SpiderLabs Blog

ModSecurity and OWASP CRS Updates Available

Security Fix Release: ModSecurity v2.6.6 The ModSecurity Development Team has released version ...

Dynamic DAST/WAF Integration: Realtime Virtual Patching

At the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...

Dynamic DAST/WAF Integration: Realtime Virtual Patching

At the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...

[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Credit Card Validation Scripts

In our previous blog post "Inside the Attacker's Toolbox: Botnet Web Attack Scripts" we analyzed ...

[Honeypot Alert] Inside the Attacker's Toolbox: Botnet Web Attack Scripts

Have you ever wondered what script/code/tool was behind the automated web attacks that you see in ...

[Honeypot Alert] (UPDATE) Active Exploit Attempts for PHP-CGI Vuln

UPDATE - we have received more exploit attempt details from web hosting provider DreamHost. Thanks ...

Recent Mass SQL Injection Payload Analysis

There have been a number of mass SQL Injection campaigns targeting ASP/ASP.Net/MS-SQL sites over ...

[Honeypot Alert] Joomla com_s5clanroster Local File Inclusion Attacks

Our web honeypots picked up some increased scanning for the following Exploit-DB vulnerability:

[Honeypot Alert] Zeroboard now_connect() Remote Code Execution Attacks

Our web honeypots recently identified attacks for CVE-2009-4834 which is a vulnerability within ...

ModSecurity Advanced Topic of the Week: Automated Virtual Patching using OWASP Zed Attack Proxy

Automated Virtual Patching using OWASP Zed Attack Proxy The SpiderLabs Research Team has added an ...

[Honeypot Alert] Large Scale LFI Attack From Brazillian Domains

Our web sensors picked up a big uptick in Local File Inclusion (LFI) attacks today. We received ...

[Honeypot Alert] Zen Cart 'admin/sqlpatch.php' SQL Injection Attacks

[Honeypot Alert] More WordPress is_human Plugin Remote Command Injection Attack Detected

As we first noted in a previous Honeypot Alert Blog post, our web honeypots have again received ...

[Honeypot Alert] Status Report for February 2012

Monthly Web Honeypot Status Report We have received a tremendous amount of positive feedback on our ...

Virtual Patch for Movable Types XSS (CVE 2012-1262)

My SpiderLabs Research colleague Jonathan Claudius recently identified an XSS flaw in the Movable ...

[Honeypot Alert] phpMyAdmin Code Injection Attacks for Botnet Recruitment

Our web honeypots picked up the following attacks today:

Call for Assistance: OWASP Virtual Patching Survey

Identification of web application vulnerabilities is only half the battle with remediation efforts ...

Top Ten Web Protection Techniques of 2011

Top Ten Web Hacking Techniques of 2011 Every year the web security community votes on the top web ...

Common Attack Methodologies Identified in European Customers

As you may have heard, Trustwave SpiderLabs released our Global Security Report (GSR) 2012 Report, ...

[Honeypot Alert] Status Report for January 2012

Monthly Web Honeypot Status Report We have received a tremendous amount of positive feedback on our ...

HOIC DDoS Analysis and Detection

In a previous blog post, we provided details of a DDoS attack tool called LOIC (Low Orbit Ion ...

[Honeypot Alert] Simple Page Options Module for Joomla! Local File Inclusion Attack Detected

Our web honeypots generated the following ModSecurity alert today:

[Honeypot Alert] phpMyAdmin Superglobal Session Manipulation Attack Detected

Our web honeypots have identified attempts to exploit CVE-2011-2505. OSVDB lists the vulnerabilty ...

[Honeypot Alert] Is-human Wordpress Plugin Remote Command Execution Attack Detected

Our web honeypot logs picked up an attack aimed at exploiting the Is-human Wordpress Plugin Remote ...

[Honeypot Alert] Extensive 'setup.php' Scanning Detected

The SpiderLabs Research Team has identified an extensive scanning campaign which aims to enumerate ...

[Honeypot Alert] Multiple Local File Inclusion Attacks

Our web server honeypot log analysis has picked up some targeted local file inclusion (LFI) attacks ...

ModSecurity Mitigations for ASP.NET HashTable DoS Vulnerability (CVE-2011-3414)

ThreatPost had a news story today about PoC code that was released to the full disclosures ...

ModSecurity Advanced Topic of the Week: Mitigation of 'Slow Read' Denial of Service Attack

Slow-Read DoS Attack Background Another tweak in the ongoing "Slow" DoS attacks has emerged this ...