www.trustwave.com
Open in
urlscan Pro
52.151.96.240
Public Scan
URL:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-poin...
Submission: On July 04 via api from TR — Scanned from GB
Submission: On July 04 via api from TR — Scanned from GB
Form analysis 8 forms found in the DOM
GET /en-us/search/
<form oninput="autoSuggest(q.value)" method="get" target="_self" action="/en-us/search/" _lpchecked="1" data-hs-cf-bound="true">
<div class=" site-header-search-mobile" id="search-box">
<i class="fe fe-search text-darkest"></i>
<input id="search" value="" type="text" class="form-control" name="q" placeholder="Search trustwave.com" autocomplete="off">
<div id="search-bar">
<ul class="ul-list list-unstyled result-list" id="suggestresults"></ul>
</div>
</div>
</form>GET /en-us/search/
<form method="get" target="_self" action="/en-us/search/" data-hs-cf-bound="true">
<div class="site-header-search-main">
<i class="fe fe-search text-darkest"></i>
<input type="text" class="form-control form-control-lg" id="q" name="q" placeholder="Search trustwave.com">
</div>
</form><form id="navdemo-form" class="modal pt-9" style="max-height:90vh; width:90%; margin:auto 0;" data-hs-cf-bound="true">
<script charset="utf-8" type="text/javascript" src="//js.hsforms.net/forms/embed/v2.js"></script>
<script data-hubspot-rendered="true">
hbspt.forms.create({
region: "na1",
portalId: "21158977",
formId: "92358282-9e9e-4fe6-a21f-c30c1e55336d",
sfdcCampaignId: "7016e0000020JvOAAU"
});
</script>
<div id="hbspt-form-26933305-8fc4-4d3d-9b75-7859fe17d93f" class="hbspt-form" data-hs-forms-root="true"><iframe id="hs-form-iframe-0" class="hs-form-iframe" title="Form 0" scrolling="no" width="100%"
style="position: static; border: none; display: block; overflow: hidden; width: 100%;"></iframe></div>
</form><form id="demo-form" class="modal" data-hs-cf-bound="true">
<script charset="utf-8" type="text/javascript" src="//js.hsforms.net/forms/embed/v2.js"></script>
<script data-hubspot-rendered="true">
hbspt.forms.create({
region: "na1",
portalId: "21158977",
formId: "cfc901a2-eafd-46d4-a988-cdec75f02fd1",
sfdcCampaignId: "7016e0000020JvOAAU"
});
</script>
<div id="hbspt-form-ff9f1ec0-1155-4570-a5d9-f86ca705a68a" class="hbspt-form" data-hs-forms-root="true"><iframe id="hs-form-iframe-1" class="hs-form-iframe" title="Form 1" scrolling="no" width="100%"
style="position: static; border: none; display: block; overflow: hidden; width: 100%;"></iframe></div>
</form><form id="demo-form" class="modal pt-9" style="max-height:90vh; width:90%; margin:auto 0" data-hs-cf-bound="true">
<script charset="utf-8" type="text/javascript" src="//js.hsforms.net/forms/embed/v2.js"></script>
<script data-hubspot-rendered="true">
hbspt.forms.create({
region: "na1",
portalId: "21158977",
formId: "cfc901a2-eafd-46d4-a988-cdec75f02fd1",
sfdcCampaignId: "7016e0000020JvOAAU"
});
</script>
<div id="hbspt-form-ae2f9326-a9a1-44ad-988f-615f7964c4ab" class="hbspt-form" data-hs-forms-root="true"><iframe id="hs-form-iframe-2" class="hs-form-iframe" title="Form 2" scrolling="no" width="100%"
style="position: static; border: none; display: block; overflow: hidden; width: 100%;"></iframe></div>
</form><form id="partner-form" class="modal pt=9" style="max-height:90vh; width:90%; margin:auto 0" data-hs-cf-bound="true">
<script charset="utf-8" type="text/javascript" src="//js.hsforms.net/forms/embed/v2.js"></script>
<script data-hubspot-rendered="true">
hbspt.forms.create({
region: "na1",
portalId: "21158977",
formId: "de7ea1d6-a749-4248-88db-dc813310bec6",
