SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Reading between the lines: Harvesting Credit Cards from ISO8583-1987 Traffic
May 25, 2012 | Solomon Bhala
Having investigated cardholder data security breaches for a few years now, I ...
Connecting the Dots w/ PenTest Manager
May 24, 2012
We are evolving how the penetration testing industry reports vulnerabilities. ...
“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 2 of 5)
May 22, 2012 | SpiderLabs Researcher
This is the second blog in this series of blogs. The previous blog provided a ...
HULK vs. THOR - Application DoS Smackdown
May 18, 2012
SpiderLabs Research Team Contributions from:
About me, myself and BeEF
May 17, 2012 | Antisnatchor
Hello followers of SpiderLabs Anterior.
[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Web Attack Scripts
May 17, 2012 | Ryan Barnett
Have you ever wondered what script/code/tool was behind the automated web ...
Too XXE For My Shirt
May 16, 2012 | Dan Crowley
Until tonight, I'd never gotten a chance to try an xml external entity (XXE) ...
“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 4 of 5)
May 15, 2012 | SpiderLabs Researcher
This is the fourth part in a series of blogs. The prior blogs describe the ...
“Catch Me If You Can” Trojan Banker Zeus Strikes Again (Part 1 of 5)
May 15, 2012 | SpiderLabs Researcher
In the next series of blogs we will describe in detail an attack from one of ...
It Takes Two to Tango (myself, and your unprotected file share)
May 11, 2012 | Nathan Drier
BananaStand learned from last time (to see last time, go here ). Systems were ...
THOTCON 0x3 - Hacker Brew Contest
May 08, 2012 | Ryan Merritt
This year's instantiation of the THOTCON hacking conference issued a unique ...
Bypass Vulnerabilities in Squid and McAfee Web Access Gateway
May 08, 2012 | Jonathan Claudius
About two weeks ago, a Brazilian security researcher by the name of Gabriel ...
PHP-CGI Exploitation by Example
May 08, 2012 | Jonathan Claudius
Late last week, a vulnerability in PHP-CGI was disclosed, which allows all ...
Microsoft Patch Tuesday: Help Is On The Way!
May 08, 2012
This may sound a bit odd but "nosteve" who usually gives his take on the patch ...
TWSL2012-004: Multiple Vulnerabilities in Zen Cart
May 08, 2012 | Robert Foggia
The SpiderLabs team at Trustwave published a new advisory yesterday, which ...
[Honeypot Alert] (UPDATE) Active Exploit Attempts for PHP-CGI Vuln
May 07, 2012 | Ryan Barnett
UPDATE - we have received more exploit attempt details from web hosting ...
A Wild Exploit Kit Appears... Meet RedKit
May 02, 2012 | Arseny Levin
During our research we have recently encountered a new private exploit kit. The ...
Recent Mass SQL Injection Payload Analysis
May 01, 2012 | Ryan Barnett
There have been a number of mass SQL Injection campaigns targeting ...
RedKit Payload - Binary Fun
May 01, 2012 | Josh Grunzweig
Before I jump into this blog post, I'd like to point out some interesting ...
Update from Trustwave SpiderLabs EMEA, London
April 29, 2012
It was a hectic week in London. In case you hadn't heard its was InfoSec Europe ...
Brazilian Banking Malware: Pay Your Bill Slacker!
April 26, 2012
I recently got wind of an interesting little sample that I believe originated ...
WordPress 3.3.2 Addresses Setup XSS Vulnerabilities
April 25, 2012 | Jonathan Claudius
Back in January we released a security advisory for WordPress, which included ...
Pwning a Spammer's Keylogger
April 25, 2012 | Rodel Mendrez
Recently, while scrounging around our spam traps, I spotted this ordinary piece ...
Winning! PenTest Manager pwns SC Europe Innovation Award
April 25, 2012
We Won! :-) Thanks to all the hard work of the Trustwave's Engineering teams, ...
Once Again Cutwail Spam Campaign Ends Up In Phoenix Exploit Kit
April 23, 2012 | Daniel Chechik
In the past few months, a certain cybercrime group operates a large stable ...
Come and Join Us at InfoSecurity
April 23, 2012 | Ziv Mador
This week we will be presenting and speaking at InfoSecurity, Europe's No.1 ...
TWSL2012-012: Cross-Site Scripting Vulnerability in Support Incident Tracker
April 21, 2012 | Robert Foggia
LevelBlue SpiderLabs has published a new advisory today for a reflective ...
SC Magazine Innovation Award Finalist - Trustwave SpiderLabs PenTest Manager
April 20, 2012
PenTest Manager, the cutting edge penetration test management and reporting ...