Exploiting Users By Non-technical Means; or, “S Users Do”
September 18, 2012 | Barry O’Connell
Numerous technical articles emerge each day about the latest vulnerabilities, ...
Chat server fuzzing, Part 1. The Beginning
September 14, 2012 | Art Dahnert
This article (along with subsequent articles) will cover the journey I've taken ...
No, the Internet Does Not ‘Just Work’
September 12, 2012 | Space Rogue
The recent GoDaddy DNS outage illustrates that the Internet does not just work ...
Microsoft Patch Tuesday September 2012 – Update those Certs!
September 11, 2012
As we mentioned last week there are only two patches this month! Not to mention ...
Vulnerability Spidey Sense - Demystifying PenTesting Intuition
September 10, 2012 | Chris Vinecombe
In Louisville, Kentucky next month at Derbycon, Daniel Crowley and I will be ...
PenTesting: From Low Risk Issues to Sensitive Data Compromising
September 07, 2012 | Bruno Oliveira
Yes, I imagine you are probably tired to see blog posts about "real-world" ...
Microsoft Advanced Notification for September 2012 - Bad News, Good News
September 06, 2012 | Space Rogue
Microsoft has released its Advanced Notification for September 2012. The bad ...
Getting a Start in the Security Industry
September 06, 2012 | Nate Sanders
This has been a fairly common topic over the last year and I've seen plenty of ...
Hackers and Media Hype: Big Hacks that Never Really Happened
September 05, 2012 | Space Rogue
If you combine the dictionary definitions for 'media' and 'hype' you come up ...
CryptOMG Walkthrough - Challenge 1
September 05, 2012
It has been about 3 months since CryptOMG was released and I will start going ...
Phishing Evolves: Rogue IVRs
August 30, 2012
As someone who's worked in the financial industry for years, I'm fascinated by ...
The Patsy Proxy: Getting others to do your dirty work
August 30, 2012 | Dan Crowley
Patsy (slang) - A person easily taken advantage of, cheated, blamed, or ...
Client-side Payload - The Brazilian Way.
August 29, 2012 | Wendel Guglielmetti Henrique
My name is Wendel Guglielmetti Henrique, and I'm a senior security consultant ...
WAF Normalization and I18N
August 29, 2012 | Ryan Barnett
Submitted By Breno Silva Pinto and Ryan Barnett
TWSL2012-019: Cross-Site Scripting Vulnerability in Support Incident Tracker
August 29, 2012 | Robert Foggia
Trustwave SpiderLabs has published a new advisory today for a Cross-Site ...
Backward Compatibility Plays to Malware’s Hands
August 29, 2012 | Moshe Basanchig
Maintaining backward compatibility in software products is hard. Technology ...
How to Get the Most Out of a PenTest
August 29, 2012 | Nathan Drier
Being a PenTester for Trustwave Spiderlabs, I work with a huge amount of ...
Stripe-CTF Walkthrough
August 29, 2012 | Ryan Linn
I had the opportunity to do the Stripe-CTF (Capture The Flag) contest this past ...
How Antivirus Saved the Day…Sort of.
August 28, 2012 | Josh Grunzweig
Recently, I found myself in a common situation—helping a comrade in our ...
It's a sunny (zero) day for Java
August 27, 2012 | SpiderLabs Researcher
Java exploits have been used for distributing malware for a while. See for ...
PTJ Undermines Your Blinky Light Box
August 27, 2012
So, you just bought that fancy new box with the blinky lights that's supposed ...
All Your Password Hints Are Belong to Us
August 22, 2012 | Jonathan Claudius
This past weekend I ended up coming into the SpiderLabs office and "nerded out" ...
DEF CON 20: French Fry, Pizza, or Rotten Apples?
August 21, 2012
If you currently do a search online for a female's perspective about DEF CON, ...
Microsoft Patch Tuesday August 2012 – Staying Alive In Gale Crater
August 14, 2012 | Space Rogue
As you install the nine updates that came out of Microsoft this month, five of ...
Poems from The Palms
August 13, 2012 | Martin Murfitt
SpiderLabs gathered for its annual meeting in Las Vegas recently. Though no ...
One Factor, Two Factor, Three Factor, More
August 07, 2012
There has been a lot of talk online today about how Matt Honan, a reporter for ...
Stamping Out Hash Corruption, Like a Boss
August 07, 2012 | Jonathan Claudius
Have you ever dumped LM and NTLM password hashes from a Windows system using ...
TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow sFlow Analyzer
July 28, 2012 | Robert Foggia
The SpiderLabs team at Trustwave published a new advisory today, which details ...