talk about GMail making HTTPS mandatory, a move some people ...
Microsoft Word RTF 0-Day (CVE-2014-1761)
April 03, 2014 | Trustwave SpiderLabs
A zero-day vulnerability in Microsoft Word involving the handling of the RTF ...
Microsoft Advance Notification for April 2014
April 03, 2014 | Robert Foggia
The Microsoft April security release is almost upon us with security updates ...
Old School Code Injection in an ATM .dll
March 31, 2014 | Christophe De La Fuente
During our last ATM review engagement, we found some interesting executable ...
An Intro to NetSupport Manager Scripts
March 31, 2014 | David Kirkpatrick
On a recent gig I was hit with hundreds of hosts running a service on port TCP ...
Stupid Spammer Tricks – Multi-Character Set Text
March 31, 2014 | Brian Bebeau
Looking to refinance your house? Install solar panels? Hey, this email about ...
Wendel's Small Hacking Tricks - The Annoying NT_STATUS_INVALID_WORKSTATION.
March 31, 2014 | Wendel Guglielmetti Henrique
Since 2003 a large part of my workday has been devoted solely to hacking ...
[Honeypot Alert] JCE Joomla Extension Attacks
March 26, 2014 | Ryan Barnett
Our web honeypots picked up some increased exploit attempts for an old Joomla ...
SpiderLabs Radio: March 20, 2014
March 20, 2014
In this episode we talk about the Windigo malware campaign, how a ...
Google Summer of Code (GSoC) + OWASP + ModSecurity = Awesome
March 20, 2014 | Bryant Smith
OWASP is again participating in the Google Summer of Code (GSoC) Program for ...
ColdFusion Admin Compromise Analysis (CVE-2010-2861)
March 18, 2014 | Ryan Barnett
In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion ...
Detecting A Surveillance State - Part 2 Radio Frequency Exfiltration
March 18, 2014 | Robert Rowley
In the last post we reviewed a few hardware implants that may have been used by ...