Showing 72 results for: 2011 ×Security Research ×

Advanced BNAT in the Wild

Just this week, we were asked to help out with some "TCP weirdness" that was identified out on a customer site during a penetration test. A port was identified as open, but when attempting to connect to the port, the...

Morto: More than Meets the Eye

There's been a lot of talk the past week or so about Morto. For those unfamiliar or unaware, Morto is a tricky little worm which looks for instances of Remote Desktop exposed online with weak Administrator passwords. How weak you...

Implementing AppSensor Detection Points in ModSecurity

This is a follow-up to a previous blog post entitled "Real-time Application Profiling" that implements extended profiling logic using the ModSecurity Lua API. AppSensor Detection Points SpiderLabs Research Team is happy to announce that we have just updated the OWASP...

Detecting Malice with ModSecurity: (Updated) CSRF Attacks

UPDATE - since this original post, we added new data manipulation capabilities to v2.6.0 with the introduction of the @rsub operator. See the last section on modifying outbound data server-side. This week's installment of Detecting Malice with ModSecurity will discuss...

(Updated) Mitigation of Apache Range Header DoS Attack

Update After deeper research into the underlying vulnerability and analyzing customer traffic, SpiderLabs has developed a new BETA ModSecurity ruleset to mitigate the Apache Range Header DoS vulnerability. The following rules may be used to truncate the Range header fields...

What Do Bug Bounties Cover?

Over the past few days in the UK we have been bombarded with arguments and debates over the use of Facebook and other social networking sites due to the riots that we witnessed all over the country. However, in the...

TWSL2011-008: Focus Stealing Vulnerability in Android

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in Android. Android is an open-source software stack for mobile devices which includes an operating system, key applications, and middleware. The vulnerability was discovered by...

Live ModSecurity Challenges at Blackhat Arsenal

ModSecurity is participating in the upcoming Blackhat Arsenal Tools Demo next week in Las Vegas. Details: When: Wed. Aug 3rd from 1:45 pm - 4:30 pm Where: POD 1 We will have live demos/challenges running from our kiosk. In addition...

ModSecurity SQL Injection Challenge: Lessons Learned

This is a post-mortem blog post to discuss the successful Level II evasions found by participants during the recent ModSecurity SQL Injection Challenge. First of all, I would like to thank all those people that participated in the challenge. All...

A whole lot of Spiders at DEF CON 19

Next week members of Trustwave's SpiderLabs team will be headed to Las Vegas to attend DEF CON 19. Members of the team from every corner of the planet will be attendance. We are fortunate this year to have 15 members...

Announcing Release of OWASP ModSecurity Core Rule Set v2.2.1

I am pleased to announce the release of the OWASP CRS v2.2.1. This is a significant update with regards to SQL Injection protections. Trustwave's SpiderLabs Team conducted an analysis/review of the SQL Injection Challenge Level II evasions - http://www.modsecurity.org/demo/challenge.html and...

Announcing Release of ModSecurity v2.6.1-RC1

Availability of ModSecurity 2.6.1-RC1 Release (June 30, 2011) The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.1-rc1 Release. This release includes some new features and bug fixes, please see the release notes included into CHANGES file....

Announcing the ModSecurity SQL Injection Challenge

The ModSecurity Project Team is happy to announce our first community hacking challenge! This is a SQL Injection and Filter Evasion Challenge. We have setup ModSecurity to proxy to the following 4 commercial vuln scanner demo sites: IBM (AppScan) -...

My Other Ride is Your Image Upload Script

Many security issues are based upon mistaken assumptions. For instance, when testing applications, I often find that the user inputs left unsanitized are the ones that the developer does not believe can be modified, such as inputs from drop-down menus....