Live ModSecurity Challenges at Blackhat Arsenal
2 Minute Read
by Ryan Barnett
ModSecurity is participating in the upcoming Blackhat Arsenal Tools Demo next week in Las Vegas.
Details:
When: Wed. Aug 3rd from 1:45 pm - 4:30 pm
Where: POD 1
We will have live demos/challenges running from our kiosk. In addition to the SQL Injection Challenges, we will also have a great XSS Challenge as outlined below.
So if you are going to be at Blackhat, we encourage you to stop by Arsenal and try your hand at bypassing these protections.
XSS Defense with ModSecurity
The purpose of this demo is to show possible XSS defenses by using ModSecurity.
XSS Defense #1: JS Sandbox
This defensive layer uses ModSecurity's Content Injection capability to insert defensive Javascript to the beginning of html responses. This demo uses Eduardo (sirdarckcat) Vela's Active Content Signatures (ACS) code.
Read more about this concept here.
XSS Defense #2: Neutralizing Reflected Payloads
This defensive technique uses ModSecurity rules to look for suspicious inbound payloads reflected back out to clients in the response body.
Read more about using ModSecurity's ability to identify improper output handling flaws here.
If a payload is found, then ModSecurity will use its new data substitution capabilities to alter the outbound html. It will do two things:
- Prepend a JavaScript alert pop-up box warning the user that a security action has been taken on the response payload.
- The malicious payload will be prepended with the HTML
tag thus neutralizing the malicious payload.&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;Here is &lt;a href="http://www.modsecurity.org/demo/demo-deny-noescape.html?test=%3Cinput+onfocus%3Dwrite%281%29+autofocus%3E&amp;disable_xss_defense=on" target="_self"&gt;an example attack with defense&lt;/a&gt;.&lt;/p&gt; &lt;h4&gt;Demo Challenge&lt;/h4&gt; &lt;p&gt;Your challenge is to try and bypass both the JS sandbox and PLAINTEXT protections and successfully execute a reflected XSS attack that executes JS code in your browser. You may toggle On/Off the defenses by checking the boxes in the form below. This will help to facilitate testing of working XSS payloads.&lt;/p&gt; &lt;p&gt;If you are successful, please notify us at any of the following places:&lt;/p&gt; &lt;p&gt;- &lt;a href="http://twitter.com/modsecurity" target=" blank"&gt;@ModSecurity on Twitter&lt;/a&gt;&lt;/p&gt; &lt;p&gt;- &lt;a href="https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set" target="_blank" rel="noopener"&gt;OWASP ModSecurity Core Rule Set Mail-list&lt;/a&gt;&lt;/p&gt; &lt;p&gt;- &lt;a href="https://www.modsecurity.org/tracker/browse/CORERULES" target="_blank" rel="noopener"&gt;Submit bug report to Jira&lt;/a&gt;&lt;/p&gt; &lt;p&gt;&nbsp;&lt;/p&gt; </plaintext></li> </ul></span> </div> </div> <aside class="wrapper-side_content"> <div class="side_content-sticky"> <div class="blog-post-social-share"> <div id="hs_cos_wrapper_module_172236034181117" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div id="module_172236034181117" class="module-share-wrapper default"> <div class="share-text"> Share: </div> <!-- HTML to show when COPY LINK checked --> <div class="share-btn copy-link"> <a href="https://www.levelblue.com/blogs/spiderlabs-blog/live-modsecurity-challenges-at-blackhat-arsenal" rel="noopener">Copy Link</a> <span class="copied-link">Link Copied</span> </div> <!-- HTML to show when LINKEDIN checked --> <div class="share-btn share-linkedin"> <span style="display: none">v2</span> <a href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.levelblue.com/blogs/spiderlabs-blog/live-modsecurity-challenges-at-blackhat-arsenal" target="_blank" rel="noopener">LinkedIn</a> </div> <!-- HTML to show when X-TWITTER checked --> <div class="share-btn share-x"> <a href="https://x.com/intent/post?url=&text=https://www.levelblue.com/blogs/spiderlabs-blog/live-modsecurity-challenges-at-blackhat-arsenal&via=levelbluecyber" target="_blank" rel="noopener">X</a> </div> <!-- HTML to show when FACEBOOK checked --> <div class="share-btn share-facebook"> <a href="https://www.facebook.com/sharer/sharer.php?u=https://www.levelblue.com/blogs/spiderlabs-blog/live-modsecurity-challenges-at-blackhat-arsenal" target="_blank" rel="noopener">Facebook</a> </div> <!