SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Security Capture the Flag Competitions
June 24, 2012 | John Hoopes
Many people look at capture the flag competitions with varying reactions. Some ...
I Forgot Your Password
June 24, 2012 | Chris Vinecombe
I'm now going into my second year in application security, and as I learn more ...
Five E-Commerce Security Myths (Part 1)
June 23, 2012 | Marc Bown
Compromises of e-commerce websites are increasingly common. In our 2012 Global ...
Five E-Commerce Security Myths (Part 2)
June 23, 2012
In part 1 of this series I gave an introduction into how most merchants accept ...
CVSS for Penetration Test Results (Part I)
June 22, 2012 | Tim Maletic
Trustwave has been adding support for the Common Vulnerability Scoring System ...
Internet Explorer Vulnerabilities Gone Wild
June 20, 2012 | Anat (Fox) Davidi
It's a busy time for Internet Explorer: Patch Tuesday addressed quite a few ...
Metasploit = tips, tricks, hashes and tokens
June 20, 2012
Metasploit is one of the many tools that can be used during a penetration test, ...
[Honeypot Alert] PHP-CGI Vuln Targeted For Database Dumping
June 19, 2012 | Ryan Barnett
Thanks to my SpiderLabs Research colleague @claudijd for collaborating with ...
ModSecurity and OWASP CRS Updates Available
June 15, 2012 | Ryan Barnett
Security Fix Release: ModSecurity v2.6.6 The ModSecurity Development Team has ...
Using Nmap to Screenshot Web Services
June 14, 2012 | Ryan Linn
As part of Trustwave SpiderLabs network penetration testing team, I perform ...
Introducing CryptOMG
June 12, 2012 | Andrew Jordan
CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic ...
Microsoft Patch Tuesday: RDP - Keep on Knockin' But You Can't Come In
June 12, 2012
Another month, another Patch Tuesday. This one has seven bulletins three of ...
MySQL/MariaDB: Trade You a Banana for Root Access?
June 12, 2012 | Jonathan Claudius
Summary
The Return of Zuc.A and and Ancient OSX Viruses?
June 11, 2012 | Space Rogue
A few weeks ago I caught a tweet from Chris Wysopal (@WeldPond) noticing how ...
Zap(ped) into Foca(s)
June 08, 2012 | Theresa
An external penetration test isn't just about the network addresses to pwn, but ...
Analyzing PDF Malware - Part 3A
June 08, 2012 | Ryan Merritt
When we last left our heroes…
Discussions on Targeted Attacks
June 06, 2012
Even though targeted attacks performed by groups such as LulzSec and Anonymous ...
Dynamic DAST/WAF Integration: Realtime Virtual Patching
June 05, 2012 | Ryan Barnett
At the recent OWASP AppSecDC conference, I presented on this topic. I received ...
Rogue Certificates Set on Flame
June 05, 2012 | Rami Kogan
It was only a matter of time before we felt Flame's aftershock. Yesterday ...
Dynamic DAST/WAF Integration: Realtime Virtual Patching
June 05, 2012 | Ryan Barnett
At the recent OWASP AppSecDC conference, I presented on this topic. I received ...
Now IronSpider - Go hard or Go home, I'm an Ironman!
June 04, 2012 | SpiderLabs Researcher
Probably in the same period I started at Trustwave SpiderLabs I decided to ...
iOS Application Security: Review of Top 50 Free iPad Apps [Part 2 of 2]
June 01, 2012
The View From The Top Isn't Much Better
Defeating Flame String Obfuscation with IDAPython
June 01, 2012 | Josh Grunzweig
Like many other security research firms, SpiderLabs Research has been actively ...
Oracle Databases, a Penetration Tester’s View of Unauthorized Access to Customer Records
May 31, 2012 | David Kirkpatrick
When penetration-testing you get to see lots of seemingly unbelievable security ...
[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Credit Card Validation Scripts
May 31, 2012 | Ryan Barnett
In our previous blog post "Inside the Attacker's Toolbox: Botnet Web Attack ...
Putting Out the Flame
May 30, 2012 | SpiderLabs Researcher
There's a lot of buzz going around in the security field about a big piece of ...
Sakura Exploit Kit 1.1
May 29, 2012 | Moshe Basanchig
Even though it's sometimes easy to forget that there are exploit kits other ...
iOS Application Security: Top 50 Free iPad Apps - The View From The Top Isn’t Much Better [Part 1 of 2]
May 25, 2012
Hello. I'm Tom Neaves. I recently joined SpiderLabs as a Senior Security ...