Live ModSecurity Challenges at Blackhat Arsenal
2 Minute Read
by Ryan Barnett
ModSecurity is participating in the upcoming Blackhat Arsenal Tools Demo next week in Las Vegas.
Details:
When: Wed. Aug 3rd from 1:45 pm - 4:30 pm
Where: POD 1
We will have live demos/challenges running from our kiosk. In addition to the SQL Injection Challenges, we will also have a great XSS Challenge as outlined below.
So if you are going to be at Blackhat, we encourage you to stop by Arsenal and try your hand at bypassing these protections.
XSS Defense with ModSecurity
The purpose of this demo is to show possible XSS defenses by using ModSecurity.
XSS Defense #1: JS Sandbox
This defensive layer uses ModSecurity's Content Injection capability to insert defensive Javascript to the beginning of html responses. This demo uses Eduardo (sirdarckcat) Vela's Active Content Signatures (ACS) code.
Read more about this concept here.
XSS Defense #2: Neutralizing Reflected Payloads
This defensive technique uses ModSecurity rules to look for suspicious inbound payloads reflected back out to clients in the response body.
Read more about using ModSecurity's ability to identify improper output handling flaws here.
If a payload is found, then ModSecurity will use its new data substitution capabilities to alter the outbound html. It will do two things:
- Prepend a JavaScript alert pop-up box warning the user that a security action has been taken on the response payload.
- The malicious payload will be prepended with the HTML
tag thus neutralizing the malicious payload.&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;Here is &lt;a href="http://www.modsecurity.org/demo/demo-deny-noescape.html?test=%3Cinput+onfocus%3Dwrite%281%29+autofocus%3E&amp;disable_xss_defense=on" target="_self"&gt;an example attack with defense&lt;/a&gt;.&lt;/p&gt; &lt;h4&gt;Demo Challenge&lt;/h4&gt; &lt;p&gt;Your challenge is to try and bypass both the JS sandbox and PLAINTEXT protections and successfully execute a reflected XSS attack that executes JS code in your browser. You may toggle On/Off the defenses by checking the boxes in the form below. This will help to facilitate testing of working XSS payloads.&lt;/p&gt; &lt;p&gt;If you are successful, please notify us at any of the following places:&lt;/p&gt; &lt;p&gt;- &lt;a href="http://twitter.com/modsecurity" target=" blank"&gt;@ModSecurity on Twitter&lt;/a&gt;&lt;/p&gt; &lt;p&gt;- &lt;a href="https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set" target="_blank" rel="noopener"&gt;OWASP ModSecurity Core Rule Set Mail-list&lt;/a&gt;&lt;/p&gt; &lt;p&gt;- &lt;a href="https://www.modsecurity.org/tracker/browse/CORERULES" target="_blank" rel="noopener"&gt;Submit bug report to Jira&lt;/a&gt;&lt;/p&gt; &lt;p&gt;&nbsp;&lt;/p&gt; </plaintext></li> </ul></span> </div> </div> <aside class="wrapper-side_content"> <div class="side_content-sticky"> <div class="blog-post-social-share"> <div id="hs_cos_wrapper_module_172236034181117" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div id="module_172236034181117" class="module-share-wrapper default"> <div class="share-text"> Share: </div> <!-- HTML to show when COPY LINK checked --> <div class="share-btn copy-link"> <a href="https://levelblue.com/blogs/spiderlabs-blog/live-modsecurity-challenges-at-blackhat-arsenal" rel="noopener">Copy Link</a> <span class="copied-link">Link Copied</span> </div> <!-- HTML to show when LINKEDIN checked --> <div class="share-btn share-linkedin"> <span style="display: none">v2</span> <a href="https://www.linkedin.com/shareArticle?mini=true&url=https://levelblue.com/blogs/spiderlabs-blog/live-modsecurity-challenges-at-blackhat-arsenal" target="_blank" rel="noopener">LinkedIn</a> </div> <!