Showing 109 results for: 2011 ×

Interesting Authentication Bypass Vulnerabilities

Recently I've been writing a talk called "Authentication Bypass Zoo: Pwnage and Poetry 2" which will attempt to discuss various reasons that applications may be subject to authentication bypasses to provide a deeper understanding about what kind of mistakes can...

TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server

The Spiderlabs team at Trustwave published a new advisory today which detail issues discovered in the IceWarp Mail Server. IceWarp Mail Server solution supports SMTP, POP & IMAP standards and integrates anti-virus and anti-spam protection for email users. Administrators can...

Blinkie Lights howto by nosteve

At DEF CON 19, I showed a project that uses an LED matrix to display network sessions. The goal of the project is to help people visualize what their box is doing. Due to the visual nature of this project,...

Trustwave Releases New ModSecurity Rules and Support

ModSecurity is the most popular open source web application firewall (WAF) deployed today. We receive thousands of downloads each month from our main repository alone. It is estimated that there are over 1 million sites on the internet using it...

Analyzing PDF Malware - Part 1

Background I'd like to think that security awareness has gotten to the point where the average end user thinks twice before opening an 'exe' file sent to them as an email attachment. I like to think that. I really do....

Advanced BNAT in the Wild

Just this week, we were asked to help out with some "TCP weirdness" that was identified out on a customer site during a penetration test. A port was identified as open, but when attempting to connect to the port, the...

Morto: More than Meets the Eye

There's been a lot of talk the past week or so about Morto. For those unfamiliar or unaware, Morto is a tricky little worm which looks for instances of Remote Desktop exposed online with weak Administrator passwords. How weak you...

Implementing AppSensor Detection Points in ModSecurity

This is a follow-up to a previous blog post entitled "Real-time Application Profiling" that implements extended profiling logic using the ModSecurity Lua API. AppSensor Detection Points SpiderLabs Research Team is happy to announce that we have just updated the OWASP...

Detecting Malice with ModSecurity: (Updated) CSRF Attacks

UPDATE - since this original post, we added new data manipulation capabilities to v2.6.0 with the introduction of the @rsub operator. See the last section on modifying outbound data server-side. This week's installment of Detecting Malice with ModSecurity will discuss...

(Updated) Mitigation of Apache Range Header DoS Attack

Update After deeper research into the underlying vulnerability and analyzing customer traffic, SpiderLabs has developed a new BETA ModSecurity ruleset to mitigate the Apache Range Header DoS vulnerability. The following rules may be used to truncate the Range header fields...

What Do Bug Bounties Cover?

Over the past few days in the UK we have been bombarded with arguments and debates over the use of Facebook and other social networking sites due to the riots that we witnessed all over the country. However, in the...

TWSL2011-008: Focus Stealing Vulnerability in Android

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in Android. Android is an open-source software stack for mobile devices which includes an operating system, key applications, and middleware. The vulnerability was discovered by...

Detecting Malice with ModSecurity: HoneyTraps

This week's installment of Detecting Malice with ModSecurity will discuss how to implement HoneyTraps in order to detect malicious activity on your website. HoneyTrap excerpt section of Robert "Rsnake" Hansen's book "Detecting Malice" - Booby Trapping Your Application I briefly...