SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Important Security Defenses to Help Your CISO Sleep at Night
May 20, 2024 | David Broggy
This is Part 13 in my ongoing project to cover 30 cybersecurity topics in 30 ...
How to Create the Asset Inventory You Probably Don't Have
May 13, 2024 | David Broggy
This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 ...
Protecting Zion: InfoSec Encryption Concepts and Tips
April 29, 2024 | David Broggy
This is Part 9 in my ongoing project to cover 30 cybersecurity topics in 30 ...
The Invisible Battleground: Essentials of EASM
April 22, 2024 | David Broggy
Know your enemy – inside and out. External Attack Surface Management tools are ...
EDR – The Multi-Tool of Security Defenses
April 22, 2024 | David Broggy
This is Part 8 in my ongoing project to cover 30 cybersecurity topics in 30 ...
The Secret Cipher: Modern Data Loss Prevention Solutions
April 15, 2024 | David Broggy
This is Part 7 in my ongoing project to cover 30 cybersecurity topics in 30 ...
Remote Desktop Event Log Analysis: Variations In Logging For Event ID 1029
January 22, 2024 | Sergey Gorbov
This blog covers Stroz Friedberg’s novel research and analysis of Remote ...
Restricted Admin Mode – Circumventing MFA On RDP Logons
November 15, 2023 | Apurva Goenka
This blog post demonstrates the use of Restricted Admin mode to circumvent MFA ...
New Burp Suite Extension: BlazorTrafficProcessor
July 20, 2023 | Will Rabb
Pentesting web applications that use Blazor server comes with unique ...
Amazon Web Services: Exploring the Cost of Exfil
October 06, 2022 | Andre Maccarone and John Ailes
Using a free and easily accessible tool for Amazon Web Services ("AWS"), ...
Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities
December 10, 2021 | SpiderLabs Researcher
Updates: Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, ...
Introducing D-Modem: A software SIP modem
October 29, 2021 | Dan Bastone
Connect to dialup modems over VoIP using SIP, no modem hardware required.
Missing Critical Vulnerabilities Through Narrow Scoping
September 16, 2021 | John Anderson
The typical process when scoping a penetration test is to get a list of targets ...
Cobalt Strike Configuration Extractor and Parser
August 27, 2021 | Noah Rubin
Cobalt Strike Beacons continue to be the norm for persistence, lateral ...
Cyber Secure Select: Protecting High-Net-Worth Individuals
June 28, 2021 | Faisal Tameesh
A behind the scenes look at an Executive Vulnerability Assessment.
Office 365 Best Practices: 7 Steps to Mitigating Business Email Compromise
February 24, 2021 | Carly Battaile, Alex Parsons and Miranda Skar
Microsoft’s Office 365 is an increasingly popular email solution for ...
Finding More IDORs – Tips and Tricks
February 12, 2021 | Max Corbridge
A collection of useful tips, tricks, and techniques for discovering IDORs.
Still Scanning IP Addresses You’re Doing it Wrong
July 02, 2020 | John Anderson
The traditional approach to a vulnerability scan or penetration test is to find ...
Exploring Solidity’s Model Checker
May 13, 2020 | Eric Rafaloff
This blog post aims to be an exploration of how Solidity’s model checker works, ...
Introducing Windows Exploit Suggester
July 11, 2014 | Sam Bertram
A tool to detect potential missing patches on Windows hosts and obtain a list ...
HTTP NTLM Information Disclosure
February 12, 2014 | Justin Cacak
Nmap script that anonymously enumerates remote NetBIOS, DNS, and OS details ...
Wardrive, Raspberry Pi Style!
December 31, 2012 | Videoman
I purchased a Raspberry Pi a few weeks back. I found that I could power it, ...
Automated Padding Oracle Attacks With PadBuster
September 14, 2010 | Brian Holyfield
An automated script for performing Padding Oracle attacks.
Paper on passive information gathering
February 11, 2004
TechicalInfo.Net is an excellent resource for Web Security information. Gunter ...