sfdcCampaignId: "7016e0000020A3BAAU"
});
</script>
<div id="hbspt-form-eba29659-c02d-410e-9bbd-76e8d88c329c" class="hbspt-form" data-hs-forms-root="true"><iframe id="hs-form-iframe-3" class="hs-form-iframe" title="Form 3" scrolling="no" width="100%"
style="position: static; border: none; display: block; overflow: hidden; width: 100%;"></iframe></div>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21158977/68741a11-8e56-4f23-ba7f-b2307e77714c
<form id="hsForm_68741a11-8e56-4f23-ba7f-b2307e77714c" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21158977/68741a11-8e56-4f23-ba7f-b2307e77714c"
class="hs-form-private hsForm_68741a11-8e56-4f23-ba7f-b2307e77714c hs-form-68741a11-8e56-4f23-ba7f-b2307e77714c hs-form-68741a11-8e56-4f23-ba7f-b2307e77714c_f1f0a8cd-63f2-41b8-8a92-560784cad801 hs-form stacked"
target="target_iframe_68741a11-8e56-4f23-ba7f-b2307e77714c" data-instance-id="f1f0a8cd-63f2-41b8-8a92-560784cad801" data-form-id="68741a11-8e56-4f23-ba7f-b2307e77714c" data-portal-id="21158977" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-68741a11-8e56-4f23-ba7f-b2307e77714c" class="" placeholder="Enter your " for="email-68741a11-8e56-4f23-ba7f-b2307e77714c"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-68741a11-8e56-4f23-ba7f-b2307e77714c" name="email" placeholder="Business Email" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="SUBSCRIBE"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1688436517454","formDefinitionUpdatedAt":"1674512136291","lang":"en","embedType":"REGULAR","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36","pageTitle":"SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames | Trustwave","pageUrl":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/","isHubSpotCmsGeneratedPage":false,"hutk":"94e3f1e64dd855a0b537b9fc1c7b2105","__hsfp":2241961375,"__hssc":"94548739.1.1688436520761","__hstc":"94548739.94e3f1e64dd855a0b537b9fc1c7b2105.1688436520761.1688436520761.1688436520761.1","formTarget":"#hbspt-form-f1f0a8cd-63f2-41b8-8a92-560784cad801","locale":"en","timestamp":1688436520775,"originalEmbedContext":{"portalId":"21158977","formId":"68741a11-8e56-4f23-ba7f-b2307e77714c","region":"na1","target":"#hbspt-form-f1f0a8cd-63f2-41b8-8a92-560784cad801","isBuilder":false,"isTestPage":false,"isPreview":false,"isMobileResponsive":true},"correlationId":"f1f0a8cd-63f2-41b8-8a92-560784cad801","renderedFieldsIds":["email"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3372","sourceName":"forms-embed","sourceVersion":"1.3372","sourceVersionMajor":"1","sourceVersionMinor":"3372","_debug_allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1688436517619,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames | Trustwave\",\"pageUrl\":\"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1688436517621,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"GB\""},{"clientTimestamp":1688436520771,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"94e3f1e64dd855a0b537b9fc1c7b2105\"}"}]}"><iframe
name="target_iframe_68741a11-8e56-4f23-ba7f-b2307e77714c" style="display: none;"></iframe>
</form><form data-hs-cf-bound="true"></form>Text Content
Trustwave Action Response: Zero Day Vulnerability in Barracuda Email Security
Gateway Appliance (CVE-2023-2868). Learn More
* Contact Us
* Login
Login
Fusion Platform Login
What is the Trustwave Fusion Platform?
* MailMarshal Cloud Login
* Incident Response
Incident Response
EXPERIENCING A SECURITY BREACH?
Get access to immediate incident response assistance.
