Server-Side XSS Attack Detection with ModSecurity and PhantomJS
Client-Side JS Overriding Limitations In a previous blog post, I outlined how you could use ...
Read More
Microsoft Advance Notification for February 2013
The Advance Notification of Patch Tuesday from Microsoft has twelve bulletins listed for this ...
Read MoreCryptOMG Walkthough - Challenge 2
For those of you that missed it last time, CryptOMG is a configurable CTF-style test bed that ...
Read MoreModSecurity IIS Updates: Stable Release, Award Recognition and More
ModSecurity for IIS Stable Release As part of our recent release of ModSecurity v2.7.2, not only ...
Read MoreSpiderLabs Radio February 1, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue covers The New York Times, Anonymous ...
Read More[Honeypot Alert] Active Probes for Ruby on Rails XML Vulns
In a previous blog post, I outlined some ModSecurity defenses to help protect Ruby on Rails users ...
Read MoreSpiderLabs Radio January 25, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue covers the redirect of MIT.edu, Quebec ...
Read MoreOwning Windows Networks with Responder 1.7
A lot has been happening with Responder lately!
Read MoreSpiderLabs Radio January 18, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue covers Aaron Swartz and a movement to ...
Read MoreDefeating AES without a PhD
"Cryptography is typically bypassed, not penetrated." – Adi Shamir FAITH IN THE ARCANE When I tell ...
Read MoreQA w/ SpiderLabs Research: Java 0day CVE-2013-0422
Q: What's going on? People are talking about some Java 0daywhich threatens the whole world… Bring ...
Read MoreMicrosoft Patch Tuesday, January 2013 - Part II
It's now official, there is another bulletin (MS13-008) release for the month of January and ...
Read MoreSpiderLabs Radio January 11, 2013 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This week's news covers ...
Read MoreModSecurity Mitigations for Ruby on Rails XML Exploits
There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML parsing of YAML ...
Read MoreFirst Java 0day For The Year 2013
Today @Kafeine was the first to announce the new Java 0day. This 0day allows an attacker to execute ...
Read MoreSpiderLabs Crypto Contest - Hints
This is a post for those attempting to solve the Crypto contest I introduced a couple weeks ago. ...
Read MoreMicrosoft Patch Tuesday, January 2013 – Hot Sauce
I had lunch today at a great little Cajun restaurant in Chicago called Heaven on Seven, so named ...
Read MoreGoodies released with Trustwave SWG Security Update 141
As cliché as it may sound, security is done in layers and so, using our generic rules, we were able ...
Read MoreSpiderLabs Radio January 04, 2013 w/ Space Rogue
We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers ...
Read MoreDissecting a CVE-2012-4792 Payload
A little while ago I was fortunate enough to get ahold of a sample that was dropped on a system ...
Read MoreMicrosoft Advance Notification for January 2013
If you were hoping for a nice relaxing Patch Tuesday after the holidays, well, sorry to disappoint ...
Read MoreHacking with Drain Cleaner – Yet Another BitLocker Bypass Technique
As hard-wired as any Application Specific Integrated Circuit it seems the Infosec community can't ...
Read MoreChoppy Regulatory Waters ahead for EU SMEs?
There's been a reasonable amount of coverage of the (proposed) data protection legal framework ...
Read MorePhotobucket: An Identity Thief's Playground
Photobucket is a popular social media site that acts as gallery and cloud storage for user photos. ...
Read MoreInternet Explorer - 2012 Last Minute 0-Day
Using Zero Days attacks at end of the year are not the most considerate thing to do for the ...
Read MoreWardrive, Raspberry Pi Style!
I purchased a Raspberry Pi a few weeks back. I found that I could power it, with a WiFi card and a ...
Read MoreGetting Terminal Access to a Cisco Linksys E-1000
Over the past couple weeks, I've been spending a lot of time hacking on various embedded devices to ...
Read More