SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Privilege Escalation Vulnerability In Lenovo Solution Center (CVE-2016-1876)
May 10, 2016 | Martin Rakhmanov
LevelBlue has reported several issues in Lenovo software in the past. Last week ...
Database Security Knowledgebase Update 5.01
May 10, 2016 | Lolita Chandra
This month's update for Database Security Knowledgebase is now available.
Microsoft Patch Tuesday, May 2016
May 10, 2016 | SpiderLabs Researcher
May's Patch Tuesday is here and brings with it 16 Bulletins with 51 unique ...
Microsoft Patch Tuesday, April 2016
April 12, 2016 | SpiderLabs Researcher
April is here and with it comes a new Patch Tuesday. This month Microsoft is ...
Intercepting SSL And HTTPS Traffic With mitmproxy and SSLsplit
April 01, 2016
Looking for vulnerabilities in mobile applications and smart home devices ...
TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart
March 25, 2016 | Sriram Akurati
Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. ...
Every Tool in the Tool Box
March 22, 2016 | Eric Merritt
Introduction When I teach people about reverse engineering, I often hear the ...
TWSL2016-004: Multiple Cross-Site Scripting (XSS) Vulnerabilities in Magnolia CMS
March 10, 2016 | Michael Yuen
LevelBlue SpiderLabs published an advisory today in conjunction with Magnolia ...
TWSL2016-005: Memory corruption in a third-party component: how to find what’s wrong
March 10, 2016 | Martin Rakhmanov
In continuation of this post: debugging-sap-ase-net-provider-issues/
TWSL2016-003: Sophos Anti-Virus Mac OS X Version Update File Unlinking Vulnerability
March 10, 2016 | Martin Rakhmanov
While researching inter-process communication on Mac OS X, I found a small ...
Massive Volume of Ransomware Downloaders being Spammed
March 09, 2016 | Rodel Mendrez
We are currently seeing extraordinarily huge volumes of JavaScript attachments ...
PoSeidon Completionist
March 08, 2016 | Eric Merritt
Introduction Most gamers have explored every nook and cranny of their favorite ...
Microsoft Patch Tuesday, March 2016
March 08, 2016 | SpiderLabs Researcher
Today is March's Patch Tuesday with 13 bulletins and 39 unique CVEs, which is ...
Data Extraction via String Concatenation in a Blind SQL Injection Vulnerability
March 07, 2016
Day One: In Which The Heavens Part, But Only Slightly A few weeks ago while ...
Angler Takes Malvertising to New Heights
March 04, 2016 | SpiderLabs Researcher
We have just discovered an advertising campaign that has been placing malicious ...
Microsoft Patch Tuesday, February 2016
February 09, 2016 | Karl Sigler
February Patch Tuesday is here with double the number of vulnerabilities that ...
Angler Exploit Kit – Gunning For the Top Spot
February 08, 2016 | Rami Kogan
They say that with great power comes great responsibility. In the world of ...
Base64 versus Plaintext Observations
February 05, 2016 | Chaim Sanders
Recently we have been working on the libmodsecurity project. As part of the ...
Neutrino Exploit Kit Not Responding – Bug or Feature?
February 04, 2016 | Daniel Chechik
A couple of weeks ago we were looking at some exploit kits in one of our lab ...
Sending ModSecurity Logs to MySQL
February 02, 2016 | Chaim Sanders
Previous Work
Microsoft Patch Tuesday, January 2016
January 12, 2016 | SpiderLabs Researcher
It's a new year and with it comes a fresh batch of CVEs. As expected this ...
About CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation
January 07, 2016 | Martin Rakhmanov
SAP released an update for SAP ASE 16.0 and 15.7 that addresses a serious ...
ModSecurity Python Bindings: Parsing ModSecurity rules from Python
December 29, 2015 | Felipe "Zimmerle" Costa
One of the good things about the next generation of ModSecurity, libModSecurity ...
An Overview of the Upcoming libModSecurity
December 28, 2015 | Felipe "Zimmerle" Costa
libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax ...
Neutrino Exploit Kit – One Flash File to Rule Them All
December 28, 2015 | Daniel Chechik
There's been a bit of talk about the Neutrino exploit kit lately, most of it ...
Endless Evasion Racing Game
December 27, 2015 | Rami Kogan
In the past year we have been exploring the Magnitude Exploit Kit - one of the ...
3-in-1 Malware Infection through Spammed JavaScript Attachments
December 22, 2015 | Rodel Mendrez
Recently we've observed a massive uptick of malicious spam with JavaScript ...
Protecting Your Sites from Apache.Commons Vulnerabilities
December 21, 2015
Overview A few weeks ago, FoxGlove Security released this important blog post ...