[Honeypot Alert] Mass Joomla Component LFI Attacks Identified
November 17, 2011 | Ryan Barnett
Joomla Component LFI Vulnerabilities Joomla has hundreds of Controller ...
Trustwave Protections Deployed: MS11-083
November 15, 2011 | Robert Foggia
Last week, it was Microsoft's Patch Tuesday! For November, Microsoft released ...
Trustwave Protections Deployed: Duqu
November 06, 2011 | Robert Foggia
Recent reports of the zero-day exploit found in the Win32k True Type Font ...
NickiSpy.C - Android Malware Analysis Demo
October 26, 2011 | Josh Grunzweig
Recently I got the chance to dig into a nice little piece of Android spyware, ...
ModSecurity Advanced Topic of the Week: Commercial Rules Overview
October 04, 2011
As you may have heard, Trustwave recently announced the availability of ...
Interesting Authentication Bypass Vulnerabilities
September 30, 2011
Recently I've been writing a talk called "Authentication Bypass Zoo: Pwnage and ...
Google Android Focus Stealing Vulnerability Demo
September 27, 2011
Way back in August 2011, myself and Sean Schulte gave a presentation at DEF CON ...
TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server
September 23, 2011
The Spiderlabs team at Trustwave published a new advisory today which detail ...
Trustwave Releases New ModSecurity Rules and Support
September 22, 2011
ModSecurity is the most popular open source web application firewall (WAF) ...
Blinkie Lights howto by nosteve
September 22, 2011 | nosteve
At DEF CON 19, I showed a project that uses an LED matrix to display network ...
Analyzing PDF Malware - Part 1
September 22, 2011
Background
Advanced BNAT in the Wild
September 15, 2011 | Jonathan Claudius
Just this week, we were asked to help out with some "TCP weirdness" that was ...
ModSecurity Advanced Topic of the Week: Remote File Inclusion Attack Detection
September 11, 2011 | Ryan Barnett
Remote file inclusion (RFI) is a popular technique used to attack web ...
Morto: More than Meets the Eye
September 06, 2011 | Josh Grunzweig
There's been a lot of talk the past week or so about Morto. For those ...
Implementing AppSensor Detection Points in ModSecurity
August 31, 2011 | Ryan Barnett
This is a follow-up to a previous blog post entitled "Real-time Application ...
Detecting Malice with ModSecurity: (Updated) CSRF Attacks
August 30, 2011 | Ryan Barnett
UPDATE - since this original post, we added new data manipulation capabilities ...
(Updated) Mitigation of Apache Range Header DoS Attack
August 24, 2011 | Ryan Barnett
Update After deeper research into the underlying vulnerability and analyzing ...
ModSecurity Advanced Topic of the Week: (Updated) Exception Handling
August 23, 2011 | Ryan Barnett
UPDATE - since this original post, we added new exception handling capabilities ...
What Do Bug Bounties Cover?
August 19, 2011
Over the past few days in the UK we have been bombarded with arguments and ...
ModSecurity Advanced Topic of the Week: Automated Virtual Patching Script
August 18, 2011 | Ryan Barnett
Automated Virtual Patching Example Script
ModSecurity Advanced Topic of the Week: Audit Log Searching with ModGrep
August 11, 2011 | Ryan Barnett
This is an updated section from my previous book Preventing Web Attacks with ...
Auto-BAHN: Using Smart phones to create emergency, ad hoc networks
August 10, 2011 | Thomas Wilhelm
Thomas Wilhelm, Sr. Security Consultant at Trustwave SpiderLabs, revealed a ...
TWSL2011-008: Focus Stealing Vulnerability in Android
August 08, 2011 | Josh Grunzweig
The SpiderLabs team at Trustwave published a new advisory today, which details ...
Regression Workaround for TWSL2011-007: The iOS SSL Validation Vulnerability (UPDATED)
August 07, 2011
Trustwave SpiderLabs recently released an advisory (TWSL2011-007) regarding ...
What Web Application Security Monitoring Can Learn From Casino Surveillance
August 07, 2011 | Ryan Barnett
Detecting Malice with ModSecurity: HoneyTraps
August 02, 2011 | Ryan Barnett
This week's installment of Detecting Malice with ModSecurity will discuss how ...
New Edition of SpiderLabs Radio - Interviews with SpiderLabs DEF CON Speakers
August 02, 2011 | Zack Fasel
This month, Zack Fasel and Tom Mackenzie interview the SpiderLabs Team Members ...
Live ModSecurity Challenges at Blackhat Arsenal
July 28, 2011 | Ryan Barnett
ModSecurity is participating in the upcoming Blackhat Arsenal Tools Demo next ...