-- HTML to show when RSS checked --> </div> </div> </div> <div class="blog-post-form hide-mobile"> <div id="hs_cos_wrapper_module_17228820340396" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" ><span id="hs_cos_wrapper_module_17228820340396_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text" ><h4>Stay Informed</h4><p>Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.</p></span></div> <div id="hs_cos_wrapper_form" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <span id="hs_cos_wrapper_form_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form" > <div id='hs_form_target_form'></div> </span> </div> </div> <div class="show-mobile mini-post-form"> <div id="promotional-interrupter-module_17228780589192" class="promotional-interrupter text_interrupter"> <div class="text_interrupter_content"> <p>Stay Informed:</p> </div> <a class="btn btn-solid btn-secondary text-white" href="#popupSubscribe" > Subscribe </a> </div> <div id="hs_cos_wrapper_module_17228626314893" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div class="popup-wrapper"></div> <div id="popupSubscribe" class=" popup popup-zoom mfp-hide shadow-xl rounded p-12 mb:p-8 bg-white"> <div class="popup-content"> <h4>Stay Informed</h4><p>Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.</p> </div> <div class="mt-8"> <span id="hs_cos_wrapper_module_17228626314893_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form" ><h3 id="hs_cos_wrapper_form_618301517_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3> <div id='hs_form_target_form_618301517'></div> </span> </div> </div> </div> </div> <div class="blog-post-featured-resources"> <div class="module-blog-featured-resources"> <div class="blog-featured-resource"> <h4 class="eyebrow_label">RESEARCH REPORT</h4> <a href="https://levelblue.com/resources/research-reports/levelblue-threat-trends-report-2025-edition-two/" class="resource_title "> 2025 LevelBlue Threat Trends Report, Edition Two </a> </div> <div class="blog-featured-resource"> <h4 class="eyebrow_label">WEBINAR</h4> <a href="https://levelblue.com/resources/webinars/how-cybercriminals-are-perfecting-deception-in-2025/" class="resource_title "> Fool Me Once: How Cybercriminals are Perfecting Deception </a> </div> </div> </div> </div> </aside> </div> <div class="about-content"> <div class="about-authors"> <div class="trustwave-bio"> <h4>ABOUT LEVELBLUE</h4> <p>LevelBlue is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more <a href="https://levelblue.com/company/about-us/">about us</a>.</p> </div> </div> <div class="about-tags"> </div> </div> <div class="latest-blog-post"> <div class="mb-16"> <h2>Latest Intelligence</h2> </div> <div class="latest-blog-content flex"> <div class="blog-entry flex-1"> <a href="/blogs/spiderlabs-blog/epic-fury-update-stryker-attack-highlights-handalas-shift-from-espionage-to-disruption" class="post-title"> <span class="latest-post-image"></span> <span class="post-title-inner">Epic Fury Update: Stryker Attack Highlights Handala's Shift from Espionage to Disruption</span> </a> </div> <div class="blog-entry flex-1"> <a href="/blogs/spiderlabs-blog/weaponizing-safe-links-abuse-of-multi-layered-url-rewriting-in-phishing-attacks" class="post-title"> <span class="latest-post-image"></span> <span class="post-title-inner">Weaponizing Safe Links: Abuse of Multi-Layered URL Rewriting in Phishing Attacks</span> </a> </div> <div class="blog-entry flex-1"> <a href="/blogs/spiderlabs-blog/beware-the-clickfix-trap-remcos-rat-hiding-in-helpful-puas" class="post-title"> <span class="latest-post-image"></span> <span class="post-title-inner">Beware the ClickFix Trap: REMCOS RAT Hiding in “Helpful” PUAs</span> </a> </div> </div> <div class="related-offerings"> <div id="hs_cos_wrapper_module_17225404242263" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div id="module_17225404242263" class="tw-module tw-related-offerings"> <h3 class="tw-related-offerings__title">Related Offerings</h3> <div class="tw-related-offerings__offerings"> <a class="tw-related-offerings__offering" href="https://levelblue.com/services/penetration-testing/"> Penetration Testing </a> <a class="tw-related-offerings__offering" href="https://levelblue.com/services/incident-readiness-and-response/"> Incident Readiness and Response </a> <a class="tw-related-offerings__offering" href="https://levelblue.com/services/cyber-threat-intelligence/"> Cyber Threat Intelligence </a> <a class="tw-related-offerings__offering" href="https://levelblue.com/services/threat-hunting/"> Threat Hunting </a> </div> </div> </div> </div> </div> </div> </div> <div class="minified-final-plea dnd-section"> <div class="row-fluid"> <div id="hs_cos_wrapper_module_17228780589192" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div id="promotional-interrupter-module_17228780589192" class="promotional-interrupter text_interrupter"> <div class="text_interrupter_content"> <h4>Discover how our specialists can tailor a security program to fit the needs of <br>your organization.