Showing 41 results for: 2013 ×Security Research ×

[Honeypot Alert] More PHP-CGI Scanning (apache-magika.c)

In the past 24 hours, one of the WASC Distributed Web Honeypot participant's sensors picked up continued scanning for CVE-2012-1823 which is a vulnerability within PHP-CGI. Here is a screenshot taken from the ModSecurity WAF alert data: PHP-CGI Attack The...

PHP.Net Site Infected with Malware

Earlier today, users attempting to access the www.php.net site were met with malware warnings from Google's Safe Browsing plugins in Chrome/FireFox and other browsers - So, what was the problem? Malware Redirection Details Google's SafeBrowsing currently lists the following for...

Card Data Siphon with Google Analytics

The introduction of EMV (Chip & Pin) payment devices in 2003 resulted in a rapid decline in physical credit card cloning in Europe. EMV technology has also led to an increase in attacks on e-commerce systems targeting cardholder data. Each...

Fingerprinting Ubuntu OS Versions using OpenSSH

Over the past couples weeks, I've been working on enhancing the operating system detection logic in the TrustKeeper Scan Engine. Having the capability to detect a target's operating system can be very useful. Whether you're performing a simple asset identification...

Hiding Webshell Backdoor Code in Image Files

Looks Can Be Deceiving Do any of these pictures look suspicious? First appearances may be deceiving... Web attackers have have been using a method of stashing pieces of their PHP backdoor exploit code within the meta-data headers of these image...

En Fiesta Con Ploutus

We've translated our original blog post discussing Ploutus malware into Spanish because it was found to be targeting ATMs in Mexico. Hace poco, SafenSoft informó al público de una nueva familia de programas maliciosos, conocidos como "Ploutus", que fueron dirigidos...

Having a Fiesta With Ploutus

A short while ago, SafenSoft reported a new family of malware, named 'Ploutus', that targeted a number of ATMs in Mexico (http://www.safensoft.com/archiv/n/774/1778). The malware was installed when "criminals acquired access to the ATM's CD-ROM drive and inserted a new boot...

ModSecurity for Java - BETA Testers Needed

Over the course of the summer of 2013, the ModSecurity team participated in Google's Summer of Code (GSoC) program through OWASP. We helped by mentoring Mihai Pitu who developed a port of ModSecurity for Java! The main problem this project...

Trust for Sale

Let's, for a moment, get into the mind of a cyber criminal: Say you have a malicious executable that steals sensitive data (credit card numbers, credentials, etc.), which you would like to execute on compromised computers. You put lots of...

Vino VNC Server Remote Persistent DoS Vulnerability

Last week, I was making some performance enhancements to the VNC protocol implementations in the TrustKeeper Scanning Engine. Unfortunately, in my mission to "Go Fast!", I managed to trigger a Denial of Service (DoS) vulnerability in Vino. Vino is the...

The Web IS Vulnerable: XSS on the Battlefront (Part 1)

<script> //<![CDATA[ var str1 = &quot;http://&quot;; var str2 = &quot;www.modsecurity.org&quot;; var str3 = &quot;/beacon.html&quot;; var result = str1 + str2 + str3; window.location=result //]]>// </script> For those of you who were not able to make it to our talk at Blackhat USA, this...

Fun with 'Active Defense'

Active Defense is steadily becoming a popular trend in the security field, both in a theoretical and practical approach. From its humble beginnings it has made its way to a fully functional software implementations that aim at making your attacker's...

Introducing RDI – Reflected DOM Injection

The other day at DEFCON 21 we (Daniel Chechik and Anat Davidi) gave a talk introducing a new technique for delivering exploits by utilizing popular websites, we named the technique RDI which stands for "Reflected DOM Injection", and we explained...

Announcing the ModSecurity XSS Evasion Challenge

The SpiderLabs Research Team is pleased to announce the release of the ModSecurity XSS Evasion Challenge for the community. The purpose of this challenge is to show possible XSS defenses by using ModSecurity and to identify any weaknesses. Challenge Setup...