[Honeypot Alert] User Agent Field Arbitrary PHP Code Execution
December 21, 2011 | Ryan Barnett
While reviewing today's web honeypot logs, SpiderLabs Research identified two ...
[Honeypot Alert] phpAlbum PHP Code Execution Attacks
December 19, 2011 | Ryan Barnett
We have seen a number of scans probing for phpAlbum code execution vulns in our ...
Announcing Release of OWASP ModSecurity Core Rule Set v2.2.3
December 19, 2011 | Ryan Barnett
The SpiderLabs Research Team is pleased to announce the ModSecurity OWASP Core ...
BayThreat Follow-up: More About Mobile Devices and Privacy
December 15, 2011 | Luiz Eduardo Dos Santos
We just saw a recent post here on SpiderLabs Anterior about one of mostly used ...
Mobile Device Location Tracking, and Why It Matters
December 14, 2011
Throughout the past decade, there has been a substantial increase in mobile ...
[Honeypot Alert] Awstats Command Injection Scanning Detected
December 13, 2011 | Ryan Barnett
Issue Detected Our daily web honeypot analysis has detected an increase in ...
Microsoft Patch Tuesday, December 2011
December 13, 2011
This Patch Tuesday, there are 3 new Critical and 10 new Important Bulletins. ...
[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
December 09, 2011 | Ryan Barnett
Our web honeypot analysis today detected scanning looking for SQL Injection ...
[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
December 09, 2011 | Ryan Barnett
Our web honeypot analysis today detected scanning looking for SQL Injection ...
[Honeypot Alert] Mass Joomla Component LFI Attacks Identified
November 17, 2011 | Ryan Barnett
Joomla Component LFI Vulnerabilities Joomla has hundreds of Controller ...
Trustwave Protections Deployed: MS11-083
November 15, 2011 | Robert Foggia
Last week, it was Microsoft's Patch Tuesday! For November, Microsoft released ...
Trustwave Protections Deployed: Duqu
November 06, 2011 | Robert Foggia
Recent reports of the zero-day exploit found in the Win32k True Type Font ...
NickiSpy.C - Android Malware Analysis Demo
October 26, 2011 | Josh Grunzweig
Recently I got the chance to dig into a nice little piece of Android spyware, ...
ModSecurity Advanced Topic of the Week: Commercial Rules Overview
October 04, 2011
As you may have heard, Trustwave recently announced the availability of ...
Interesting Authentication Bypass Vulnerabilities
September 30, 2011
Recently I've been writing a talk called "Authentication Bypass Zoo: Pwnage and ...
Google Android Focus Stealing Vulnerability Demo
September 27, 2011
Way back in August 2011, myself and Sean Schulte gave a presentation at DEF CON ...
TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server
September 23, 2011
The Spiderlabs team at Trustwave published a new advisory today which detail ...
Trustwave Releases New ModSecurity Rules and Support
September 22, 2011
ModSecurity is the most popular open source web application firewall (WAF) ...
Blinkie Lights howto by nosteve
September 22, 2011 | nosteve
At DEF CON 19, I showed a project that uses an LED matrix to display network ...
Analyzing PDF Malware - Part 1
September 22, 2011
Background
Advanced BNAT in the Wild
September 15, 2011 | Jonathan Claudius
Just this week, we were asked to help out with some "TCP weirdness" that was ...
ModSecurity Advanced Topic of the Week: Remote File Inclusion Attack Detection
September 11, 2011 | Ryan Barnett
Remote file inclusion (RFI) is a popular technique used to attack web ...
Morto: More than Meets the Eye
September 06, 2011 | Josh Grunzweig
There's been a lot of talk the past week or so about Morto. For those ...
Implementing AppSensor Detection Points in ModSecurity
August 31, 2011 | Ryan Barnett
This is a follow-up to a previous blog post entitled "Real-time Application ...
Detecting Malice with ModSecurity: (Updated) CSRF Attacks
August 30, 2011 | Ryan Barnett
UPDATE - since this original post, we added new data manipulation capabilities ...
(Updated) Mitigation of Apache Range Header DoS Attack
August 24, 2011 | Ryan Barnett
Update After deeper research into the underlying vulnerability and analyzing ...
ModSecurity Advanced Topic of the Week: (Updated) Exception Handling
August 23, 2011 | Ryan Barnett
UPDATE - since this original post, we added new exception handling capabilities ...
What Do Bug Bounties Cover?
August 19, 2011
Over the past few days in the UK we have been bombarded with arguments and ...