24 HOUR HOTLINES
* AMERICAS
+1 855 438 4305
* EMEA
+44 8081687370
* AUSTRALIA
+61 1300901211
* SINGAPORE
+65 68175019
Recommended Actions
*
* Services
Services
*
Managed Detection & Response Eradicate cyberthreats with world-class intel
and expertise
*
Managed Security Services Expand your team’s capabilities and strengthen
your security posture
*
Consulting & Professional Services Tap into our global team of tenured
cybersecurity specialists
*
Penetration Testing Subscription- or project-based testing, delivered by
global experts
*
Database Security Get ahead of database risk, protect data and exceed
compliance requirements
*
Email Security & Management Catch email threats others miss with layered
security & maximum control
*
Co-Managed SOC (SIEM) Eliminate alert fatigue, focus your SecOps team,
stop threats fast, and reduce cyber risk
View All Trustwave Services
* Solutions
Solutions
BY INDUSTRY
* Education
* Financial Services
* Government
* Healthcare
* Hotels
* Legal
* Manufacturing
* Retail
BY REGULATION
* Data Privacy
* CMMC
* FISMA
* GDPR
* GLBA
* HIPAA
* ISO
* SOX
BY TOPIC
* Microsoft Exchange Server Attacks Stay protected against emerging threats
* Rapidly Secure New Environments Security for rapid response situations
* Securing the Cloud Safely navigate and stay protected
* Securing the IoT Landscape Test, monitor and secure network objects
* Why Trustwave
Why Trustwave
* The Trustwave Approach A focus on threat detection and response
* Awards and Accolades Recognition by analysts and media outlets
* Trustwave SpiderLabs Team Researchers, ethical hackers and responders
* Trustwave Fusion Platform Unprecedented security visibility and control
* SpiderLabs Fusion Center Our cybersecurity command center
* Security Operations Centers Distributed worldwide defense nodes
* Partners
Partners
* Technology Alliance Partners Key alliances who align and support our
ecosystem of security offerings
* Trustwave PartnerOne Program Join forces with Trustwave to protect against
the most advance cybersecurity threats
* Register
Login
* Resources
Resources
BLOGS
* Trustwave Blog
* SpiderLabs Blog
UPCOMING
* Webinars
* Events
MEDIA & ASSETS
* Document Library
* Video Library
* Analyst Reports
* Webinar Replays
* Case Studies
* Trials & Evaluations
NOTICES
* Security Advisories
* Software Updates
HELP
* Contact
* Support
*
* Request a Demo
Loading...
BLOGS & STORIES
SPIDERLABS BLOG
Attracting more than a half-million annual readers, this is the security
community's go-to destination for technical breakdowns of the latest threats,
critical vulnerability disclosures and cutting-edge research.
SNAPPY: DETECTING ROGUE AND FAKE 802.11 WIRELESS ACCESS POINTS THROUGH
FINGERPRINTING BEACON MANAGEMENT FRAMES
access_timeJune 27, 2023
person_outlineTom Neaves
share
*
*
*
Figure 1. Allow me to summarise this blog post with Lego…
I’ve always had a great love of all things wireless/RF for as long as I can
remember. The ability to send frames/packets of data out into the world (the
airwaves!) for anyone with the right equipment and looking at the right
frequency to pluck them out and reconstruct them - amazing! I am still the proud
owner of both ORiNOCO Gold and Silver PCMCIA cards, these two bad boys defined
wireless hacking back in the early 2000’s.
Now, for probably the first time in nearly two decades, I’ve gone and taken a
blue team defence perspective on something. I didn’t intend on it going this
way, you know how it is with research, never a straight path. I had a hunch
about something, so out came the trusty Alfa cards, with a side order of
Wireshark. The next few hours I’d be knee-deep in wireless Management Frames.
The short version of this blog post is that I’ve found a novel technique to
detect both rogue and fake 802.11 wireless access points through fingerprinting
Beacon Management Frames, and created a tool to do so, called snap.py (Snappy) –
the blog post title doesn’t lie! The long version of this blog post is that I
didn’t start out that way...
I was actually looking into MAC address randomization, namely in mobile devices.
