SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Microsoft Advance Notification for February 2013
February 07, 2013 | Space Rogue
The Advance Notification of Patch Tuesday from Microsoft has twelve bulletins ...
ModSecurity IIS Updates: Stable Release, Award Recognition and More
February 05, 2013
ModSecurity for IIS Stable Release As part of our recent release of ModSecurity ...
SpiderLabs Radio February 1, 2013 w/ Space Rogue
February 01, 2013
This weeks episode of SpiderLabs Radio hosted by Space Rogue covers The New ...
[Honeypot Alert] Active Probes for Ruby on Rails XML Vulns
January 25, 2013 | Ryan Barnett
In a previous blog post, I outlined some ModSecurity defenses to help protect ...
SpiderLabs Radio January 25, 2013 w/ Space Rogue
January 25, 2013
This weeks episode of SpiderLabs Radio hosted by Space Rogue covers the ...
Owning Windows Networks with Responder 1.7
January 24, 2013
A lot has been happening with Responder lately!
SpiderLabs Crypto Contest - Winner!
January 21, 2013
We have a winner! @TimoHirvonen
SpiderLabs Radio January 18, 2013 w/ Space Rogue
January 18, 2013
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Aaron ...
Defeating AES without a PhD
January 17, 2013 | Dan Crowley
"Cryptography is typically bypassed, not penetrated." – Adi Shamir FAITH IN THE ...
QA w/ SpiderLabs Research: Java 0day CVE-2013-0422
January 16, 2013 | Arseny Levin
Q: What's going on? People are talking about some Java 0daywhich threatens the ...
Microsoft Patch Tuesday, January 2013 - Part II
January 14, 2013 | Robert Foggia
It's now official, there is another bulletin (MS13-008) release for the month ...
SpiderLabs Radio January 11, 2013 w/ Space Rogue
January 11, 2013 | Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. ...
ModSecurity Mitigations for Ruby on Rails XML Exploits
January 10, 2013 | Ryan Barnett
There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML ...
First Java 0day For The Year 2013
January 10, 2013
Today @Kafeine was the first to announce the new Java 0day. This 0day allows an ...
SpiderLabs Crypto Contest - Hints
January 09, 2013
This is a post for those attempting to solve the Crypto contest I introduced a ...
Goodies released with Trustwave SWG Security Update 141
January 08, 2013 | Rami Kogan
As cliché as it may sound, security is done in layers and so, using our generic ...
Microsoft Patch Tuesday, January 2013 – Hot Sauce
January 08, 2013 | Space Rogue
I had lunch today at a great little Cajun restaurant in Chicago called Heaven ...
SpiderLabs Radio January 04, 2013 w/ Space Rogue
January 04, 2013
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. ...
Dissecting a CVE-2012-4792 Payload
January 04, 2013 | Trustwave SpiderLabs
A little while ago I was fortunate enough to get ahold of a sample that was ...
Microsoft Advance Notification for January 2013
January 03, 2013 | Space Rogue
If you were hoping for a nice relaxing Patch Tuesday after the holidays, well, ...
Hacking with Drain Cleaner – Yet Another BitLocker Bypass Technique
January 02, 2013
As hard-wired as any Application Specific Integrated Circuit it seems the ...
Photobucket: An Identity Thief's Playground
January 02, 2013
Photobucket is a popular social media site that acts as gallery and cloud ...
Choppy Regulatory Waters ahead for EU SMEs?
January 02, 2013
There's been a reasonable amount of coverage of the (proposed) data protection ...
Internet Explorer - 2012 Last Minute 0-Day
January 01, 2013 | Rami Kogan
Using Zero Days attacks at end of the year are not the most considerate thing ...
Assessing iOS Applications – setting up a test environment and grabbing low hanging fruit
December 31, 2012
This guide should serve as an introduction for those wishing to get into iOS ...
Be Off the Beaten XPath, Go Blind
December 31, 2012 | Christophe De La Fuente
XPath (XML Path Language) is a language used to query XML documents in order to ...
Wardrive, Raspberry Pi Style!
December 31, 2012 | Videoman
I purchased a Raspberry Pi a few weeks back. I found that I could power it, ...
Teaching Security Self-Defense
December 31, 2012 | Barry O’Connell
My background in IT comes mostly from a nomadic perspective. In my years of IT ...