FinSpy Mobile - Configuration and Insight
September 27, 2012 | Josh Grunzweig
A couple of weeks ago, Citizen Lab announced the discovery of the mobile ...
Getting in with the Proxmark 3 and ProxBrute
September 26, 2012
As a member of the Physical Security team here at SpiderLabs, some of my job ...
Oops, I pwned your router - Part Two
September 26, 2012
In the last blog post, "Opps I pwned your router Part One", I talked about some ...
Guidance for firms using the NetAccess N-1000
September 26, 2012 | Jonathan Werrett
SpiderLabs' Incident Response team has recently seen credit card fraud ...
Hey, I just met you, and this is crazy, but here's my hashes, so hack me maybe?
September 25, 2012
Those familiar with password cracking know that KoreLogic's rule set for John ...
Did I do that? (PenTest Faux Pas)
September 25, 2012
Many times, in the course of explaining what I do to others that are unfamiliar ...
JSON Hijacking Demystified
September 24, 2012 | Rohini Sulatycki
JavaScript Object Notation (JSON) is a language and platform independent format ...
CVSS for Penetration Test Results (Part II: Attack Sequences)
September 24, 2012 | Tim Maletic
CVSS needs to be extended to accommodate combinations of vulnerabilities. The ...
Wherever you come from, you can meet BeEF
September 24, 2012
This year I've been very busy in terms of conferences, and ...
Analysing X-Cart Compromises
September 24, 2012 | Marc Bown
Recently I've found myself performing a lot of forensic examinations of X-Cart ...
The First Few Months of Penetration Testing: What they don't teach you in School
September 24, 2012 | Alex Fernandez-Gatti
I entered into school with the hope and dream of someday entering into the ...
Web Application Defense: Bayesian Attack Analysis
September 20, 2012
Regular Expressions for Input Validation If your web application defensive ...
Oracle DBMS_Scheduler Fun on Windows!
September 20, 2012
So, last time I showed how to get a Unix reverse shell up and running just by ...
The New Zero-Day in Internet Exploder (Oops… Explorer)
September 20, 2012 | Rami Kogan
The ride on the rollercoaster called the web security world never stops and ...
Exploiting Users By Non-technical Means; or, “S Users Do”
September 18, 2012 | Barry O’Connell
Numerous technical articles emerge each day about the latest vulnerabilities, ...
Chat server fuzzing, Part 1. The Beginning
September 14, 2012 | Art Dahnert
This article (along with subsequent articles) will cover the journey I've taken ...
No, the Internet Does Not ‘Just Work’
September 12, 2012 | Space Rogue
The recent GoDaddy DNS outage illustrates that the Internet does not just work ...
Microsoft Patch Tuesday September 2012 – Update those Certs!
September 11, 2012
As we mentioned last week there are only two patches this month! Not to mention ...
Vulnerability Spidey Sense - Demystifying PenTesting Intuition
September 10, 2012 | Chris Vinecombe
In Louisville, Kentucky next month at Derbycon, Daniel Crowley and I will be ...
PenTesting: From Low Risk Issues to Sensitive Data Compromising
September 07, 2012 | Bruno Oliveira
Yes, I imagine you are probably tired to see blog posts about "real-world" ...
Microsoft Advanced Notification for September 2012 - Bad News, Good News
September 06, 2012 | Space Rogue
Microsoft has released its Advanced Notification for September 2012. The bad ...
Getting a Start in the Security Industry
September 06, 2012 | Nate Sanders
This has been a fairly common topic over the last year and I've seen plenty of ...
Hackers and Media Hype: Big Hacks that Never Really Happened
September 05, 2012 | Space Rogue
If you combine the dictionary definitions for 'media' and 'hype' you come up ...
CryptOMG Walkthrough - Challenge 1
September 05, 2012
It has been about 3 months since CryptOMG was released and I will start going ...
Phishing Evolves: Rogue IVRs
August 30, 2012
As someone who's worked in the financial industry for years, I'm fascinated by ...
The Patsy Proxy: Getting others to do your dirty work
August 30, 2012 | Dan Crowley
Patsy (slang) - A person easily taken advantage of, cheated, blamed, or ...
Client-side Payload - The Brazilian Way.
August 29, 2012 | Wendel Guglielmetti Henrique
My name is Wendel Guglielmetti Henrique, and I'm a senior security consultant ...
WAF Normalization and I18N
August 29, 2012 | Ryan Barnett
Submitted By Breno Silva Pinto and Ryan Barnett