SpiderLabs Blog

SpiderLabs Radio August 30, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Setting HoneyTraps with ModSecurity: Adding Fake robots.txt Disallow Entries

The following blog post is taken from Recipe 3-2: Adding Fake robots.txt Disallow Entries in my new ...

SpiderLabs Radio August 23, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Multiple Web Application Vulnerabilities in RockMongo

During a recent code review for a client, I also took a brief look at a tool they were using to ...

[Honeypot Alert] Probes for Apache Struts 2.X OGNL Vulnerability

Today our web honeypot sensors picked up probes for the recent Apache Struts 2.X OGNL vulnerability ...

SpiderLabs Radio August 16, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

The Web IS Vulnerable: XSS on the Battlefront (Part 1)

Microsoft Pulls MS13-061 Update for Exchange

Microsoft has pulled one of the three critical patches from yesterdays Patch Tuesday, MS13-061, ...

Microsoft Patch Tuesday, August 2013

The big news this month in Microsoft's Active Protections Program, other than the eight new ...

The Way of the Cryptologist

SpiderLabs Radio August 9, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Fun with 'Active Defense'

Active Defense is steadily becoming a popular trend in the security field, both in a theoretical ...

Microsoft Advance Notification for Patch Tuesday – August 2013

No rest for the weary. Microsoft has announced that there will be eight bulletins this month, which ...

Introducing RDI – Reflected DOM Injection

The other day at DEFCON 21 we (Daniel Chechik and Anat Davidi) gave a talk introducing a new ...

SpiderLabs Radio August 2, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Announcing the ModSecurity XSS Evasion Challenge

The SpiderLabs Research Team is pleased to announce the release of the ModSecurity XSS Evasion ...

SpiderLabs Radio July 26, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

SpiderLabs Radio July 19, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Top Ten Survival Tips for the Dehydrated N00b Zombie Apocalypse at Security Week 2013

Just look at the face: it's vacant, with a hint of sadness. Like a drunk who's lost a bet. —Dianne ...

ModSecurity Advanced Topic of the Week: Mitigating XSS Vulnerabilities Using Targeted CSP Enforcement

Content Security Policy (CSP) Implementation Challenges CSP is an extremely powerful tool for ...

SpiderLabs Radio July 12, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Spiders Are Fun!, DEF CON's 21, Come Chat at Black Hat

Security week in Las Vegas will be here before we know it. The SpiderLabs team will be busy: talks ...

XSS, SQLi in OpenEMR 4.1.1

A few tests ago, I came across an OpenEMR install with a weak password for a 'Guest' level account. ...

Microsoft Patch Tuesday, July 2013 - CRITICAL

This is probably one of the most important Patch Tuesday's we have seen in quite some time. While ...

ModSecurity Advanced Topic of the Week: Detecting Banking Trojan Page Modifications

The following blog post is taken from Recipe 10-5: Detecting Banking Trojan (Man-in-the-Browser) ...

SpiderLabs Radio July 5, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave ...

Custom Native Library Loader for Android

If you read my co-worker Neal Hindocha's recent post "Debugging Android Libraries using IDA" you ...

Microsoft Advance Notification for July 2013 – BOOM!

While you were stuffing your face with hotdogs and potato salad and then watching fireworks go ...