SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
2025 Trustwave Risk Radar Report: Top Cyber Threats Targeting the Manufacturing Sector
February 26, 2025
2025 Trustwave Risk Radar Report Unveils Top Cyber Threats to Manufacturing: ...
Cracking the Giant: How ODAT Challenges Oracle, the King of Databases
January 27, 2025 | Karl Biron
In the past decade, Oracle Database (Oracle DB) has reigned supreme in the ...
Emerging Risks in Third-Party AI Solutions and How to Help Address Them
December 04, 2024 | Scott Swanson and Kris Kimmerle
As the cyber threat landscape changes due the introduction of new threat ...
Lessons from a Honeypot with US Citizens’ Data
November 13, 2024 | Radoslaw Zdonczyk and Nikita Kazymirskyi
Prior to last week’s US Presidential Election, the Trustwave SpiderLabs team ...
The Mounted Guest EDR Bypass
November 11, 2024 | Colin Meek
The Mounted Guest EDR Bypass is a tactic used in cyber attacks to evade ...
How Threat Actors Conduct Election Interference Operations: An Overview
October 18, 2024 | Pauline Bolaños
The major headlines that arose from the three most recent US presidential ...
Bypassing EDR through Retrosigned Drivers and System Time Manipulation
September 13, 2024 | Zachary Reichert
The Retrosigned Driver EDR Bypass is a novel modification of a technique ...
Exploring an Experimental Windows Kernel Rootkit in Rust
September 09, 2024
Around two years ago, memN0ps took the initiative to create one of the first ...
Hypervisor Development in Rust for Security Researchers (Part 1)
September 06, 2024
In the ever-evolving field of information security, curiosity and continuous ...
Responding to the CrowdStrike Outage: Implications for Cyber and Technology Professionals
July 19, 2024
This client alert provides an overview of the current global IT outage that is ...
Cracking Into Password Requirements
April 16, 2024 | Ethan Wilkins
This blog post discusses new hashcat rule sets designed to crack passwords with ...
Financially Motivated Criminal Group Targets Telecom, Technology & Manufacturing
September 20, 2023 | Stroz Friedberg DFIR
This client advisory provides an overview of techniques and tactics attributed ...
Mac systems turned into proxy exit nodes by AdLoad
August 10, 2023 | Fernando Martinez
AdLoad malware is still infecting Mac systems years after its first appearance ...
Command Injection and Buffer Overflow in Multiple Sharp NEC Displays
July 06, 2022 | Howard McGreehan
CVE-2021-20698, CVE-2021-20699: Command Injection and Buffer Overflow ...
Command Injection in Multiple Snap One Araknis Networks Products
June 07, 2022 | Howard McGreehan
CVE-2021-40144, CVE-2021-40844, CVE-2021-42661: Command Injection ...
Yours Truly, Signed AV Driver: Weaponizing an Antivirus Driver
February 26, 2022 | Eduardo Mattos and Rob Homewood
In 2021, Stroz Friedberg observed novel indicators of compromise (IOCs) and a ...
Introducing D-Modem: A software SIP modem
October 29, 2021 | Dan Bastone
Connect to dialup modems over VoIP using SIP, no modem hardware required.
CVE-2021-1825: Inadequate Input Encoding in WebKit
October 25, 2021 | Alex Camboe
In August 2020, Stroz Friedberg discovered and reported to Apple an issue ...
Missing Critical Vulnerabilities Through Narrow Scoping
September 16, 2021 | John Anderson
The typical process when scoping a penetration test is to get a list of targets ...
PRISM attacks fly under the radar
August 23, 2021 | Fernando Dominguez
LevelBlue SpiderLabs has recently discovered a cluster of Linux ELF executables ...
Unauthenticated XXE in Multiple Mitsubishi Electric Air Conditioner Control Systems
July 06, 2021 | Howard McGreehan
CVE-2021-20595: Unauthenticated XXE affecting multiple Mitsubishi Electric Air ...
Red Team Case Study: Bypassing CloudFlare WAF for Successful OGNL Injection
April 17, 2020 | Faisal Tameesh
Bypassing CloudFlare's WAF to exploit an OGNL injection vulnerability in a red ...
CVE-2020-2551: Unauthenticated RCE In Oracle WebLogic
February 04, 2020
Unauthenticated Remote Code Execution in IIOP protocol via Malicious JNDI ...
Remote Code Execution and other Vulnerabilities in WS_FTP Server
September 18, 2019 | Dan Bastone and Devon Greene
CVE-2019-12143, CVE-2019-12144, CVE-2019-12145, CVE-2019-12146: Multiple ...
Hyper-V’s Guest/Host Attack Surface: A Quick Look
August 20, 2019 | Drew Noel
An overview of Hyper-V’s guest/host communications and attack surface.
Unauthenticated Remote Code Execution In Kentico CMS
April 15, 2019 | Manoj Cherukuri
CVE-2019-10068: RCE as Administrator via deserialization vulnerability in ...
Remote Code Execution In BlogEngine.NET
March 28, 2019 | Dustin Cobb
CVE-2019-6714: RCE via path traversal in BlogEngine.NET 3.3.6.0.
CUPS Local Privilege Escalation And Sandbox Escapes
July 11, 2018 | Dan Bastone
CVE-2018-4180, CVE-2018-4182, CVE-2018-4183, CVE-2018-6553, CVE-2018-4181: ...