-- HTML to show when X-TWITTER checked --> <div class="share-btn share-x"> <a href="https://x.com/intent/post?url=&text=https://levelblue.com/blogs/spiderlabs-blog/live-modsecurity-challenges-at-blackhat-arsenal&via=levelbluecyber" target="_blank" rel="noopener">X</a> </div> <!-- HTML to show when FACEBOOK checked --> <div class="share-btn share-facebook"> <a href="https://www.facebook.com/sharer/sharer.php?u=https://levelblue.com/blogs/spiderlabs-blog/live-modsecurity-challenges-at-blackhat-arsenal" target="_blank" rel="noopener">Facebook</a> </div> <!-- HTML to show when RSS checked --> </div> </div> </div> <div class="blog-post-form hide-mobile"> <div id="hs_cos_wrapper_module_17228820340396" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" ><span id="hs_cos_wrapper_module_17228820340396_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text" ><h4>Stay Informed</h4><p>Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.</p></span></div> <div id="hs_cos_wrapper_form" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <span id="hs_cos_wrapper_form_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form" > <div id='hs_form_target_form'></div> </span> </div> </div> <div class="show-mobile mini-post-form"> <div id="promotional-interrupter-module_17228780589192" class="promotional-interrupter text_interrupter"> <div class="text_interrupter_content"> <p>Stay Informed:</p> </div> <a class="btn btn-solid btn-secondary text-white" href="#popupSubscribe" > Subscribe </a> </div> <div id="hs_cos_wrapper_module_17228626314893" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div class="popup-wrapper"></div> <div id="popupSubscribe" class=" popup popup-zoom mfp-hide shadow-xl rounded p-12 mb:p-8 bg-white"> <div class="popup-content"> <h4>Stay Informed</h4><p>Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.</p> </div> <div class="mt-8"> <span id="hs_cos_wrapper_module_17228626314893_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form" ><h3 id="hs_cos_wrapper_form_420570910_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3> <div id='hs_form_target_form_420570910'></div> </span> </div> </div> </div> </div> <div class="blog-post-featured-resources"> <div class="module-blog-featured-resources"> <div class="blog-featured-resource"> <h4 class="eyebrow_label">RESEARCH REPORT</h4> <a href="https://www.trustwave.com/en-us/resources/library/documents/facebook-malvertising-epidemic-unraveling-a-persistent-threat-sys01-part-2/" class="resource_title "> Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 </a> </div> <div class="blog-featured-resource"> <h4 class="eyebrow_label">RESEARCH REPORT</h4> <a href="https://www.trustwave.com/en-us/resources/library/documents/professional-services-threat-briefing-and-mitigation-strategies/" class="resource_title "> 2024 Professional Services Threat Intelligence Brief </a> </div> </div> </div> </div> </aside> </div> <div class="about-content"> <div class="about-authors"> <div class="trustwave-bio"> <h4>ABOUT LEVELBLUE</h4> <p>LevelBlue is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more <a href="https://www.trustwave.com/en-us/company/about-us/">about us</a>.