SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
SpiderLabs Radio July 26, 2013 w/ Space Rogue
July 26, 2013
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you ...
SpiderLabs Radio July 19, 2013 w/ Space Rogue
July 19, 2013
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you ...
Top Ten Survival Tips for the Dehydrated N00b Zombie Apocalypse at Security Week 2013
July 17, 2013
Just look at the face: it's vacant, with a hint of sadness. Like a drunk who's ...
ModSecurity Advanced Topic of the Week: Mitigating XSS Vulnerabilities Using Targeted CSP Enforcement
July 15, 2013 | Ryan Barnett
Content Security Policy (CSP) Implementation Challenges CSP is an extremely ...
SpiderLabs Radio July 12, 2013 w/ Space Rogue
July 13, 2013
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you ...
Spiders Are Fun!, DEF CON's 21, Come Chat at Black Hat
July 13, 2013
Security week in Las Vegas will be here before we know it. The SpiderLabs team ...
XSS, SQLi in OpenEMR 4.1.1
July 12, 2013
A few tests ago, I came across an OpenEMR install with a weak password for a ...
Microsoft Patch Tuesday, July 2013 - CRITICAL
July 09, 2013 | Space Rogue
This is probably one of the most important Patch Tuesday's we have seen in ...
ModSecurity Advanced Topic of the Week: Detecting Banking Trojan Page Modifications
July 09, 2013
The following blog post is taken from Recipe 10-5: Detecting Banking Trojan ...
SpiderLabs Radio July 5, 2013 w/ Space Rogue
July 06, 2013
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you ...
Custom Native Library Loader for Android
July 05, 2013 | Mike Park
If you read my co-worker Neal Hindocha's recent post "Debugging Android ...
Microsoft Advance Notification for July 2013 – BOOM!
July 05, 2013 | Space Rogue
While you were stuffing your face with hotdogs and potato salad and then ...
Look What I Found: It's a Pony!
July 01, 2013 | Anat (Fox) Davidi
Every once in a while we get to peek into the lion's den, this time we'll be ...
SpiderLabs Radio June 28, 2013 w/ Space Rogue
June 28, 2013
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you ...
Corporate Passwords Part 1
June 28, 2013
With the vast amount of research and content that was done by SpiderLabs for ...
A Friday Afternoon Troubleshooting Ruby OpenSSL... it's a trap!
June 28, 2013 | Jonathan Claudius
Last Friday I was trying out some new code that one of my colleagues wrote to ...
Fake Qantas Spam Campaign Leads to Andromeda Bot Infection
June 26, 2013
If you have booked a flight from Qantas recently, you might be expecting a ...
Digging Into the New Apache Injection Module
June 26, 2013 | Josh Grunzweig
I recently got a chance to dig into a couple variants of the new Apache ...
Exploiting Serialized XSS in Joomla! (return of the undead CVE)
June 26, 2013 | Robert Rowley
While reviewing Joomla! Vulnerabilities I felt a glitch in the matrix. Deja vu ...
Old Exploits Still Do the Trick
June 24, 2013 | Daniel Chechik
We are all aware that patching is very important. Many websites, however, take ...
Welcome to the Spider’s Lair
June 24, 2013
"Will you step into my parlor?" said the spider to the fly; "'Tis the prettiest ...
Debugging Android Libraries using IDA
June 22, 2013 | Neal Hindocha
During a recent test, I encountered a native JNI library used by an Android ...
The Problem With Networks .....
June 21, 2013 | David Kirkpatrick
Where do I start with this open-ended statement? I guess from a pen testing ...
SpiderLabs Radio June 21, 2013 w/ Space Rogue
June 21, 2013
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you ...
Wendel's Small Hacking Tricks - Microsoft SQL Server Edition
June 20, 2013 | Wendel Guglielmetti Henrique
Since 2003 a large part of my workday has been devoted solely to hacking ...
CBC-R: It's not just for padding oracles!
June 20, 2013
This is the short, technical version of a technique that I'll be writing more ...
[Honeypot Alert] Inside the Attacker's Toolbox: Webshell Usage Logging
June 19, 2013 | Ryan Barnett
In a previous blog post, we discussed the common lifecycle of web server botnet ...
Discovering BMW Car Systems: Getting Started
June 17, 2013 | Bruno Oliveira
Since I love both (in)security and cars, it is not uncommon for me to mix those ...