SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
SpiderLabs Radio for the Week of February 23, 2015
March 06, 2015
In this week's episode:
Attackers concealing malicious macros in XML files
March 06, 2015 | Rodel Mendrez
XML files are harmless text files right? Wrong! The group behind the malicious ...
[Honeypot Alert] FHS Null Byte Attack (CVE-2014-6287) Attempts to Install DDoS Malware (Iptablex)
February 25, 2015 | Ryan Barnett
Our web honeypots picked up some exploit attempts for CVE-2014-6287 which is a ...
RIG Exploit Kit – Diving Deeper into the Infrastructure
February 23, 2015
Following our previous blog post about the leaking of the RIG exploit kit's ...
SpiderLabs Radio for the Week of February 16, 2015
February 20, 2015
Unfortunately there will be no SpiderLabs Radio podcast this week. I've ...
AppDetectivePRO and DbProtect Knowledgebase Update 4.46
February 19, 2015 | Trustwave SpiderLabs
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now ...
SpiderLabs Radio for the Week of February 9, 2015
February 13, 2015
In this week's episode:
Announcing ModSecurity v2.9.0 Stable Release
February 12, 2015 | Ryan Barnett
The SpiderLabs Research - ModSecurity Team is proud to announce the stable ...
TWSL2015-001 and TWSL2015-002: New Advisories Affect IceWarp Mail Server and Magnolia CMS
February 12, 2015
The SpiderLabs team at Trustwave published two new advisories today which ...
RIG Exploit Kit Source Code Leak - The End or Just the Beginning of RIG?
February 12, 2015 | Trustwave SpiderLabs
Recently, source code for the RIG exploit kit was leaked. An independent ...
Microsoft Patch Tuesday, February 2015
February 10, 2015
Today marks Microsoft's February Patch Tuesday release and it's a pretty big ...
Stealing RubyGems API Keys during Post Exploitation
February 06, 2015 | Jonathan Claudius
Between April and May of 2013, I presented at SOURCE Boston and THOTCON and ...
Bamboo, Flexibility and Vulnerability Disclosure: Trustwave SpiderLabs’ Updated Guidelines
February 06, 2015 | Karl Sigler
Trustwave is proud to announce an updated vulnerability disclosure policy. In ...
The SpiderLabs blog will move to the Trustwave domain this week
February 04, 2015 | Trustwave SpiderLabs
In the coming days, the SpiderLabs blog will move-in to its new home within the ...
A New Zero-Day of Adobe Flash CVE-2015-0313 Exploited in the Wild
February 03, 2015 | Ben Hayak
Just yesterday Adobe announced a zero-day vulnerability in Adobe Flash Player ...
SpiderLabs Radio for the Week of January 26, 2015
February 02, 2015
In this week's episode:
GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
January 30, 2015 | Ryan Barnett
A heap-based buffer overflow vulnerability in glibc (CVE-2015-0235) was ...
SpiderLabs Radio for the Week of January 19, 2015
January 25, 2015
In this week's episode:
A New Zero-Day of Adobe Flash is used by the Prevalent Angler Exploit Kit in the Wild
January 22, 2015
Just yesterday, security researcher Kafeine discovered a zero-day vulnerability ...
JSON Crypto Helper a Ruby-based Burp Extension for JSON Encryption/Decryption - Part III
January 21, 2015 | Christophe De La Fuente
This is the third in a three-part series about how to write a simple Ruby ...
JSON Crypto Helper a Ruby-based Burp Extension for JSON Encryption/Decryption - Part II
January 20, 2015 | Christophe De La Fuente
This is the second post in a three-part series about how to write a simple Ruby ...
JSON Crypto Helper a Ruby-based Burp Extension for JSON Encryption/Decryption - Part I
January 19, 2015 | Christophe De La Fuente
Burp Suite is one of my favorite tools when performing security assessments of ...
SpiderLabs Radio for the Week of January 12, 2015
January 18, 2015
In this week's episode we discuss Responsible Vulnerability Disclosure in the ...
Microsoft Patch Tuesday, January 2015
January 13, 2015
Happy New Year and welcome to the first Microsoft Patch Tuesday of 2015. This ...
SpiderLabs Radio for the Week of January 5, 2015
January 10, 2015
In this week's episode:
Deobfuscating Malicious Macros Using Python
January 08, 2015 | Rodel Mendrez
Over the past few weeks, we've observed cybercriminals spamming users, ...
No Country For Old Vulnerabilities
December 31, 2014 | Robert Rowley
Finding a common cross-site scripting vulnerability in Cisco's new IOS Software ...
Building my own personal password cracking box
December 31, 2014 | Wendel Guglielmetti Henrique
Since 2003, I've spent a majority of my workdays hacking systems. I've ...