</p> </div> </div> <div class="about-tags"> </div> </div> <div class="latest-blog-post"> <div class="mb-16"> <h2>Latest Intelligence</h2> </div> <div class="latest-blog-content flex"> <div class="blog-entry flex-1"> <a href="/blogs/spiderlabs-blog/microsoft-issues-emergency-patch-for-windows-server-update-services-rce-vulnerability-cve-2025-59287" class="post-title"> <span class="latest-post-image"></span> <span class="post-title-inner">Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287</span> </a> </div> <div class="blog-entry flex-1"> <a href="/blogs/spiderlabs-blog/sharpparty-process-injection-in-c" class="post-title"> <span class="latest-post-image"></span> <span class="post-title-inner">SharpParty: Process Injection in C#</span> </a> </div> <div class="blog-entry flex-1"> <a href="/blogs/spiderlabs-blog/the-cats-out-of-the-bag-a-meow-attack-data-corruption-campaign-simulation-via-mad-cat" class="post-title"> <span class="latest-post-image"></span> <span class="post-title-inner">The Cat's Out of the Bag: A 'Meow Attack' Data Corruption Campaign Simulation via MAD-CAT</span> </a> </div> </div> <div class="related-offerings"> <div id="hs_cos_wrapper_module_17225404242263" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div id="module_17225404242263" class="tw-module tw-related-offerings"> <h3 class="tw-related-offerings__title">Related Offerings</h3> <div class="tw-related-offerings__offerings"> <a class="tw-related-offerings__offering" href="https://www.trustwave.com/en-us/services/penetration-testing/"> Penetration Testing </a> <a class="tw-related-offerings__offering" href="https://www.trustwave.com/en-us/services/consulting-and-professional-services/digital-forensics-and-incident-response/"> Digital Forensics & Incident Response </a> <a class="tw-related-offerings__offering" href="https://www.trustwave.com/en-us/services/threat-intelligence-as-a-service/"> Threat Intelligence as a Service </a> <a class="tw-related-offerings__offering" href="https://www.trustwave.com/en-us/services/threat-hunting/"> Threat Hunting </a> </div> </div> </div> </div> </div> </div> </div> <div class="minified-final-plea dnd-section"> <div class="row-fluid"> <div id="hs_cos_wrapper_module_17228780589192" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div id="promotional-interrupter-module_17228780589192" class="promotional-interrupter text_interrupter"> <div class="text_interrupter_content"> <h4>Discover how our specialists can tailor a security program to fit the needs of <br>your organization.</h4> </div> <a class="btn btn-solid btn-secondary text-white" href="#popupBlog" > Request a Demo </a> </div> </div> <div id="hs_cos_wrapper_module_17228626314893" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div class="popup-wrapper"></div> <div id="popupBlog" class=" popup popup-zoom mfp-hide shadow-xl rounded p-12 mb:p-8 bg-white"> <div class="popup-content"> </div> <div class="mt-8"> <span id="hs_cos_wrapper_module_17228626314893_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form" ><h3 id="hs_cos_wrapper_form_956481023_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3> <div id='hs_form_target_form_956481023'></div> </span> </div> </div> </div> </div> </div> </article> </div> <div id="hs_cos_wrapper_module_169103980660822" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" ><div class="footer-section" id="module_169103980660822"> <div class="container"> <div class="footer-sec-inr"> <div class="footer-box"> <div class="ls-footer"> <div class="ls-footer-inr"> <div class="ls-title"> <div class="ls-title-inr"> <h2> Stay Informed </h2> </div> </div> <div class="footer-content-group"> <div class="footer-form-head"> <h5> Sign up to receive the latest security news and trends straight to your inbox from LevelBlue. </h5> </div> <div class="footer-form"> <span id="hs_cos_wrapper_module_169103980660822_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form" ><h3 id="hs_cos_wrapper_form_835307093_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3> <div id='hs_form_target_form_835307093'></div> </span> </div> </div> </div> </div> <div class="rs-footer"> <div class="rs-footer-inr"> <div class="menu-box"> <div class="menu-box-inr"> <div class="menu-col"> <span