Is Oracle Application Server End-of-Life?
I was asked recently to review a web server running Oracle Application Server. The scope was quite ...
Read More
ModSecurity XSS Evasion Challenge Results
On July 30th, we announced our public ModSecurity XSS Evasion Challenge. This blog post will ...
Read MoreTop Five Ways SpiderLabs Got Domain Admin on Your Internal Network
It's always surprising how insecure some internal networks turn out to be. Less surprising is a ...
Read MoreHey, can I use your server for spamming?
Over the last few months I have encountered two separate cases of our customers being impacted by ...
Read MoreVino VNC Server Remote Persistent DoS Vulnerability
Last week, I was making some performance enhancements to theVNC protocol implementations in the ...
Read MoreSpiderLabs Radio September 13, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreMicrosoft Patch Tuesday, September 2013
In Chicago, it's been a roller coaster of a summer with cold weather to now steaming hot. ...
Read MoreMicrosoft Advance Notification for September 2013
This month Microsoft continues the recent tradition of large Patch Tuesday with fourteen Bulletins ...
Read MoreSpiderLabs Radio August 30, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreSetting HoneyTraps with ModSecurity: Adding Fake robots.txt Disallow Entries
The following blog post is taken from Recipe 3-2: Adding Fake robots.txt Disallow Entries in my new ...
Read MoreSpiderLabs Radio August 23, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreMultiple Web Application Vulnerabilities in RockMongo
During a recent code review for a client, I also took a brief look at a tool they were using to ...
Read More[Honeypot Alert] Probes for Apache Struts 2.X OGNL Vulnerability
Today our web honeypot sensors picked up probes for the recent Apache Struts 2.X OGNL vulnerability ...
Read MoreSpiderLabs Radio August 16, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreMicrosoft Pulls MS13-061 Update for Exchange
Microsoft has pulled one of the three critical patches from yesterdays Patch Tuesday, MS13-061, ...
Read MoreMicrosoft Patch Tuesday, August 2013
The big news this month in Microsoft's Active Protections Program, other than the eight new ...
Read MoreSpiderLabs Radio August 9, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreFun with 'Active Defense'
Active Defense is steadily becoming a popular trend in the security field, both in a theoretical ...
Read MoreMicrosoft Advance Notification for Patch Tuesday – August 2013
No rest for the weary. Microsoft has announced that there will be eight bulletins this month, which ...
Read MoreIntroducing RDI – Reflected DOM Injection
The other day at DEFCON 21 we (Daniel Chechik and Anat Davidi) gave a talk introducing a new ...
Read MoreSpiderLabs Radio August 2, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreAnnouncing the ModSecurity XSS Evasion Challenge
The SpiderLabs Research Team is pleased to announce the release of the ModSecurity XSS Evasion ...
Read MoreSpiderLabs Radio July 26, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read MoreSpiderLabs Radio July 19, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...
Read More