ModSecurity Advanced Topic of the Week: JSON Support
May 02, 2014 | Ryan Barnett
Submitted by Felipe Costa and Ryan Barnett (SpiderLabs Research - ModSecurity ...
Lnk files in Email Malware Distribution
May 02, 2014
Recently I have noticed more use of .lnk files used in malware distribution via ...
SpiderLabs Radio: April 24, 2014
April 25, 2014
In this episode:
Privilege Escalation Vulnerability in Cisco ASA's SSL VPN
April 25, 2014
Trustwave SpiderLabs security researcher Jonathan Claudius has discovered a ...
NetSupport Information Leakage Using Nmap Script
April 23, 2014 | David Kirkpatrick
NetSupport allows corporations to remotely manage and connect to PC's and ...
SpiderLabs Radio: April 17, 2014
April 18, 2014
In this episode:
Trustwave Analysis of the April 2014 Oracle CPU for Databases
April 17, 2014 | Alex Kaluski
The 17th of April fell this week, which means it is Oracle Critical Patch ...
Announcing ModSecurity v2.8.0
April 16, 2014 | Ryan Barnett
SpiderLabs Radio: April 10, 2014
April 10, 2014
In this episode I bid a fond farewell to Windows XP; Microsoft patches that RTF ...
Detecting A Surveillance State - Part 3 Infected Firmware
April 09, 2014
In this third installment of Detecting A Surveillance State blog series I will ...
Farewell to XP
April 09, 2014 | woodbusy
As Karl noted in his Patch Tuesday post, yesterday was the last day of support ...
Capturing Ghosts: Using inotify to defeat an Android DRM system
April 09, 2014 | Mike Park
Apart from our typical application penetration testing engagements, clients ...
Microsoft Patch Tuesday, April 2014
April 08, 2014
April's Microsoft Patch Tuesday is on par with the prior releases this year. ...
Microsoft Advance Notification for April 2014
April 03, 2014 | Robert Foggia
The Microsoft April security release is almost upon us with security updates ...
SpiderLabs Radio: April 3, 2014
April 03, 2014
In this episode I talk about GMail making HTTPS mandatory, a move some people ...
Microsoft Word RTF 0-Day (CVE-2014-1761)
April 03, 2014 | Trustwave SpiderLabs
A zero-day vulnerability in Microsoft Word involving the handling of the RTF ...
Stupid Spammer Tricks – Multi-Character Set Text
March 31, 2014 | Brian Bebeau
Looking to refinance your house? Install solar panels? Hey, this email about ...
Old School Code Injection in an ATM .dll
March 31, 2014 | Christophe De La Fuente
During our last ATM review engagement, we found some interesting executable ...
Wendel's Small Hacking Tricks - The Annoying NT_STATUS_INVALID_WORKSTATION.
March 31, 2014 | Wendel Guglielmetti Henrique
Since 2003 a large part of my workday has been devoted solely to hacking ...
An Intro to NetSupport Manager Scripts
March 31, 2014 | David Kirkpatrick
On a recent gig I was hit with hundreds of hosts running a service on port TCP ...
[Honeypot Alert] JCE Joomla Extension Attacks
March 26, 2014 | Ryan Barnett
Our web honeypots picked up some increased exploit attempts for an old Joomla ...
SpiderLabs Radio: March 20, 2014
March 20, 2014
In this episode we talk about the Windigo malware campaign, how a ...
Google Summer of Code (GSoC) + OWASP + ModSecurity = Awesome
March 20, 2014 | Bryant Smith
OWASP is again participating in the Google Summer of Code (GSoC) Program for ...
Detecting A Surveillance State - Part 2 Radio Frequency Exfiltration
March 18, 2014 | Robert Rowley
In the last post we reviewed a few hardware implants that may have been used by ...
ColdFusion Admin Compromise Analysis (CVE-2010-2861)
March 18, 2014 | Ryan Barnett
In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion ...
SpiderLabs Radio: March 13, 2014
March 13, 2014
In this episode we talk about Microsoft Patch Tuesday providing patches for an ...
WordPress XML-RPC PingBack Vulnerability Analysis
March 12, 2014 | Ryan Barnett
There were news stories this week outlining how attackers are abusing the ...
Deep Analysis of CVE-2014-0502 – A Double Free Story
March 12, 2014 | Ben Hayak
A lot has already been said about CVE-2014-0502, the Adobe Flash Player ...