Detecting A Surveillance State - Part 1 Hardware Implants
March 11, 2014
This is the first in a series of four blog posts that will cover defenses and ...
Touchlogging Part 3 - Final Thoughts
March 11, 2014 | Neal Hindocha
This is the third and final part on the subject of Touchlogging. I do recommend ...
Microsoft Patch Tuesday, March 2014
March 11, 2014
March's Patch Tuesday includes five bulletins, two rated "Critical" and three ...
SpiderLabs Radio: March 7, 2014
March 08, 2014
In this episode we talk about a new Russian rootkit called Uroburos, another ...
Touchlogging Part 2 - Android
March 06, 2014 | Neal Hindocha
This is part two in my Touchlogging series, you can find part one here.
Bloodletting the Arms Race: Using Attacker's Techniques for Defense
March 06, 2014
Submitted by Ziv Mador and Ryan Barnett
Microsoft Advance Notification for March 2014
March 06, 2014
The Microsoft Security release for March will include patches for Windows, ...
Gamut Spambot Analysis
March 04, 2014 | Rodel Mendrez
In this blog post, we'll be describing the functionality of a spamming botnet ...
Touchlogging Part 1 - iOS
March 03, 2014 | Neal Hindocha
Although there have been numerous articles posted, I thought I would write ...
SpiderLabs Radio: February 27, 2014
February 27, 2014
In this episode we talk about the Apple "gotofail" SSL vulnerability, SEA is ...
Look What I Found: Pony is After Your Coins!
February 24, 2014
In our previous episode of "Look What I Found" we detailed our discovery of a ...
SpiderLabs Radio: February 20, 2014
February 21, 2014
In this episode we look at the new Linksys worm dubbed TheMoon, two new ...
Internet Explorer Zero Day: CVE-2014-0322
February 19, 2014 | Rami Kogan
Recently, several security vendors reported about a new IE 0day which affects ...
ModSecurity Advanced Topic of the Week: Detecting Browser Fingerprint Changes During Sessions
February 19, 2014 | Ryan Barnett
This blog post will discuss a section from Recipe 8-5: Detecting Browser ...
Responder 2.0 - Owning Windows Networks part 3
February 18, 2014
The power and flexibility of Responder has grown significantly over the past ...
FAQ: Pony Malware Payload Discovery
February 18, 2014
Our team's discovery of the spoils of yet another instance of Pony 1.9 has kept ...
Wait a minute... that’s not a real JPG!
February 17, 2014 | Richard Wells
When attackers compromise a website and want to harvest credit cards, they need ...
SpiderLabs Radio: February 13, 2014
February 14, 2014
In this episode we look at Facebook's open-sourcing of the Android crypto API ...
“Reversing” Non-Proxy Aware HTTPS Thick Clients w/ Burp
February 14, 2014 | Jonathan Claudius
A little over a month ago, I published a Metasploit auxiliary module for ...
HTTP NTLM Information Disclosure
February 12, 2014 | Justin Cacak
Nmap script that anonymously enumerates remote NetBIOS, DNS, and OS details ...
Microsoft Patch Tuesday, February 2014
February 11, 2014
February's Patch Tuesday is back to business as usual after the light January ...
JackPOS – The House Always Wins
February 11, 2014 | Josh Grunzweig
A new point of sale (POS) malware family could be a jackpot for credit card ...
CVE-2014-0050: Exploit with Boundaries, Loops without Boundaries
February 11, 2014 | Oren Hafif
In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and ...
The Keystone Rocks - Foundation Chips of Pentesting Tips Part 1
February 11, 2014 | Martin Murfitt
The knowledgebase of a penetration tester can be broadly split into two ...
SpiderLabs Radio: February 7, 2014
February 07, 2014
In this episode I talk about a new Adobe zero day in Flash Player, the ...
Microsoft Advance Notification for February 2014
February 06, 2014
***Update as of Monday, February 10, 2014***
Spammers Are Taking Advantage of Your Whitelists by Spoofing Legitimate Brands
February 05, 2014
***EDITOR'S NOTE: The content of this article does not make or imply any claims ...
SpiderLabs Radio: January 30, 2014
January 30, 2014
In this episode we look at a rash of gas pump credit card skimmers, the Syrian ...