SpiderLabs Radio September 27, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

ModSecurity for Java - BETA Testers Needed

Over the course of the summer of 2013, the ModSecurity team participated in Google's Summer of Code ...

Read More

Wendel's Small Hacking Tricks - Killing Processes from the Microsoft Windows Command Line interface.

Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...

Read More

SpiderLabs Radio September 20, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

Is Oracle Application Server End-of-Life?

I was asked recently to review a web server running Oracle Application Server. The scope was quite ...

Read More

ModSecurity XSS Evasion Challenge Results

On July 30th, we announced our public ModSecurity XSS Evasion Challenge. This blog post will ...

Read More

Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network

It's always surprising how insecure some internal networks turn out to be. Less surprising is a ...

Read More

Hey, can I use your server for spamming?

Over the last few months I have encountered two separate cases of our customers being impacted by ...

Read More

Trust for Sale

Let's, for a moment, get into the mind of a cyber criminal:

Read More

Vino VNC Server Remote Persistent DoS Vulnerability

Last week, I was making some performance enhancements to theVNC protocol implementations in the ...

Read More

SpiderLabs Radio September 13, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

Microsoft Patch Tuesday, September 2013

In Chicago, it's been a roller coaster of a summer with cold weather to now steaming hot. ...

Read More

SpiderLabs Radio September 6, 2013 w/ Space Rogue

Read More

Microsoft Advance Notification for September 2013

This month Microsoft continues the recent tradition of large Patch Tuesday with fourteen Bulletins ...

Read More

SpiderLabs Radio August 30, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

Setting HoneyTraps with ModSecurity: Adding Fake robots.txt Disallow Entries

The following blog post is taken from Recipe 3-2: Adding Fake robots.txt Disallow Entries in my new ...

Read More

SpiderLabs Radio August 23, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

Multiple Web Application Vulnerabilities in RockMongo

During a recent code review for a client, I also took a brief look at a tool they were using to ...

Read More

[Honeypot Alert] Probes for Apache Struts 2.X OGNL Vulnerability

Today our web honeypot sensors picked up probes for the recent Apache Struts 2.X OGNL vulnerability ...

Read More

SpiderLabs Radio August 16, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

The Web IS Vulnerable: XSS on the Battlefront (Part 1)

Read More

Microsoft Pulls MS13-061 Update for Exchange

Microsoft has pulled one of the three critical patches from yesterdays Patch Tuesday, MS13-061, ...

Read More

Microsoft Patch Tuesday, August 2013

The big news this month in Microsoft's Active Protections Program, other than the eight new ...

Read More

The Way of the Cryptologist

Read More

SpiderLabs Radio August 9, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Read More

Fun with 'Active Defense'

Active Defense is steadily becoming a popular trend in the security field, both in a theoretical ...

Read More

Microsoft Advance Notification for Patch Tuesday – August 2013

No rest for the weary. Microsoft has announced that there will be eight bulletins this month, which ...

Read More

Introducing RDI – Reflected DOM Injection

The other day at DEFCON 21 we (Daniel Chechik and Anat Davidi) gave a talk introducing a new ...

Read More