id="hs_cos_wrapper_module_169103980660822_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu" ><div id="hs_menu_wrapper_module_169103980660822_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/company/leadership/" role="menuitem" target="_self">Leadership</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/company/our-history/" role="menuitem" target="_self">Our History</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/newsroom/press-releases/" role="menuitem" target="_self">Press Releases</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/newsroom/media-coverage/" role="menuitem" target="_self">Media Coverage</a></li> </ul> </div></span> </div> <div class="menu-col"> <span id="hs_cos_wrapper_module_169103980660822_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu" ><div id="hs_menu_wrapper_module_169103980660822_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/company/careers/" role="menuitem" target="_self">Careers</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/company/contact/" role="menuitem" target="_self">Contact</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/services" role="menuitem" target="_self">View All Services</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/free-trials/" role="menuitem" target="_self">Free Trials</a></li> </ul> </div></span> </div> <div class="menu-col"> <span id="hs_cos_wrapper_module_169103980660822_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu" ><div id="hs_menu_wrapper_module_169103980660822_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/training-and-certification/ " role="menuitem" target="_self">Training &amp; Certification</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/company/support/" role="menuitem" target="_self">Support</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://success.alienvault.com/s/" role="menuitem" target="_blank" rel="noopener">Success Center</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://docs.levelblue.com/documentation" role="menuitem" target="_blank" rel="noopener">Documentation Center</a></li> </ul> </div></span> </div> </div> </div> <div class="social-box"> <ul> <li> <a href="https://www.linkedin.com/company/levelbluecyber/" target="_blank" rel="noopener" ><svg xmlns="http://www.w3.org/2000/svg" version="1.1" x="0px" y="0px" width="22px" height="21px" viewBox="0 0 22 21" style="enable-background: new 0 0 22 21;" xml:space="preserve" xmlns:xlink="http://www.w3.org/1999/xlink"> <path d="M21,21h-4c-0.6,0-1-0.4-1-1v-7c0-0.1,0-0.2-0.1-0.4c0,0,0-0.1-0.1-0.1c0,0,0-0.1-0.2-0.2c-0.1-0.1-0.2-0.2-0.2-0.2 c0,0-0.1,0-0.1-0.1c-0.3-0.1-0.5-0.1-0.7,0c0,0-0.1,0-0.1,0.1c0,0-0.1,0-0.2,0.2c-0.1,0.1-0.2,0.2-0.2,0.2c0,0,0,0.1-0.1,0.1 C14,12.8,14,12.9,14,13v7c0,0.6-0.4,1-1,1H9c-0.6,0-1-0.4-1-1v-7c0-0.9,0.2-1.9,0.6-2.7c0.3-0.8,0.8-1.6,1.5-2.2 c0.6-0.7,1.4-1.2,2.3-1.5c1.6-0.7,3.6-0.8,5.4,0c0.8,0.3,1.6,0.8,2.2,1.5c0.7,0.6,1.2,1.4,1.5,2.3c0.4,0.8,0.6,1.7,0.6,2.6v7 C22,20.6,21.6,21,21,21z M18,19h2v-6c0-0.7-0.1-1.3-0.4-1.9c-0.2-0.7-0.6-1.1-1.1-1.6c0,0-0.1-0.1-0.1-0.1C18,9,17.5,8.7,17,8.4 c-1.4-0.6-2.6-0.6-3.8,0C12.5,8.7,12,9,11.5,9.5c0,0-0.1,0.1-0.1,0.1c-0.5,0.4-0.8,0.9-1,1.5c-0.3,0.7-0.4,1.3-0.4,2v6h2v-6 c0-0.4,0.1-0.8,0.3-1.2c0.1-0.3,0.3-0.6,0.6-0.9c0.3-0.3,0.6-0.5,0.9-0.6c0.8-0.4,1.6-0.4,2.4,0c0.3,0.1,0.6,0.3,0.9,0.6 c0.3,0.3,0.5,0.6,0.6,0.9c0.2,0.4,0.3,0.8,0.3,1.2V19z M10.8,8.8L10.8,8.8L10.8,8.8z"></path> <path d="M5,21H1c-0.6,0-1-0.4-1-1V8c0-0.6,0.4-1,1-1h4c0.6,0,1,0.4,1,1v12C6,20.6,5.6,21,5,21z M2,19h2V9H2V19z"></path> <path d="M3,6C1.3,6,0,4.7,0,3s1.3-3,3-3s3,1.3,3,3S4.7,6,3,6z M3,2C2.4,2,2,2.4,2,3s0.4,1,1,1s1-0.4,1-1S3.6,2,3,2z"></path> </svg> </a> </li> <li> <a href="https://x.com/levelbluecyber" target="_blank" rel="noopener" ><svg