</h4> </div> <a class="btn btn-solid btn-secondary text-white" href="#popupBlog" > Request a Demo </a> </div> </div> <div id="hs_cos_wrapper_module_17228626314893" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" > <div class="popup-wrapper"></div> <div id="popupBlog" class=" popup popup-zoom mfp-hide shadow-xl rounded p-12 mb:p-8 bg-white"> <div class="popup-content"> </div> <div class="mt-8"> <span id="hs_cos_wrapper_module_17228626314893_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form" ><h3 id="hs_cos_wrapper_form_233795572_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3> <div id='hs_form_target_form_233795572'></div> </span> </div> </div> </div> </div> </div> </article> </div> <div id="hs_cos_wrapper_module_177212747602132" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module" ><div class="lb-footer"> <div class="lb-container"> <div class="lb-footer__wrapper"> <div class="lb-footer__left-col"> <h3 class="lb-footer__title">Stay Informed</h3> <div class="lb-footer__desc">Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.</div> <div class="lb-footer__form"> <span id="hs_cos_wrapper_module_177212747602132_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form" ><h3 id="hs_cos_wrapper_form_588872149_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3> <div id='hs_form_target_form_588872149'></div> </span> </div> </div> <div class="lb-foter__separator"></div> <div class="lb-footer__right-col"> <div class="lb-footer__menu"> <div class="lb-footer__menu-col"> <div id="hs_menu_wrapper_module_177212747602132_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/company/leadership" role="menuitem" target="_self">Leadership</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/company/our-history" role="menuitem" target="_self">Our History</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/newsroom/press-releases" role="menuitem" target="_self">Press Releases</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/newsroom/media-coverage" role="menuitem" target="_self">Media Coverage</a></li> </ul> </div> </div> <div class="lb-footer__menu-col"> <div id="hs_menu_wrapper_module_177212747602132_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/company/careers" role="menuitem" target="_self">Careers</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/company/contact" role="menuitem" target="_self">Contact</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/services" role="menuitem" target="_self">View All Services</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/free-trials" role="menuitem" target="_self">Free Trials</a></li> </ul> </div> </div> <div class="lb-footer__menu-col"> <div id="hs_menu_wrapper_module_177212747602132_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/training-and-certification" role="menuitem" target="_self">Training &amp; Certification</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/company/support" role="menuitem" target="_self">Support</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://success.alienvault.com/s/" role="menuitem" target="_blank" rel="noopener">Success Center</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://docs.levelblue.com/documentation" role="menuitem" target="_blank" rel="noopener">Documentation Center</a></li> </ul> </div> </div> </div> <div class="lb-footer__bottom"> <div class="lb-footer__social"> <a class="lb-share-icon" href="https://www.linkedin.com/company/levelbluecyber" target="_blank" rel="noopener"> <svg width="14" height="14" viewBox="0 0 14 14" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M3.13438 14H0.23125V4.65312H3.13438V14ZM1.68125 3.37812C0.753125 3.37812 0 2.60938 0 1.68125C0 1.23535 0.177131 0.807722 0.492427 0.492427C0.807722 0.177131 1.23535 0 1.68125 0C2.12715 0 2.55478 0.177131 2.87007 0.492427C3.18537 0.807722 3.3625 1.23535 