Easy DOM-based XSS detection via Regexes

If you are interested in finding DOM-based XSS, you must have knowledge of ...

Read More

SpiderLabs Radio February 15, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue covers Bit9 Looses Bits, Adobe Adobe ...

Read More

[Honeypot Alert] User-Agent Field PHP Injection Attacks

In a previous Honeypot Alert blog post, I showed an example of attackers using LFI attacks to ...

Read More

Owning Windows Networks With Responder Part 2

One of the great things about working within SpiderLabs is that we prefer to use our own tools ...

Read More

Microsoft Patch Tuesday, February 2013 – Happy Chinese New Year!

Submitted by Space Rogue

Read More

SpiderLabs Radio February 8, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue covers Twitter breach, Java again, ...

Read More

Server-Side XSS Attack Detection with ModSecurity and PhantomJS

Client-Side JS Overriding Limitations In a previous blog post, I outlined how you could use ...

Read More

Microsoft Advance Notification for February 2013

The Advance Notification of Patch Tuesday from Microsoft has twelve bulletins listed for this ...

Read More

CryptOMG Walkthough - Challenge 2

For those of you that missed it last time, CryptOMG is a configurable CTF-style test bed that ...

Read More

ModSecurity IIS Updates: Stable Release, Award Recognition and More

ModSecurity for IIS Stable Release As part of our recent release of ModSecurity v2.7.2, not only ...

Read More

SpiderLabs Radio February 1, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue covers The New York Times, Anonymous ...

Read More

[Honeypot Alert] Active Probes for Ruby on Rails XML Vulns

In a previous blog post, I outlined some ModSecurity defenses to help protect Ruby on Rails users ...

Read More

SpiderLabs Radio January 25, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue covers the redirect of MIT.edu, Quebec ...

Read More

Owning Windows Networks with Responder 1.7

A lot has been happening with Responder lately!

Read More

SpiderLabs Crypto Contest - Winner!

We have a winner! @TimoHirvonen

Read More

SpiderLabs Radio January 18, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue covers Aaron Swartz and a movement to ...

Read More

Defeating AES without a PhD

"Cryptography is typically bypassed, not penetrated." – Adi Shamir FAITH IN THE ARCANE When I tell ...

Read More

QA w/ SpiderLabs Research: Java 0day CVE-2013-0422

Q: What's going on? People are talking about some Java 0daywhich threatens the whole world… Bring ...

Read More

Microsoft Patch Tuesday, January 2013 - Part II

It's now official, there is another bulletin (MS13-008) release for the month of January and ...

Read More

SpiderLabs Radio January 11, 2013 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This week's news covers ...

Read More

ModSecurity Mitigations for Ruby on Rails XML Exploits

There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML parsing of YAML ...

Read More

First Java 0day For The Year 2013

Today @Kafeine was the first to announce the new Java 0day. This 0day allows an attacker to execute ...

Read More

SpiderLabs Crypto Contest - Hints

This is a post for those attempting to solve the Crypto contest I introduced a couple weeks ago. ...

Read More

Microsoft Patch Tuesday, January 2013 – Hot Sauce

I had lunch today at a great little Cajun restaurant in Chicago called Heaven on Seven, so named ...

Read More

Goodies released with Trustwave SWG Security Update 141

As cliché as it may sound, security is done in layers and so, using our generic rules, we were able ...

Read More

SpiderLabs Radio January 04, 2013 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...

Read More

Dissecting a CVE-2012-4792 Payload

A little while ago I was fortunate enough to get ahold of a sample that was dropped on a system ...

Read More

Microsoft Advance Notification for January 2013

If you were hoping for a nice relaxing Patch Tuesday after the holidays, well, sorry to disappoint ...

Read More