Just to be inclusive of all audiences here, a quick definition on what a MAC
address is, from Wikipedia no less:
“A media access control address (MAC address) is a unique identifier assigned to
a network interface controller (NIC) for use as a network address in
communications within a network segment. This use is common in most IEEE 802
networking technologies, including Ethernet, Wi-Fi, and Bluetooth. Within the
Open Systems Interconnection (OSI) network model, MAC addresses are used in the
medium access control protocol sublayer of the data link layer. As typically
represented, MAC addresses are recognizable as six groups of two hexadecimal
digits, separated by hyphens, colons, or without a separator.
MAC addresses are primarily assigned by device manufacturers, and are therefore
often referred to as the burned-in address, or as an Ethernet hardware address,
hardware address, or physical address. Each address can be stored in hardware,
such as the card's read-only memory, or by a firmware mechanism. Many network
interfaces, however, support changing their MAC address. The address typically
includes a manufacturer's organizationally unique identifier (OUI). MAC
addresses are formed according to the principles of two numbering spaces based
on extended unique identifiers (EUIs) managed by the Institute of Electrical and
Electronics Engineers (IEEE): EUI-48—which replaces the obsolete term MAC-48—and
EUI-64.”
The problem with MAC addresses is that because they are (or were) designed to be
permanent like some kind of device tattoo, privacy issues arise. These addresses
are unique and therefore could be used to tie them to individuals. In turn, you
could then track these devices (the individuals) using 802.11 Probe Requests put
out by the devices, which reference their MAC address.
Vendors came up with a MAC randomization feature back in 2014 in an attempt to
thwart this kind of tracking of mobile devices. Some vendors/phones vary in how
they have been implemented; some will generate new MAC addresses for known
networks after 48 hours (Apple), some will generate new ones on every device
scan, etc. It wasn’t really until Apple turned this option on by default in iOS
14 (not that long ago in 2020) that it started having an impact. On an iPhone
you can find this under ‘Settings’ -> ‘Wi-Fi’ -> select a wireless network ->
‘Private Wi-Fi Address’ option.
My hunch (with my usual red team offensive hat on) was that there is probably a
way to use other things in these frames to identify and track users, other than
using the MAC address. I started looking at my own Probe Requests on some of my
own devices; a selection of iPhone and iPad versions, all with slightly
different iOS versions and generations. I was just eyeballing the frames in
Wireshark and doing a mental ‘diff’ between them all when I spotted a few
things.
The first rule of research club is that surely someone has asked this question
or spotted this stuff before, standing on the shoulders of giants and all that.
Sure enough, down the rabbit hole I went.
I read a great selection of papers on how MAC address randomization had failed
over the years at the hands of security researchers [1], [2], [3], [4], [5],
[6], [7]. Researchers had managed to be creative and use a wealth of things in
these 802.11 Probe Request Frames to track devices attempting to hide, ranging
from timing differences, using and reversing the WPS UUID-E field, to using RF
signal strength. Slightly off topic, but I even stumbled upon one crazy paper
about using Probe Requests to reveal a person’s trajectory [8]. I was kind of
disheartened because it seemed that these researchers had beat me to lots of
things I had in mind and was seeing. That was until I stepped back, without the
phone that is, no trajectory tracing here…
All these researchers (with the exception of one [9]) had gone after Probe
Requests, focusing on the client, which makes sense, because the problem they
have identified and the question they are trying to answer is, can the MAC
randomization be circumvented/reversed to track these clients?
No one is looking at the server, perhaps because they don’t think we have a
problem in this area.
It is only with my pentester hat on that I’m able to ask a slightly different
question, to solve a problem which I know exists in the server realm. Can I
switch my initial approach and those research ideas and apply it to the server,
aka Beacon Frames, sent out by Access Points? With this, can I then use these
things to pick out rogue and fake Access Points?
Let me explain.
The problem users have, especially for those using open wireless networks
(coffee shops, supermarkets, etc.) is that it is too easy for an attacker to
spin up their own Access Point with the same SSID and to have the users connect
to it. The user really doesn’t have any way of knowing they are not on the
legitimate one, especially if the attacker is spoofing the legitimate Access
Point’s MAC address too. WPA2-PSK networks don’t have the same fate because this
attack falls down at the first hurdle because the attacker needs to set the
rogue Access Point up with the same passphrase… and if they know that already,
then they should probably be at the victim’s house and not at the coffee shop.