3.3625 1.68125C3.3625 2.60938 2.60938 3.37812 1.68125 3.37812ZM13.9969 14H11.1V9.45C11.1 8.36562 11.0781 6.975 9.59062 6.975C8.08125 6.975 7.85 8.15312 7.85 9.37187V14H4.95V4.65312H7.73438V5.92812H7.775C8.1625 5.19375 9.10938 4.41875 10.5219 4.41875C13.4594 4.41875 14 6.35313 14 8.86563V14H13.9969Z" fill="white"/> </svg> </a> <a class="lb-share-icon" href="https://x.com/levelbluecyber" target="_blank" rel="noopener"> <svg width="16" height="14" viewBox="0 0 16 14" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M12.5997 0H15.0543L9.69318 5.92981L16 14H11.063L7.19339 9.10673L2.77097 14H0.312907L6.04607 7.65625L0 0H5.06215L8.55628 4.4726L12.5997 0ZM11.7375 12.5798H13.0969L4.3216 1.34615H2.86136L11.7375 12.5798Z" fill="white"/> </svg> </a> <a class="lb-share-icon" href="https://www.youtube.com/c/attcybersecurity" target="_blank" rel="noopener"> <svg width="24" height="16" viewBox="0 0 24 16" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M23.02 2.50417C22.7547 1.51667 21.9757 0.741667 20.9861 0.479167C19.1922 0 12 0 12 0C12 0 4.80776 0 3.01391 0.479167C2.02435 0.741667 1.24533 1.51667 0.980044 2.50417C0.5 4.29167 0.5 8.01667 0.5 8.01667C0.5 8.01667 0.5 11.7417 0.980044 13.5292C1.24533 14.5167 2.02435 15.2583 3.01391 15.5208C4.80776 16 12 16 12 16C12 16 19.1922 16 20.9861 15.5208C21.9757 15.2583 22.7547 14.5125 23.02 13.5292C23.5 11.7417 23.5 8.01667 23.5 8.01667C23.5 8.01667 23.5 4.29167 23.02 2.50417ZM9.65031 11.4V4.63333L15.6593 8.01667L9.65031 11.4Z" fill="white"/> </svg> </a> </div> <div class="lb-footer__legal-menu"> <div id="hs_menu_wrapper_module_177212747602132_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/legal" role="menuitem" target="_self">Legal</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/legal/website-terms-of-use" role="menuitem" target="_self">Terms of Usage</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/legal/privacy-policy" role="menuitem" target="_self">Privacy Policy</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.levelblue.com/legal/choices-and-controls" role="menuitem" target="_self">Your Privacy Choices</a></li> </ul> </div> </div> <div class="lb-footer__copyright">© Copyright 2026</div> </div> </div> </div> </div> <!-- Mobile CTA Button --> <div id="mobile-cta-button" class="req-demo-mob" style="position:fixed;left:0;display:block"> </div> <!-- Mobile PopUp Container --> <div class="mobile-cta mfp-hide text-base heading-default text-left inherit popup popup-zoom shadow-xl rounded p-12 mb:p-8 bg-white"> <div id="mobile-cta-popup"></div> </div> </div> </div> </div> <!-- HubSpot performance collection script --> <script defer src="/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/jquery-migrate.min.js"></script> <script defer src="//21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/template_assets/1/81597448358/1773680255650/template_plugins.min.js"></script> <script defer src="//21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/template_assets/1/81597439004/1773680273609/template_main.min.js"></script> <script defer src="//21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/template_assets/1/196857189783/1773680257084/template_child.min.js"></script> <script> var hsVars = hsVars || {}; hsVars['language'] = 'en'; </script> <script src="/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js"></script> <script src="https://21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/module_assets/1/196857189941/1771507347615/module_Global-Header.min.js"></script> <!--[if lte IE 8]> <script charset="utf-8" src="https://js.hsforms.net/forms/v2-legacy.js"></script> <![endif]--> <script data-hs-allowed="true" src="/_hcms/forms/v2.js"></script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: '92358282-9e9e-4fe6-a21f-c30c1e55336d', formInstanceId: '3817', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "<p style=\"text-align: center;\"><strong>Thank You<\/strong><\/p>\n<hr>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.levelblue.com\/blogs\/levelblue-blog\" rel=\"noopener\">blogs<\/a><\/span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.levelblue.com\/resources\" rel=\"noopener\">Resource Library<\/a><\/span>.<\/p>", rawInlineMessage: "<p style=\"text-align: center;\"><strong>Thank You<\/strong><\/p>\n<hr>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.levelblue.com\/blogs\/levelblue-blog\" rel=\"noopener\">blogs<\/a><\/span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.levelblue.com\/resources\" rel=\"noopener\">Resource Library<\/a><\/span>.