Sending ModSecurity Logs to MySQL
February 02, 2016 | Chaim Sanders
Previous Work
Microsoft Patch Tuesday, January 2016
January 12, 2016 | SpiderLabs Researcher
It's a new year and with it comes a fresh batch of CVEs. As expected this ...
About CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation
January 07, 2016 | Martin Rakhmanov
SAP released an update for SAP ASE 16.0 and 15.7 that addresses a serious ...
ModSecurity Python Bindings: Parsing ModSecurity rules from Python
December 29, 2015 | Felipe "Zimmerle" Costa
One of the good things about the next generation of ModSecurity, libModSecurity ...
An Overview of the Upcoming libModSecurity
December 28, 2015 | Felipe "Zimmerle" Costa
libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax ...
Neutrino Exploit Kit – One Flash File to Rule Them All
December 28, 2015 | Daniel Chechik
There's been a bit of talk about the Neutrino exploit kit lately, most of it ...
Endless Evasion Racing Game
December 27, 2015 | Rami Kogan
In the past year we have been exploring the Magnitude Exploit Kit - one of the ...
3-in-1 Malware Infection through Spammed JavaScript Attachments
December 22, 2015 | Rodel Mendrez
Recently we've observed a massive uptick of malicious spam with JavaScript ...
Protecting Your Sites from Apache.Commons Vulnerabilities
December 21, 2015
Overview A few weeks ago, FoxGlove Security released this important blog post ...
Joomla 0-Day Exploited In the Wild (CVE-2015-8562)
December 18, 2015 | Assi Barak
A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot ...
Defender for IoT’s Firmware Analysis Tool is Exceptional
December 18, 2015 | David Broggy
One of my "pastimes," if you will, is to check out the features of various ...
Mom Spies a Hack
December 15, 2015 | Jonathan Yarema
Have you ever wondered if all that informal training you do with your friends ...
Microsoft Patch Tuesday, December 2015
December 08, 2015
The December Microsoft Path Tuesday is upon us and it does not bring any happy ...
Another Brick in the FrameworkPoS
December 07, 2015 | Eric Merritt
Introduction FrameworkPoS is a well-documented family of malware that targets ...
New Memory Scraping Technique in Cherry Picker PoS Malware
November 17, 2015 | Eric Merritt
Introduction Working primarily with point of sale malware, we regularly see the ...
Shining the Spotlight on Cherry Picker PoS Malware
November 16, 2015 | Eric Merritt
Introduction For the last five years Trustwave has been monitoring a threat ...
Microsoft Patch Tuesday, November 2015
November 10, 2015
November's Patch Tuesday marks a return to business as usual. Where October was ...
BOM Obfuscation in Spam
November 10, 2015 | Phil Hay
Spammers try all sorts of tricks to obfuscate, including trying to obfuscate ...
SpiderLabs Radio for the Week of November 2, 2015 - Final Episode
November 08, 2015
In this week's episode:
Oracle Database 11.2 SQLi in XML index statistics processing (CVE-2015-4900)
November 06, 2015 | Martin Rakhmanov
In the October 2015 'Critical Patch Update' Oracle fixed a flaw in XML index ...
Exploiting Padding Oracle To Gain Encryption Keys
October 26, 2015 | Georg Chalupar
Practical tricks on exploiting a padding oracle vulnerability.
About Lenovo System Update Vulnerabilities and CVE-2015-6971
October 26, 2015 | Martin Rakhmanov
Over the past seven months, a number of vulnerabilities in Lenovo System Update ...
SpiderLabs Radio for the Week of October 19, 2015
October 25, 2015
Two separate SpiderLabs vulnerabilities released:
Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access
October 22, 2015 | Asaf Orpani
Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection ...
How To Decrypt Ruby SSL Communications with Wireshark
October 19, 2015
Debugging a program that communicates with a remote endpoint usually involves ...
AppDetectivePRO and DbProtect Knowledgebase Update 4.54
October 13, 2015 | SpiderLabs Researcher
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now ...
Zero-day in Magmi database client for popular e-commerce platform Magento targeted in the wild
October 13, 2015 | Assi Barak
We've observed HTTP requests associated with an exploit attempt on the Magento ...
Microsoft Patch Tuesday for October 2015
October 13, 2015
October's Patch Tuesday is upon us and with only six bulletins, it's one of ...