From a user’s perspective, wouldn’t it be great if we could tell if our local
coffee shop’s wireless Access Point is not the same as when we were last in
there and is a rogue? Furthermore, wouldn’t it be kind of cool to be able to
detect people using airbase-ng, the tool of choice for most fake
(software-based) Access Points? Please forgive me, red team gods.
“You have to let it all go, Neo. Fear, doubt, and disbelief. Free your mind.”
(Thanks Morpheus)
With a spring in my step, I continued on with my research, Alfa cards at the
ready. I pulled a selection of my finest retired/on the bench Access Points out
of the hat and captured Beacon Management Frames from each. I was interested in
how much they varied. I know a thing or two about 802.11 Management Frames from
creating a wireless C2 (called Smuggler) by abusing Information Elements (IE)
tags in them back in 2014. See this blog post for more information on that.
Back to the main event. I needed to identify a number of things (elements,
parameters, tags, etc.) in the Beacon Frame which were both independently and
collectively different between Access Points enough that I could use as some
kind of fingerprint to form a signature. It was, however, important that these
values remained static to themselves and did not change over time, else having
the concept of a signature wouldn’t work.
Figure 2. Tags you’ll likely see inside 802.11 Wireless Beacon Management Frames
Through spending some/a lot of time in Wireshark and scapy, I picked out the
following candidates:
BSSID
SSID
Channel
Country
Supported Rates
Extended Rates
Max Transmit Power
Capabilities
Max_A_MSDU
Vendor (#2)
I concatenate all the above together and make into a SHA256 hash, not unlike a
burrito.
I wanted this to be something useable so I knocked up some code in Python,
making use of scapy for the heavy lifting. Below is a snippet of the code.
Figure 3. A snippet of snap.py code
I call the tool snap.py (Snappy) – making use of the word ‘snap’ (as in
‘snapshot’) for the use of this thing and also not at all/only one time heavily
influenced by the Python file extension ‘.py’ completing things off perfectly.
The concept of using Snappy is about taking snapshots. You rock up to your local
trusted open wireless network you use and you take a ‘snapshot’ of what good
looks like. The caveat is you need to make sure when you’re taking this snapshot
that you don’t snap what bad looks like, that would be bad. Once you have this
snapshot, aka, a SHA256 hash, you store it. You drink your coffee; you get on
with your life. A week later, you rock up, repeat the same exercise, check the
SHA256 hash matches the one you took before. All good? Connect to it. Bad? Get
the latte to go.
Figure 4. Snappy in action, a SHA256 hash created for the wireless access point
Snappy can work either in offline mode (my personal preference) or online/active
mode.
In offline mode, you use airodump-ng or whatever your tool of choice is to get
your Beacon Frames, save as a .cap/.pcap, and you can load it into Snappy.
Snappy will loop through multiple Beacon Frames of different networks if they
exist in the capture file and generate hashes, no problemo!
In online mode, Snappy will report (generate a SHA256 hash) in real time on
Beacon Frames, again, support for multiple networks.
Notice how I used the term ‘report’ in the last sentence? Well, we set out
initially to detect both rogue and fake Access Points. Rogue, ticked. Fake, well
that’s usually the result of airbase-ng to create it at a software level. I
thought it would be nice (please forgive me once again red team gods!) if we
could detect airbase-ng in use.
I reviewed the source code of airbase-ng and also looked at how it in reality
presents itself on the wireless side and came up with a few handpicked things to
formulate a signature once again.
Figure 5. Airbase-ng uses these hardcoded ‘rates’ and ‘extended rates’
Figure 6. Airbase-ng ‘rates’ and ‘extended rates’, plus short slot time, seen on
the wireless side inside the frame
In addition to the normal hash generation, if airbase-ng is detected as
responsible for serving the Access Point, you’ll get an additional “********
AIRBASE-NG DETECTED AT THIS ACCESS POINT ********” message attached under the
signature. So if you see this message at your first snapshot, maybe think about
moving coffee shops going forward.