<\/p>", hsFormKey: "f79056d89441851bc0a4d72bc7d47424", css: '', target: '#hs_form_target_form_911839618', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script async> $('.share-btn.copy-link a').on('click', function(e) { e.preventDefault(); e.stopPropagation(); var $tempInput = $('<input>'), $this = $(this); $('body').append($tempInput); $tempInput.val(window.location.href).select(); document.execCommand('copy'); $tempInput.remove(); $this.parent().addClass('copy-indicator'); setTimeout(function(e) { $this.parent().removeClass('copy-indicator'); }, 2000); }); </script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: '68741a11-8e56-4f23-ba7f-b2307e77714c', formInstanceId: '2558', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "Thank you for your email! You will soon receive the Levelblue newsletter", rawInlineMessage: "Thank you for your email! You will soon receive the Levelblue newsletter", hsFormKey: "e7fd8e99f3c560d206bd203e99b41065", css: '', target: '#hs_form_target_form', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: '68741a11-8e56-4f23-ba7f-b2307e77714c', formInstanceId: '7037', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "<p>Thank you for your email! You will soon receive the LevelBlue newsletter<\/p>", rawInlineMessage: "<p>Thank you for your email! You will soon receive the LevelBlue newsletter<\/p>", hsFormKey: "374d2d7de2dd769aff4f9cb822d15e09", css: '', target: '#hs_form_target_form_618301517', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script src="https://21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/module_assets/1/196857189935/1761241856638/module_blog-featured-resources.min.js"></script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: 'be28fb83-5e9f-4da9-8132-5ee9008b9f31', formInstanceId: '4617', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\"><strong>Thank You<\/strong><\/p>\n<p style=\"text-align: center;\">One of our sales specialists will be in touch with you shortly.<\/p>\n<p style=\"text-align: center;\"><img style=\"height: auto; max-width: 100%; width: 258px;\" src=\"https:\/\/21158977.fs1.hubspotusercontent-na1.net\/hubfs\/21158977\/Red%20Line%20Transparent.png\" alt=\"Red Line Transparent\" loading=\"lazy\" width=\"258\" height=\"22\"><\/p>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/trustwave-blog\" rel=\"noopener\">blogs<\/a><\/span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/library\/\" rel=\"noopener\">Resource Library<\/a><\/span>.<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>", rawInlineMessage: "<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\"><strong>Thank You<\/strong><\/p>\n<p style=\"text-align: center;\">One of our sales specialists will be in touch with you shortly.<\/p>\n<p style=\"text-align: center;\"><img style=\"height: auto; max-width: 100%; width: 258px;\" src=\"https:\/\/21158977.fs1.hubspotusercontent-na1.net\/hubfs\/21158977\/Red%20Line%20Transparent.png\" alt=\"Red Line Transparent\" loading=\"lazy\" width=\"258\" height=\"22\"><\/p>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/trustwave-blog\" rel=\"noopener\">blogs<\/a><\/span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/library\/\" rel=\"noopener\">Resource Library<\/a><\/span>.<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>\n<p style=\"text-align: center;\">&nbsp;<\/p>", hsFormKey: "bd2f222424154dca92c1b41b2779ab23", css: '', target: '#hs_form_target_form_233795572', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script> // Function to set a session cookie function setSessionCookie(name, value) { document.cookie = name + "=" + value + "; path=/; SameSite=Lax"; } // Function to get a cookie by name function getCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for (var i = 0; i < ca.length; i++) { var c = ca[i].trim(); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length); } return null; } $(document).ready(function () { // Function to switch themes function changeTheme(theme) { if (theme === 'dark') { $('body').removeClass('light-theme header-fixed').addClass('dark-theme'); setSessionCookie('theme', 'dark'); } else if (theme === 'light') { $('body').removeClass('dark-theme').addClass('light-theme