Introducing ModSecurity Status Reporting
January 28, 2014 | Felipe "Zimmerle" Costa
The Trustwave SpiderLabs Research team is committed to making ModSecurity the ...
ModSecurity Advanced Topic of the Week: HMAC Token Protection
January 24, 2014 | Ryan Barnett
This blog post presents a powerful feature of ModSecurity v2.7 that has been ...
SpiderLabs Radio: January 23, 2014
January 23, 2014 | Admin
In this episode I sit down with Grayson Lenik, a forensic expert for Trustwave ...
10,000 Litecoins Worth $230,000 USD Were Stolen!
January 22, 2014 | Ben Hayak
Newspapers, commentators and bloggers have lately been asking whether digital ...
Beware! Bats hide in your jQuery!
January 20, 2014 | Admin
Injection of malicious code into JavaScript files is not new; however, we ...
What Dirty Little Secrets You Find on eBay
January 17, 2014 | Videoman
So I do networking (computers and wifi things) at a number of security ...
Trustwave Analysis of the January 2014 Oracle CPU
January 16, 2014 | Admin
It's the second Tuesday in January, so it is Oracle Critical Patch Update (CPU) ...
SpiderLabs Radio: January 16, 2014
January 16, 2014 | Admin
In this episode:
Microsoft Patch Tuesday, January 2014
January 14, 2014 | Admin
Hopefully January's Patch Tuesday is a sign of things to come for 2014. With ...
Setting HoneyTraps with ModSecurity: Adding Fake HTML Comments
January 14, 2014 | Admin
This blog post continues with the topic of setting " HoneyTraps" within your ...
SpiderLabs Radio: January 10, 2014
January 12, 2014 | Admin
In this week's podcast we talk about malware offered up in onlines ads, the ...
SAP Sybase ASE 15.7 security updates
January 10, 2014 | Martin Rakhmanov
SAP Sybase Adaptive Server Enterprise is a relational database management ...
Microsoft Advance Notification for January 2014
January 09, 2014 | Admin
Microsoft is scheduled to release the next security update for consumers on ...
DaumGame ActiveX 0day
January 06, 2014 | Admin
One might think that vulnerabilities in ActiveX controls are a thing of the ...
SpiderLabs Radio: January 3, 2014
January 06, 2014 | Admin
Welcome to the SpiderLabs Radio Reboot! As we bid our old host, Space Rogue, a ...
The Case of an Obscure Injection
December 31, 2013 | Damian Profancik
During a recent application penetration test, I came across what proved to be ...
How Snotnose the Elf was Able to Compromise The North Pole Domain and Retrieve the Nice and Naughty Lists
December 20, 2013 | Theresa
Last Winter, Snotnose won the North vs South Pole CTF contest, and Santa ...
Wendel's Small Hacking Tricks - A not so common and neat Oracle [for Windows] hack.
December 20, 2013 | Wendel Guglielmetti Henrique
Since 2003 a large part of my workday has been devoted solely to hacking ...
Quick Joomla Refresher
December 19, 2013 | David Kirkpatrick
I haven't come into contact with Joomla for a while, but I had the opportunity ...
Announcing ModSecurity v2.7.6 Release (CI Platform Usage)
December 17, 2013 | Admin
The ModSecurity Project team is pleased to announce public release version ...
The Kernel is calling a zero(day) pointer – CVE-2013-5065 – Ring Ring
December 11, 2013 | Ben Hayak
SpiderLabs investigates a number of suspicious binary files on a daily basis. A ...
Microsoft Patch Tuesday, December 2013
December 10, 2013 | Robert Foggia
'Tis the season for an increase in cyber-criminal activities. In the past ...
The Curious Case of the Malicious IIS Module
December 09, 2013 | Admin
Recently, we've seen a few instances of a malicious DLL that is installed as an ...
Microsoft Advance Notification for December 2013
December 06, 2013 | Admin
On December 10th, Microsoft will begin deploying their security updates to ...
Physical Address Strangeness in Spam
December 05, 2013 | Brian Bebeau
Ten years ago, Congress passed the "CAN-SPAM Act" (also known as ...
Hacking a Reporter: Sleepless Nights Outside a Brooklyn Brownstone (Part 3 of 3)
December 05, 2013 | Admin
This post is the conclusion of a three-part series (read the first here and the ...
Look What I Found: Moar Pony!
December 03, 2013 | Daniel Chechik
In our last episode of "Look What I Found" we talked about a fairly large ...
[Honeypot Alert] More PHP-CGI Scanning (apache-magika.c)
November 26, 2013 | Ryan Barnett
In the past 24 hours, one of the WASC Distributed Web Honeypot participant's ...