Figure 7. Snappy running on two wireless access points with airbase-ng being
detected on the second
You can download Snappy here
Hopefully you enjoyed my wireless research and find the tool useful.
Thanks for reading!
REFERENCES
[1] Tomas Bravenec, Joaquin Torres-Sospedra, Michael Gould, Tomas Fryza.
“Exploration of User Privacy in 802.11 Probe Requests with MAC Address
Randomization Using Temporal Pattern Analysis”. June 2022.
[2] Jeremy Martin and Travis Mayberry and Collin Donahue and Lucas Foppe and
Lamont Brown and Chadwick Riggins and Erik C. Rye and Dane Brown. “A Study of
MAC Address Randomization in Mobile Devices and When it Fails”. 2017.
[3] Ivan Vasilevski, Veno Pachovski, Dobre Blaxehevski, Irena Stojmenovska.
“Five Years Later: How Effective Is the MAC Randomization in Practice? The
No-at-All Attack”. 2019.
[4] Ellis Fenske, Dane Brown, Jeremy Martin, Travis Mayberry, Peter Ryan and
Erik Rye. “Three Years Later: A Study of MAC Address Randomization In Mobile
Devices And When It Succeeds”. Proceedings on Privacy Enhancing Technologies;
2021 (3):164-181.
[5] Vanhoef, Mathy and Matte, Celestin and Cunche, Mathieu and Cardoso, Leonardo
S. and Piessens, Frank. "Why MAC Address Randomization is Not Enough: An
Analysis of Wi-Fi Network Discovery Mechanisms". Proceedings of the 11th ACM on
Asia Conference on Computer and Communications Security. 2016. 413-424 (12).
[6] Célestin Matte, Mathieu Cunche, Franck Rousseau, Mathy Vanhoef. “Defeating
MAC Address Randomization Through Timing Attacks”. ACM WiSec 2016, Jul 2016,
Darmstadt, Germany.
[7] Denton Gentry, Avery Pennarun (Google). “Passive Taxonomy of Wifi Clients
using MLME Frame Contents”. 2016.
[8] Abhishek Kumar Mishra, Aline Carneiro Viana, Nadjib Achir. “Do WiFi
Probe-Requests Reveal Your Trajectory?”. HAL Open Science. Dec 2022.
[9] Bandar Alotaibi, K. Elleithy. “A Passive Fingerprint Technique to Detect
Fake Access Points”. 2015.
RELATED SPIDERLABS BLOGS
HONEYPOT RECON: MSSQL SERVER – DATABASE THREAT OVERVIEW '22/'23
SpiderLabs Blog
BRUTE-FORCING BUTTERFLYMX VIRTUAL KEYS AND HACKING TIME LIMITS
SpiderLabs Blog
KILLNET, ANONYMOUS SUDAN, AND REVIL UNVEIL PLANS FOR ATTACKS ON US AND EUROPEAN
BANKING SYSTEMS
SpiderLabs Blog
STAY INFORMED
Sign up to receive the latest security news and trends from Trustwave.
* Leadership Team
* Our History
* News Releases
* Media Coverage
* Careers
* Global Locations
* Awards & Accolades
* Trials & Evaluations
* Contact
* Support
* Security Advisories
* Software Updates
* Legal
* Terms of Use
* Privacy Policy
* Copyright © 2023 Trustwave Holdings, Inc. All rights reserved.
Loading
HELP US STOP THE ROBOT UPRISING
This is a bot-free zone. Please check the box to let us know you're human.
THANK YOU
Download Now
--------------------------------------------------------------------------------
Read complimentary reports and insightful stories in the
Trustwave Resource Center
THANK YOU
One of our sales specialists will be in touch shortly.
--------------------------------------------------------------------------------
Read complimentary reports and insightful stories in the
Trustwave Resource Center
We use cookies to provide you a relevant user experience, analyze our traffic,
and provide social media features. Privacy Policy
GOT IT
PREFERENCE CENTRE
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Confirm My Choices
PREFERENCE CENTRE
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Back Button
PERFORMANCE COOKIES
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Confirm My Choices