xmlns="http://www.w3.org/2000/svg" version="1.1" x="0px" y="0px" width="22px" height="21px" viewBox="0 0 22 21" style="enable-background: new 0 0 22 21;" xml:space="preserve" xmlns:xlink="http://www.w3.org/1999/xlink"> <path d="M21,21h-4c-0.6,0-1-0.4-1-1v-7c0-0.1,0-0.2-0.1-0.4c0,0,0-0.1-0.1-0.1c0,0,0-0.1-0.2-0.2c-0.1-0.1-0.2-0.2-0.2-0.2 c0,0-0.1,0-0.1-0.1c-0.3-0.1-0.5-0.1-0.7,0c0,0-0.1,0-0.1,0.1c0,0-0.1,0-0.2,0.2c-0.1,0.1-0.2,0.2-0.2,0.2c0,0,0,0.1-0.1,0.1 C14,12.8,14,12.9,14,13v7c0,0.6-0.4,1-1,1H9c-0.6,0-1-0.4-1-1v-7c0-0.9,0.2-1.9,0.6-2.7c0.3-0.8,0.8-1.6,1.5-2.2 c0.6-0.7,1.4-1.2,2.3-1.5c1.6-0.7,3.6-0.8,5.4,0c0.8,0.3,1.6,0.8,2.2,1.5c0.7,0.6,1.2,1.4,1.5,2.3c0.4,0.8,0.6,1.7,0.6,2.6v7 C22,20.6,21.6,21,21,21z M18,19h2v-6c0-0.7-0.1-1.3-0.4-1.9c-0.2-0.7-0.6-1.1-1.1-1.6c0,0-0.1-0.1-0.1-0.1C18,9,17.5,8.7,17,8.4 c-1.4-0.6-2.6-0.6-3.8,0C12.5,8.7,12,9,11.5,9.5c0,0-0.1,0.1-0.1,0.1c-0.5,0.4-0.8,0.9-1,1.5c-0.3,0.7-0.4,1.3-0.4,2v6h2v-6 c0-0.4,0.1-0.8,0.3-1.2c0.1-0.3,0.3-0.6,0.6-0.9c0.3-0.3,0.6-0.5,0.9-0.6c0.8-0.4,1.6-0.4,2.4,0c0.3,0.1,0.6,0.3,0.9,0.6 c0.3,0.3,0.5,0.6,0.6,0.9c0.2,0.4,0.3,0.8,0.3,1.2V19z M10.8,8.8L10.8,8.8L10.8,8.8z"></path> <path d="M5,21H1c-0.6,0-1-0.4-1-1V8c0-0.6,0.4-1,1-1h4c0.6,0,1,0.4,1,1v12C6,20.6,5.6,21,5,21z M2,19h2V9H2V19z"></path> <path d="M3,6C1.3,6,0,4.7,0,3s1.3-3,3-3s3,1.3,3,3S4.7,6,3,6z M3,2C2.4,2,2,2.4,2,3s0.4,1,1,1s1-0.4,1-1S3.6,2,3,2z"></path> </svg> </a> </li> <li> <a href="https://www.youtube.com/@levelbluecyber" target="_blank" rel="noopener" ><svg xmlns="http://www.w3.org/2000/svg" version="1.1" x="0px" y="0px" width="22px" height="21px" viewBox="0 0 22 21" style="enable-background: new 0 0 22 21;" xml:space="preserve" xmlns:xlink="http://www.w3.org/1999/xlink"> <path d="M21,21h-4c-0.6,0-1-0.4-1-1v-7c0-0.1,0-0.2-0.1-0.4c0,0,0-0.1-0.1-0.1c0,0,0-0.1-0.2-0.2c-0.1-0.1-0.2-0.2-0.2-0.2 c0,0-0.1,0-0.1-0.1c-0.3-0.1-0.5-0.1-0.7,0c0,0-0.1,0-0.1,0.1c0,0-0.1,0-0.2,0.2c-0.1,0.1-0.2,0.2-0.2,0.2c0,0,0,0.1-0.1,0.1 C14,12.8,14,12.9,14,13v7c0,0.6-0.4,1-1,1H9c-0.6,0-1-0.4-1-1v-7c0-0.9,0.2-1.9,0.6-2.7c0.3-0.8,0.8-1.6,1.5-2.2 c0.6-0.7,1.4-1.2,2.3-1.5c1.6-0.7,3.6-0.8,5.4,0c0.8,0.3,1.6,0.8,2.2,1.5c0.7,0.6,1.2,1.4,1.5,2.3c0.4,0.8,0.6,1.7,0.6,2.6v7 C22,20.6,21.6,21,21,21z M18,19h2v-6c0-0.7-0.1-1.3-0.4-1.9c-0.2-0.7-0.6-1.1-1.1-1.6c0,0-0.1-0.1-0.1-0.1C18,9,17.5,8.7,17,8.4 c-1.4-0.6-2.6-0.6-3.8,0C12.5,8.7,12,9,11.5,9.5c0,0-0.1,0.1-0.1,0.1c-0.5,0.4-0.8,0.9-1,1.5c-0.3,0.7-0.4,1.3-0.4,2v6h2v-6 c0-0.4,0.1-0.8,0.3-1.2c0.1-0.3,0.3-0.6,0.6-0.9c0.3-0.3,0.6-0.5,0.9-0.6c0.8-0.4,1.6-0.4,2.4,0c0.3,0.1,0.6,0.3,0.9,0.6 c0.3,0.3,0.5,0.6,0.6,0.9c0.2,0.4,0.3,0.8,0.3,1.2V19z M10.8,8.8L10.8,8.8L10.8,8.8z"></path> <path d="M5,21H1c-0.6,0-1-0.4-1-1V8c0-0.6,0.4-1,1-1h4c0.6,0,1,0.4,1,1v12C6,20.6,5.6,21,5,21z M2,19h2V9H2V19z"></path> <path d="M3,6C1.3,6,0,4.7,0,3s1.3-3,3-3s3,1.3,3,3S4.7,6,3,6z M3,2C2.4,2,2,2.4,2,3s0.4,1,1,1s1-0.4,1-1S3.6,2,3,2z"></path> </svg> </a> </li> </ul> </div> <div class="footer-bottom"> <div class="footer-bottom-inr"> <div class="ls-bottom"> <div class="bottom-menu"> <span id="hs_cos_wrapper_module_169103980660822_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu" ><div id="hs_menu_wrapper_module_169103980660822_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/legal/" role="menuitem" target="_self">Legal</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/legal/website-terms-of-use/" role="menuitem" target="_self">Terms of Usage</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/legal/privacy-policy/" role="menuitem" target="_self">Privacy Policy</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://levelblue.com/legal/choices-and-controls/" role="menuitem" target="_self">Your Privacy Choices</a></li> </ul> </div></span> </div> </div> <div class="cr-footer"> <div class="footer-copyright"> <p>© Copyright 2025</p> </div> </div> </div> </div> </div> </div> <!