SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Getting Terminal Access to a Cisco Linksys E-1000
December 31, 2012 | Jonathan Claudius
Over the past couple weeks, I've been spending a lot of time hacking on various ...
SpiderLabs Radio December 28, 2012 w/ Space Rogue
December 28, 2012
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. ...
SpiderLabs Radio December 21, 2012 w/ Space Rogue
December 21, 2012
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. ...
Simple Ciphers, and a little SpiderLabs Crypto Contest
December 20, 2012
Millions have died and millions have been saved because of cryptography. There ...
Fraud, Passwords, and Pwnage on the Interwebz
December 19, 2012 | Therese Mendoza
This past weekend I was lucky enough to attend Microsoft's BlueHat Conference ...
Setting HoneyTraps with ModSecurity: Project Honeypot Integration
December 18, 2012
Following up my previous blog post which outlined how to activate additional ...
Finding Zero Days Reading Your Mind in the Year 2052
December 18, 2012 | Trustwave SpiderLabs
A number of months ago, I was approach by the organizers of TEDxNaperville to ...
Setting HoneyTraps with ModSecurity: Unused Web Ports
December 17, 2012 | Ryan Barnett
This blog post will show an easy configuration update that you can make to your ...
You down with LNK?
December 15, 2012 | Nathan Drier
Oftentimes on an Internal pen test, I find myself with a limited-privilege ...
PCAP Files Are Great Arn't They??
December 15, 2012 | David Kirkpatrick
One of the most important skills in anyone's armory responsible for looking ...
Abusing the Android Debug Bridge
December 14, 2012
The android debug bridge (or ADB for short) is a valuable tool, it is what ...
SpiderLabs Radio December 14, 2012 w/ Space Rogue
December 14, 2012
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. ...
My 5 Top Ways to Escalate Privileges
December 13, 2012 | Bruno Oliveira
During a penetration test, rarely will the tester get access to a system with ...
Abusing SAP Servers
December 13, 2012 | Joaquim Espinhara da Silva Neto
During some recent penetration tests I have noticed that large companies have ...
The Dexter Malware: Getting Your Hands Dirty
December 13, 2012 | Josh Grunzweig
A very interesting piece of malware that targets Point of Sale systems has ...
[Honeypot Alert] Turning Local File Inclusion into Reflected Code Execution
December 12, 2012 | Ryan Barnett
Which web application attack type is more severe: Local File Inclusion (LFI) or ...
Microsoft Patch Tuesday, December 2012 – 99 Bottles of Beer on the Wall
December 11, 2012 | Space Rogue
The head of Trustwave SpiderLabs Nicholas Percoco has had an unusual goal this ...
How to Hack and Not Get Caught
December 11, 2012 | Tim Maletic
The following thoughts on internal network penetration strategies are drawn ...
Class 101 - Automating the process of fingerprinting Web Applications and Identifying Vulnerabilities.
December 08, 2012 | Wendel Guglielmetti Henrique
First of all, this blog post is not for Web Application experts, instead I will ...
[Honeypot Alert] SQL Injection Scanning Detected in WordPress Error Logs
December 07, 2012 | Ryan Barnett
Normally for these Web Honeypot alert blog posts, I show snippets of the Apache ...
SpiderLabs Radio December 7, 2012 w/ Space Rogue
December 07, 2012
We are back with a third (new) episode of SpiderLabs Radio hosted by Space ...
Microsoft Advance Notification for December 2012
December 06, 2012 | Space Rogue
Next week is Patch Tuesday, so this week we get the advance notification for ...
Blackberry OS 10 BlackLists Batman and PoohBear
December 06, 2012 | Space Rogue
A Blackberry oriented website in the UK was the first to notice an interesting ...
CCCDC Blue Teams vs Corporate Blue Team Comparision
December 06, 2012 | Ryan Linn
This weekend was the Community College Cyber Defense competition at Iowa State ...
Proxmark 3, now with more Android
December 03, 2012
It's no secret; I'm a fan of the Proxmark 3 RFID testing board. It's a device ...
[Honeypot Alert] SQL Injection Scanning Targeting Joomla Plugins
December 03, 2012 | Ryan Barnett
The following SQL Injection attack payloads targeting Joomla components were ...
The Return of SpiderLabs Radio: Now with Space Rogue
November 30, 2012
The SpiderLabs podcast known as SpiderLabs Radio has gone through many ...
[Honeypot Alert] User-Agent Field XSS Attacks
November 29, 2012 | Ryan Barnett
Our web honeypots picked up some more XSS attacks today: