Multiple Vulnerabilities in NETGEAR Routers
February 07, 2018 | Martin Rakhmanov
Last year I discovered multiple vulnerabilities in NETGEAR products. Now that ...
Multiple Vulnerabilities in WD MyCloud
February 01, 2018 | Martin Rakhmanov
While performing security research on personal storage I found some ...
Inspecting Encrypted Network Traffic with JA3
February 01, 2018 | Bryant Smith
Part of our job as security researchers is keeping up with new tools and ...
ModSecurity - News and Commercial Rules Update
January 23, 2018 | Victor Hora
Over the past few months there has been a lot going on with ModSecurity. There ...
ModSecurity Version 3.0 Announcement
January 10, 2018 | Felipe "Zimmerle" Costa
libModSecurity aka ModSecurity version 3.0 is out there. libModSecurity starts ...
Microsoft Patch Tuesday, January 2018
January 09, 2018
Happy 2018 everyone! January's Patch Tuesday will ease you into the new year ...
BrickerBot mod_plaintext Analysis
December 19, 2017 | Simon Kenin
A week ago, the author of BrickerBot claimed that they retired and published ...
CHM Badness Delivers a Banking Trojan
December 18, 2017 | Rodel Mendrez
Like good old Microsoft Office Macros, Compiled HTML (CHM) Help files have been ...
Sneaky .BAT File Leads to Spoofed Banking Page
December 13, 2017 | Nicholas Ramos
If you thought using BAT files was an old hat, think again. While monitoring ...
Microsoft Patch Tuesday, December 2017
December 12, 2017
Today marks the last Microsoft Patch Tuesday of 2017 and, with only 34 CVEs ...
Simplifying Password Spraying
December 01, 2017 | Jacob Wilkin
As a penetration tester, attaining Windows domain credentials are akin to ...
Using Buildroot for Security Research of IoT and Other Embedded Systems
November 22, 2017 | Martin Rakhmanov
These days many vendors, like IoT vendors, use Linux running on top of ARM CPU ...
Helping to Secure your PostgreSQL Database
November 17, 2017 | Christopher Bielinski
When big high-tech companies like Apple, Red Hat and Cisco use PostgreSQL in ...
Microsoft Patch Tuesday, November 2017
November 14, 2017
It's that time of the month again for Microsoft updates. November's Patch ...
Denial of Service Vulnerability in Brother Printers
November 06, 2017
A vulnerability in the web front-end of Brother printers (called Debut) allows ...
The Complexity amidst Simplicity: Exploiting the MS Office DDE Feature
October 31, 2017 | Nicholas Ramos
Albert Einstein once said, "Out of Complexity, Find Simplicity" but it also ...
An Easy Introduction to Steganography
October 26, 2017 | Jesus Olguin
Some time ago, a person reached out to Trustwave to get answers regarding some ...
ModSecurity Web Application Firewall - Commercial Rules Update(4)
October 18, 2017 | Victor Hora
We have recently released new commercial rules for ModSecurity Web Application ...
Locky Part 2: As the Seasons Change so is Locky
October 12, 2017 | Homer Pacag
It's that time of year when the seasons are changing. The Northern Hemisphere ...
Microsoft Patch Tuesday, October 2017
October 10, 2017
October is here and brings with it patches for 62 CVEs and a handful of ...
Post-Soviet Bank Heists: A Hybrid Cybercrime Study
October 09, 2017
Today we are publishing a SpiderLabs Advanced Threat Report that details a ...
Reviewing Ethereum Smart Contracts
September 27, 2017 | Eric Rafaloff
This article examines the similarities between traditional code review and ...
Introducing Burplay, A Burp Extension for Detecting Privilege Escalations
September 15, 2017 | SpiderLabs Pen Testing LAC
The seventh entry on the most recent OWASP Top 10 release (from 2013, due to ...
ModSecurity Web Application Firewall - Commercial Rules Update (3)
September 14, 2017 | Victor Hora
We have released new commercial rules for ModSecurity Web Application Firewall ...
Linux Based Inter-Process Code Injection Without Ptrace (2)
September 05, 2017 | Rory McNamara
This article shows a technique to inject code into a Linux process without ...
ModSecurity version 3.0.0 first release candidate
August 30, 2017 | Victor Hora
Recently we announced the first release candidate for libModSecurity (also as ...
The Spam, JavaScript and Ransomware Triangle
August 29, 2017 | Dr. Fahim Abbasi
Authors: Dr. Fahim Abbasi and Nicholas Ramos
Cuckoo Linux Subsystem: Some Love for Windows 10
August 25, 2017 | Gerald Carsula
I normally use Linux for my malware analysis lab machine. But, recently, I got ...