About Lenovo Solution Center 3.3.002 Vulnerabilities (CVE-2016-5249)
June 23, 2016 | Martin Rakhmanov
After patching set of issues reported by Trustwave SpiderLabs last month, ...
Linux Kernel ROP - Ropping your way to # (Part 2)
June 22, 2016 | Vitaly Nikolenko
Introduction In Part 1 of this tutorial, we have demonstrated how to find ...
Microsoft Patch Tuesday, June 2016
June 14, 2016 | SpiderLabs Researcher
June's Patch Tuesday doesn't hold many surprises and is similar to the past ...
Linux Kernel ROP - Ropping your way to # (Part 1)
June 10, 2016 | Vitaly Nikolenko
Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique ...
Zero Day Auction for the Masses
June 09, 2016 | SpiderLabs Researcher
UPDATE: The seller once again lowered their price on the 6th of June to ...
Digging in the Spam Folder
June 03, 2016 | James Antonakos
Introduction Unlike spam that appears in my real-world mailbox, the numerous ...
Suzy’s Phishing Season
May 17, 2016 | Simon Kenin
Although most SWG-related blogs talk about exploit kits and malicious code, ...
Earlier Flaws Revisited: MS Office and PDF Combo Attack
May 16, 2016 | Erwin Balunsat
Recently, we came across a campaign spamming out emails containing both DOC and ...
About SAP ASE DSAM SQL Injection (CVE-2016-4013)
May 11, 2016 | Martin Rakhmanov
SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that ...
Privilege Escalation Vulnerability In Lenovo Solution Center (CVE-2016-1876)
May 10, 2016 | Martin Rakhmanov
LevelBlue has reported several issues in Lenovo software in the past. Last week ...
Database Security Knowledgebase Update 5.01
May 10, 2016 | Lolita Chandra
This month's update for Database Security Knowledgebase is now available.
Microsoft Patch Tuesday, May 2016
May 10, 2016 | SpiderLabs Researcher
May's Patch Tuesday is here and brings with it 16 Bulletins with 51 unique ...
Microsoft Patch Tuesday, April 2016
April 12, 2016 | SpiderLabs Researcher
April is here and with it comes a new Patch Tuesday. This month Microsoft is ...
Intercepting SSL And HTTPS Traffic With mitmproxy and SSLsplit
April 01, 2016
Looking for vulnerabilities in mobile applications and smart home devices ...
TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart
March 25, 2016 | Sriram Akurati
Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. ...
Every Tool in the Tool Box
March 22, 2016 | Eric Merritt
Introduction When I teach people about reverse engineering, I often hear the ...
TWSL2016-004: Multiple Cross-Site Scripting (XSS) Vulnerabilities in Magnolia CMS
March 10, 2016 | Michael Yuen
LevelBlue SpiderLabs published an advisory today in conjunction with Magnolia ...
TWSL2016-005: Memory corruption in a third-party component: how to find what’s wrong
March 10, 2016 | Martin Rakhmanov
In continuation of this post: debugging-sap-ase-net-provider-issues/
TWSL2016-003: Sophos Anti-Virus Mac OS X Version Update File Unlinking Vulnerability
March 10, 2016 | Martin Rakhmanov
While researching inter-process communication on Mac OS X, I found a small ...
Massive Volume of Ransomware Downloaders being Spammed
March 09, 2016 | Rodel Mendrez
We are currently seeing extraordinarily huge volumes of JavaScript attachments ...
PoSeidon Completionist
March 08, 2016 | Eric Merritt
Introduction Most gamers have explored every nook and cranny of their favorite ...
Microsoft Patch Tuesday, March 2016
March 08, 2016 | SpiderLabs Researcher
Today is March's Patch Tuesday with 13 bulletins and 39 unique CVEs, which is ...
Data Extraction via String Concatenation in a Blind SQL Injection Vulnerability
March 07, 2016
Day One: In Which The Heavens Part, But Only Slightly A few weeks ago while ...
Angler Takes Malvertising to New Heights
March 04, 2016 | SpiderLabs Researcher
We have just discovered an advertising campaign that has been placing malicious ...
Microsoft Patch Tuesday, February 2016
February 09, 2016 | Karl Sigler
February Patch Tuesday is here with double the number of vulnerabilities that ...
Angler Exploit Kit – Gunning For the Top Spot
February 08, 2016 | Rami Kogan
They say that with great power comes great responsibility. In the world of ...
Base64 versus Plaintext Observations
February 05, 2016 | Chaim Sanders
Recently we have been working on the libmodsecurity project. As part of the ...
Neutrino Exploit Kit Not Responding – Bug or Feature?
February 04, 2016 | Daniel Chechik
A couple of weeks ago we were looking at some exploit kits in one of our lab ...