SpiderLabs Radio: March 13, 2014
March 13, 2014
In this episode we talk about Microsoft Patch Tuesday providing patches for an ...
Deep Analysis of CVE-2014-0502 – A Double Free Story
March 12, 2014 | Ben Hayak
A lot has already been said about CVE-2014-0502, the Adobe Flash Player ...
WordPress XML-RPC PingBack Vulnerability Analysis
March 12, 2014 | Ryan Barnett
There were news stories this week outlining how attackers are abusing the ...
Detecting A Surveillance State - Part 1 Hardware Implants
March 11, 2014
This is the first in a series of four blog posts that will cover defenses and ...
Microsoft Patch Tuesday, March 2014
March 11, 2014
March's Patch Tuesday includes five bulletins, two rated "Critical" and three ...
Touchlogging Part 3 - Final Thoughts
March 11, 2014 | Neal Hindocha
This is the third and final part on the subject of Touchlogging. I do recommend ...
SpiderLabs Radio: March 7, 2014
March 08, 2014
In this episode we talk about a new Russian rootkit called Uroburos, another ...
Touchlogging Part 2 - Android
March 06, 2014 | Neal Hindocha
This is part two in my Touchlogging series, you can find part one here.
Microsoft Advance Notification for March 2014
March 06, 2014
The Microsoft Security release for March will include patches for Windows, ...
Bloodletting the Arms Race: Using Attacker's Techniques for Defense
March 06, 2014
Submitted by Ziv Mador and Ryan Barnett
Gamut Spambot Analysis
March 04, 2014 | Rodel Mendrez
In this blog post, we'll be describing the functionality of a spamming botnet ...
Touchlogging Part 1 - iOS
March 03, 2014 | Neal Hindocha
Although there have been numerous articles posted, I thought I would write ...
SpiderLabs Radio: February 27, 2014
February 27, 2014
In this episode we talk about the Apple "gotofail" SSL vulnerability, SEA is ...
Look What I Found: Pony is After Your Coins!
February 24, 2014
In our previous episode of "Look What I Found" we detailed our discovery of a ...
SpiderLabs Radio: February 20, 2014
February 21, 2014
In this episode we look at the new Linksys worm dubbed TheMoon, two new ...
Internet Explorer Zero Day: CVE-2014-0322
February 19, 2014 | Rami Kogan
Recently, several security vendors reported about a new IE 0day which affects ...
ModSecurity Advanced Topic of the Week: Detecting Browser Fingerprint Changes During Sessions
February 19, 2014 | Ryan Barnett
This blog post will discuss a section from Recipe 8-5: Detecting Browser ...
FAQ: Pony Malware Payload Discovery
February 18, 2014
Our team's discovery of the spoils of yet another instance of Pony 1.9 has kept ...
Responder 2.0 - Owning Windows Networks part 3
February 18, 2014
The power and flexibility of Responder has grown significantly over the past ...
Wait a minute... that’s not a real JPG!
February 17, 2014 | Richard Wells
When attackers compromise a website and want to harvest credit cards, they need ...
SpiderLabs Radio: February 13, 2014
February 14, 2014
In this episode we look at Facebook's open-sourcing of the Android crypto API ...
“Reversing” Non-Proxy Aware HTTPS Thick Clients w/ Burp
February 14, 2014 | Jonathan Claudius
A little over a month ago, I published a Metasploit auxiliary module for ...
Microsoft Patch Tuesday, February 2014
February 11, 2014
February's Patch Tuesday is back to business as usual after the light January ...
JackPOS – The House Always Wins
February 11, 2014 | Josh Grunzweig
A new point of sale (POS) malware family could be a jackpot for credit card ...
The Keystone Rocks - Foundation Chips of Pentesting Tips Part 1
February 11, 2014 | Martin Murfitt
The knowledgebase of a penetration tester can be broadly split into two ...
CVE-2014-0050: Exploit with Boundaries, Loops without Boundaries
February 11, 2014 | Oren Hafif
In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and ...
SpiderLabs Radio: February 7, 2014
February 07, 2014
In this episode I talk about a new Adobe zero day in Flash Player, the ...
Microsoft Advance Notification for February 2014
February 06, 2014
***Update as of Monday, February 10, 2014***