SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Hacking Hotels via Smart Stationary Bikes: How Unsecured Gym Equipment Can Lead to RCE
April 29, 2026 | John Lopez
Stay Informed
Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.
Maximizing Value: How Companies and Pentesters Can Achieve More Together
April 15, 2025 | Elijah Seymour, Rohit Kapur, Stephen Komal, Mark Stanislav (Fullstory)
A closer look at the collaborative efforts between Stroz Friedberg and ...
We’re All in This Together: The Case for Purple Teaming
February 21, 2025 | Aidan Barrington
Why should you consider a purple team? What can you gain from it, and how do ...
The Invisible Battleground: Essentials of EASM
April 22, 2024 | David Broggy
Know your enemy – inside and out. External Attack Surface Management tools are ...
DUALITY: Advanced Red Team Persistence Through Self-Reinfecting DLL Backdoors for Unyielding Control
February 12, 2024 | Faisal Tameesh
This blog post introduces the concept of DUALITY, which is a methodology and ...
Restricted Admin Mode – Circumventing MFA On RDP Logons
November 15, 2023 | Apurva Goenka
This blog post demonstrates the use of Restricted Admin mode to circumvent MFA ...
New Burp Suite Extension: BlazorTrafficProcessor
July 20, 2023 | Will Rabb
Pentesting web applications that use Blazor server comes with unique ...
Introducing D-Modem: A software SIP modem
October 29, 2021 | Dan Bastone
Connect to dialup modems over VoIP using SIP, no modem hardware required.
Missing Critical Vulnerabilities Through Narrow Scoping
September 16, 2021 | John Anderson
The typical process when scoping a penetration test is to get a list of targets ...
Cyber Secure Select: Protecting High-Net-Worth Individuals
June 28, 2021 | Faisal Tameesh
A behind the scenes look at an Executive Vulnerability Assessment.
Red Team Case Study: Bypassing CloudFlare WAF for Successful OGNL Injection
April 17, 2020 | Faisal Tameesh
Bypassing CloudFlare's WAF to exploit an OGNL injection vulnerability in a red ...