--MOBILE CTA BUTTON--> <div id="mobile-cta-button" class="req-demo-mob" style="position:fixed;left:0;display:block"> </div> <!--END MOBILE CTA BUTTON--> <!--POPUP CONTAINER--> <div class="mobile-cta mfp-hide text-base heading-default text-left inherit popup popup-zoom shadow-xl rounded p-12 mb:p-8 bg-white"> <div id="mobile-cta-popup"></div> </div> <!--END POPUP CONTAINER--> </div> </div> </div> </div> </div> </div> <span style="display: none" class="jscheck">true</span> <script src="/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js"></script> <script src="/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/jquery-migrate-1.2.1.js"></script> <script>hsjQuery = window['jQuery'];</script> <!-- HubSpot performance collection script --> <script defer src="/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js"></script> <script defer src="//21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/template_assets/1/81597448358/1765322680543/template_plugins.min.js"></script> <script defer src="//21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/template_assets/1/81597439004/1765322671707/template_main.min.js"></script> <script defer src="//21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/template_assets/1/196857189783/1765322664174/template_child.min.js"></script> <script> var hsVars = hsVars || {}; hsVars['language'] = 'en'; </script> <script src="/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js"></script> <script src="https://21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/module_assets/1/196857189941/1764703949240/module_Global-Header.min.js"></script> <!--[if lte IE 8]> <script charset="utf-8" src="https://js.hsforms.net/forms/v2-legacy.js"></script> <![endif]--> <script data-hs-allowed="true" src="/_hcms/forms/v2.js"></script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: '92358282-9e9e-4fe6-a21f-c30c1e55336d', formInstanceId: '3887', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "<p style=\"text-align: center;\"><strong>Thank You<\/strong><\/p>\n<hr>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/trustwave-blog\/\" rel=\"noopener\">blogs<\/a><\/span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/library\/\" rel=\"noopener\">Resource Library<\/a><\/span>.<\/p>", rawInlineMessage: "<p style=\"text-align: center;\"><strong>Thank You<\/strong><\/p>\n<hr>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/trustwave-blog\/\" rel=\"noopener\">blogs<\/a><\/span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/library\/\" rel=\"noopener\">Resource Library<\/a><\/span>.<\/p>", hsFormKey: "0cefecf2193e2b4f37e7fcf3dfda0b20", css: '', target: '#hs_form_target_form_819070723', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script async> $('.share-btn.copy-link a').on('click', function(e) { e.preventDefault(); e.stopPropagation(); var $tempInput = $('<input>'), $this = $(this); $('body').append($tempInput); $tempInput.val(window.location.href).select(); document.execCommand('copy'); $tempInput.remove(); $this.parent().addClass('copy-indicator'); setTimeout(function(e) { $this.parent().removeClass('copy-indicator'); }, 2000); }); </script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: '68741a11-8e56-4f23-ba7f-b2307e77714c', formInstanceId: '2143', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "Thank you for your email! You will soon receive the Levelblue newsletter", rawInlineMessage: "Thank you for your email! You will soon receive the Levelblue newsletter", hsFormKey: "1b18e8e2e8a1f850010e7a2b32b3789f", css: '', target: '#hs_form_target_form', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: '68741a11-8e56-4f23-ba7f-b2307e77714c', formInstanceId: '7682', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "<p>Thank you for your email! You will soon receive the LevelBlue newsletter<\/p>", rawInlineMessage: "<p>Thank you for your email! You will soon receive the LevelBlue newsletter<\/p>", hsFormKey: "1ec22ae7eac8df2b076c274ad2618f16", css: '', target: '#hs_form_target_form_420570910', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script src="https://21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/module_assets/1/196857189935/1761241856638/module_blog-featured-resources.min.js"></script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: 'be28fb83-5e9f-4da9-8132-5ee9008b9f31', formInstanceId: '6876', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\"><strong>Thank You<\/strong><\/p>\n<p style=\"text-align: center;\">One of our sales specialists will be in touch with you shortly.<\/p>\n<p style=\"text-align: center;\"><img style=\"height: auto; max-width: 100%; width: 258px;\" src=\"https:\/\/21158977.fs1.hubspotusercontent-na1.net\/hubfs\/21158977\/Red%20Line%20Transparent.png\" alt=\"Red Line Transparent\" loading=\"lazy\" width=\"258\" height=\"22\"><\/p>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/trustwave-blog\" rel=\"noopener\">blogs<\/a><\/span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/library\/\" rel=\"noopener\">Resource Library<\/a><\/span>.<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>", rawInlineMessage: "<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\"><strong>Thank You<\/strong><\/p>\n<p style=\"text-align: center;\">One of our sales specialists will be in touch with you shortly.<\/p>\n<p style=\"text-align: center;\"><img style=\"height: auto; max-width: 100%; width: 258px;\" src=\"https:\/\/21158977.fs1.hubspotusercontent-na1.net\/hubfs\/21158977\/Red%20Line%20Transparent.png\" alt=\"Red Line Transparent\" loading=\"lazy\" width=\"258\" height=\"22\"><\/p>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/trustwave-blog\" rel=\"noopener\">blogs<\/a><\/span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/library\/\" rel=\"noopener\">Resource Library<\/a><\/span>.<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>", hsFormKey: "3d80b32b8fbd9e4d6649d84ae205facc", css: '', target: '#hs_form_target_form_956481023', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script> // Function to set a session cookie function setSessionCookie(name, value) { document.cookie = name + "=" + value + "; path=/; SameSite=Lax"; } // Function to get a cookie by name function getCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for (var i = 0; i < ca.length; i++) { var c = ca[i].trim(); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length); } return null; } $(document).ready(function () { // Function to switch themes function changeTheme(theme) { if (theme === 'dark') { $('body').removeClass('light-theme header-fixed').addClass('dark-theme'); setSessionCookie('theme', 'dark'); } else if (theme === 'light') { $('body').removeClass('dark-theme').addClass('light-theme header-fixed'); setSessionCookie('theme', 'light'); } } // Apply saved theme on page load var savedTheme = getCookie('theme'); if (savedTheme) { changeTheme(savedTheme); } // Handle theme change on button click $('a.theme-changer').on('click', function (e) { e.preventDefault(); if ($('body').hasClass('dark-theme')) { changeTheme('light'); } else if ($('body').hasClass('light-theme')) { changeTheme('dark'); } }); // Remove the 'hidden' class to display the content $('article.blog-details-page').removeClass('elem-hidden'); if ($('body').hasClass('light-theme')) { $('body').addClass('blog-detail-template theme-transition'); } else { $('body').addClass('dark-theme blog-detail-template theme-transition'); } }); </script> <script> $(document).ready(function() { // Check if it's a desktop device const isDesktop = window.matchMedia("(min-width: 1024px)").matches; if (isDesktop) { // Desktop: Set up sticky element const $stickyElement = $('.side_content-sticky'); $stickyElement.stick_in_parent({ offset_top: 135, recalc_every: 100 }); function checkStuck() { const style = window.getComputedStyle($stickyElement[0]); if (style.position === 'static') { $stickyElement.removeClass('stuck_elem'); } else { $stickyElement.addClass('stuck_elem'); } } // Optimized scroll listener let ticking = false; $(window).on('scroll', function() { if (!ticking) { window.requestAnimationFrame(function() { checkStuck(); ticking = false; }); ticking = true; } }); } else { // Mobile: Reorganize elements $('.blog-details-metadata').insertBefore('.blog-post-social-share'); } }); </script> <script defer src="https://21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/module_assets/1/196853166508/1764688065900/module_Global-Footer.min.js"></script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: '68741a11-8e56-4f23-ba7f-b2307e77714c', formInstanceId: '6505', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "Thank you for your email! You will soon receive the LevelBlue newsletter", rawInlineMessage: "Thank you for your email! You will soon receive the LevelBlue newsletter", hsFormKey: "f93042854fee9426ec737e45efb0b917", css: '', target: '#hs_form_target_form_835307093', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script> $(document).ready(function() { let windowLocation = window.location.pathname; let contactPageUrls = [ '/en-us/company/contact/', '/en-us/company/global-locations/', '/en-us/company/support/', '/en-us/company/contact/government-support/', '/en-us/company/contact/security-breach/', '/en-us/company/contact/government-security-breach/' ]; let formID = contactPageUrls.includes(windowLocation) ? '361db4f3-34d0-484c-9d02-f28084e99b92' : '0ba582d8-a14e-4ce6-9ec3-def133446115'; if (window.matchMedia('(max-width: 768px)').matches) { hbspt.forms.create({ portalId: "21158977", formId: formID, target: "#mobile-cta-popup" }); } }); </script> <!-- Start of HubSpot Analytics Code --> <script type="text/javascript"> var _hsq = _hsq || []; _hsq.push(["setContentType", "blog-post"]); _hsq.push(["setCanonicalUrl", "https:\/\/levelblue.com\/blogs\/spiderlabs-blog\/live-modsecurity-challenges-at-blackhat-arsenal"]); _hsq.push(["setPageId", "202118667031"]); _hsq.push(["setContentMetadata", { "contentPageId": 202118667031, "legacyPageId": "202118667031", "contentFolderId": null, "contentGroupId": 199456657586, "abTestId": null, "languageVariantId": 202118667031, "languageCode": "en", }]); </script> <script type="text/javascript" id="hs-script-loader" async defer src="/hs/scriptloader/21158977.js"></script> <!-- End of HubSpot Analytics Code --> <script type="text/javascript"> var hsVars = { render_id: "f901a17c-f934-4cec-ac38-87b6894fc546", ticks: 1765348890112, page_id: 202118667031, content_group_id: 199456657586, portal_id: 21158977, app_hs_base_url: "https://app.hubspot.com", cp_hs_base_url: "https://cp.hubspot.com", language: "en", analytics_page_type: "blog-post", scp_content_type: "", analytics_page_id: "202118667031", category_id: 3, folder_id: 0, is_hubspot_user: false } </script> <script defer src="/hs/hsstatic/HubspotToolsMenu/static-1.563/js/index.js"></script> <div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v3.0"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </body> </html></plaintext></li></ul></span></div></div></div></div></div></article></div></div></body></html>