XML External Entity (XXE) Execution Disabled in ModSecurity v2.7.3
On February 27, 2013, the ModSecurity project team was notified by security researchers from ...
Read More
SpiderLabs Radio April 26, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers HostGator, Twitter, SPAMHaus, ...
Read MoreBasic Packers: Easy As Pie
Throughout Trustwave SpiderLabs' many forensicinvestigations, we often stumble upon malicious ...
Read MoreAccidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePad
Note that the vulnerability described here was fixed by Zemanta.
Read MoreSpiderLabs Radio April 19, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Schnucks, Linode, Pirate Bay, ...
Read MoreCracking IKE Mission:Improbable (Part 2)
A couple of weeks ago I posted Part 1 of Cracking IKE, detailing some useful techniques when ...
Read MoreJava is So Confusing...
It's been a short while, but we find ourselves again with a Java vulnerability in our hands, this ...
Read MoreLarge scale malicious spam campaign exploiting Boston bombing
In our latest Global Security Report, we noted malicious spam campaigns were on the increase, and ...
Read MoreMe Myself and I, Robot
Growing up I read every book my library had to offer by Jules Verne and Isaac Asimov. These and ...
Read MoreDefending WordPress Logins from Brute Force Attacks
As has been reported by many news outlets , WordPress login pages have been under a heavy brute ...
Read MoreSpiderLabs Radio April 12, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers OpIsreal, Anon AUS, LulzSec, 6 ...
Read MoreMicrosoft Recalls Update
Microsoft has recalled part of an update that was release earlier this week as part of April's ...
Read MoreRestricting Adobe CQ Admin Logins with Trustwave WAFs
One of the many useful features of a web application firewall (WAF) is its ability to add on ...
Read MoreRansomware Author 3's Farm Animals
As security researchers, our virtual journey in revealing new threats on the web is never-ending. ...
Read MoreMicrosoft Patch Tuesday, April 2013
This month we have nine bulletins, two critical covering just fourteen CVEs. The critical bulletins ...
Read MoreSpiderLabs Radio April 5, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Carberp, WarZ, Japan, Exp0sed ...
Read MoreModSecurity User Survey 2013
The ModSecurity web application firewall project has grown a lot in the past year including, ...
Read MoreWeb Application Defender's Cookbook: CCDC Blue Team Cheatsheet
Trustwave is a corporate sponsor of the National Collegiate Cyber Defense Competition (CCDC) where ...
Read MoreMicrosoft Advance Notification for April 2013
Ah, April, for most of us the weather is turning warm, birds return to their trees, flowers start ...
Read MoreJamming With WordPress Sessions
Let's talk about some targeted attacks where session management can be targeted to side step multi ...
Read MoreBreaking the Authentication Chain
This little post is going to talk about how authentication goes beyond just usernames and passwords.
Read MoreSpiderLabs Radio March 29, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers OMG DDoS Nukes Take out Net!, ...
Read MoreCracking IKE Mission:Improbable (Part 1)
All too often during pen tests I still find VPN endpoints configured to allow insecure Aggressive ...
Read MoreHooked on Packets: Reading PCAPs for D Students - Preview
SOURCE Boston is coming up in April, and Mike Ryan and I are giving a presentation about making ...
Read MoreDid Grum Really Get Killed?
For several years before July 2012 takedown, Grum was one of the notorious spam botnets and at one ...
Read MoreSpiderLabs Radio March 22, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Korea, teamSpy, Scan all the ...
Read MoreBaiting Attack Exercise – The Old School Way Still Works
In the past few months, we have had quite a few social engineering and client-side penetration ...
Read MoreMongodb - Security Weaknesses in a typical NoSQL database
Over the last year or so, I've noticed 2 ports appearing more frequently during internal ...
Read More