header-fixed'); setSessionCookie('theme', 'light'); } } // Apply saved theme on page load var savedTheme = getCookie('theme'); if (savedTheme) { changeTheme(savedTheme); } // Handle theme change on button click $('a.theme-changer').on('click', function (e) { e.preventDefault(); if ($('body').hasClass('dark-theme')) { changeTheme('light'); } else if ($('body').hasClass('light-theme')) { changeTheme('dark'); } }); // Remove the 'hidden' class to display the content $('article.blog-details-page').removeClass('elem-hidden'); if ($('body').hasClass('light-theme')) { $('body').addClass('blog-detail-template theme-transition'); } else { $('body').addClass('dark-theme blog-detail-template theme-transition'); } }); </script> <script> $(document).ready(function() { // Check if it's a desktop device const isDesktop = window.matchMedia("(min-width: 1024px)").matches; if (isDesktop) { // Desktop: Set up sticky element const $stickyElement = $('.side_content-sticky'); $stickyElement.stick_in_parent({ offset_top: 135, recalc_every: 100 }); function checkStuck() { const style = window.getComputedStyle($stickyElement[0]); if (style.position === 'static') { $stickyElement.removeClass('stuck_elem'); } else { $stickyElement.addClass('stuck_elem'); } } // Optimized scroll listener let ticking = false; $(window).on('scroll', function() { if (!ticking) { window.requestAnimationFrame(function() { checkStuck(); ticking = false; }); ticking = true; } }); } else { // Mobile: Reorganize elements $('.blog-details-metadata').insertBefore('.blog-post-social-share'); } }); </script> <script defer src="https://21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/hub_generated/module_assets/1/206308873654/1772127441864/module_lb-footer.min.js"></script> <script data-hs-allowed="true"> var options = { portalId: '21158977', formId: '68741a11-8e56-4f23-ba7f-b2307e77714c', formInstanceId: '5834', pageId: '202118667031', region: 'na1', pageName: "Live ModSecurity Challenges at Blackhat Arsenal", inlineMessage: "Thank you for your email! You will soon receive the LevelBlue newsletter.", rawInlineMessage: "Thank you for your email! You will soon receive the LevelBlue newsletter.", hsFormKey: "e81b0c9b295b846b5d25ffc0d176e3ae", css: '', target: '#hs_form_target_form_588872149', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script> <script> $(document).ready(function() { let windowLocation = window.location.pathname; let contactPageUrls = [ '/company/contact/', '/company/global-locations/', '/company/support/', '/company/government-support/', '/company/security-breach/', '/company/government-security-breach/' ]; let formID = contactPageUrls.includes(windowLocation) ? '361db4f3-34d0-484c-9d02-f28084e99b92' : '0ba582d8-a14e-4ce6-9ec3-def133446115'; if (window.matchMedia('(max-width: 768px)').matches) { hbspt.forms.create({ portalId: "21158977", formId: formID, target: "#mobile-cta-popup" }); } }); </script> <!-- Start of HubSpot Analytics Code --> <script type="text/javascript"> var _hsq = _hsq || []; _hsq.push(["setContentType", "blog-post"]); _hsq.push(["setCanonicalUrl", "https:\/\/www.levelblue.com\/blogs\/spiderlabs-blog\/live-modsecurity-challenges-at-blackhat-arsenal"]); _hsq.push(["setPageId", "202118667031"]); _hsq.push(["setContentMetadata", { "contentPageId": 202118667031, "legacyPageId": "202118667031", "contentFolderId": null, "contentGroupId": 199456657586, "abTestId": null, "languageVariantId": 202118667031, "languageCode": "en", }]); </script> <script type="text/javascript" id="hs-script-loader" async defer src="/hs/scriptloader/21158977.js"></script> <!-- End of HubSpot Analytics Code --> <script type="text/javascript"> var hsVars = { render_id: "0778e8d5-d990-4053-9153-aef4ee710760", ticks: 1773713789021, page_id: 202118667031, content_group_id: 199456657586, portal_id: 21158977, app_hs_base_url: "https://app.hubspot.com", cp_hs_base_url: "https://cp.hubspot.com", language: "en", analytics_page_type: "blog-post", scp_content_type: "", analytics_page_id: "202118667031", category_id: 3, folder_id: 0, is_hubspot_user: false } </script> <script defer src="/hs/hsstatic/HubspotToolsMenu/static-1.640/js/index.js"></script> <div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v3.0"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </body> </html></plaintext></li></ul></span></div></div></div></div></div></article></div></div></body></html>