SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
An Analysis of a Fake Vodafone Bill PDF File
November 29, 2012
We haven't come across many malicious PDF files recently in our spam traps, so ...
Detecting Successful XSS Testing with JS Overrides
November 29, 2012 | Ryan Barnett
Do you know when an attacker or security researcher successfully finds a ...
Microsoft Patch Tuesday, November 2012 – Lions and Tigers and RCE, Oh My!
November 13, 2012 | Space Rogue
I feel some compassion for those system administrators alongthe East Coast of ...
CVE-2012-4969 and the Unnamed Admin Panel
November 13, 2012 | Moshe Basanchig
While CVE-2012-4969 isn't new, we are still curious about the various ways this ...
Microsoft Advanced Notification for November 2012 - RCE, Yikes!
November 08, 2012 | Space Rogue
Microsoft has released its advance notification for next weeks Patch Tuesday ...
CWE the Vote
November 06, 2012
It's a nice, sunny day in Cleveland, my friends. Tonight, after the votes are ...
TWSL2012-016: Multiple Vulnerabilities in Bitweaver
October 24, 2012 | Robert Foggia
The LevelBlue SpiderLabs team has published a new advisory for multiple ...
Introducing Responder-1.0
October 24, 2012
Responder is a multi threaded tool that answers to IPv4 LLMNR (Link-local ...
Worm Propagates Through Skype Messages
October 12, 2012 | Rodel Mendrez
For the past week, we've received a lot of reports of a worm that propagates ...
mDNS - Telling the world about you (and your device)
October 10, 2012
Luiz Eduardo ( @effffn) and Rodrigo Montoro ( @spookerlabs ) have presented ...
Microsoft Patch Tuesday, October 2012 – Legend of Zelda Edition
October 09, 2012
Hope you enjoyed last months light patch Tuesday with only two bulletins as ...
Microsoft Advanced Notification for October 2012 – Lync, SQL, Headache
October 05, 2012
Microsoft has released its Advanced Notification for October 2012. After last ...
The Grey Line Between Feature and Vulnerability, iOS edition
October 02, 2012 | Mike Park
I do a lot of Mobile Application Penetration testing for some of our largest ...
James Bond's Dry Erase Marker: The Hotel PenTest Pen
October 01, 2012
You may have seen the talk and demonstration by Cody Brocious that allows him ...
Announcing the availability of ModSecurity extension for Nginx
September 28, 2012 | Ryan Barnett
ModSecurity for Nginx ModSecurity for Nginx is a web server plug-in for the ...
Using Mobile Applications for attacking Web Applications
September 28, 2012 | Joaquim Espinhara da Silva Neto
This simple blog post was motivated by my desire to look at some mobile ...
Smart Phone + Mail Server = Location Tracking
September 28, 2012
My last two posts have touched on the privacy perspective in relation tomobile ...
Good things happen when Forensics and Malware Analysis work together.
September 28, 2012 | Grayson Lenik
The SpiderLabs Incident Response team worked a case earlier this year where ...
Trustwave SpiderLabs in Africa
September 28, 2012
Africa. The land of origin; the original unknown.
Update from Trustwave SpiderLabs EMEA
September 28, 2012
Europe, Middle East and Africa consists of around 120 countries depending on ...
Adding Anti-CSRF Support to Burp Suite Intruder
September 28, 2012 | Ulisses Alburquerque
In the web application penetration testing industry, Burp Suite is considered a ...
FinSpy Mobile - Configuration and Insight
September 27, 2012 | Josh Grunzweig
A couple of weeks ago, Citizen Lab announced the discovery of the mobile ...
Oops, I pwned your router - Part Two
September 26, 2012
In the last blog post, "Opps I pwned your router Part One", I talked about some ...
Getting in with the Proxmark 3 and ProxBrute
September 26, 2012
As a member of the Physical Security team here at SpiderLabs, some of my job ...
Guidance for firms using the NetAccess N-1000
September 26, 2012 | Jonathan Werrett
SpiderLabs' Incident Response team has recently seen credit card fraud ...
Hey, I just met you, and this is crazy, but here's my hashes, so hack me maybe?
September 25, 2012
Those familiar with password cracking know that KoreLogic's rule set for John ...
Did I do that? (PenTest Faux Pas)
September 25, 2012
Many times, in the course of explaining what I do to others that are unfamiliar ...
JSON Hijacking Demystified
September 24, 2012 | Rohini Sulatycki
JavaScript Object Notation (JSON) is a language and platform independent format ...