Virtual Patch for ASP.Net Forms Authentication Bypass Vulnerability (CVE-2011-3416)
January 04, 2012 | Ryan Barnett
Last Thursday, Microsoft released an out-of-band security patch (MS11-100) ...
[Honeypot Alert] phpThumb() 'fltr[]' Parameter Command Injection Detected
December 28, 2011 | Ryan Barnett
The SpiderLabs Research Team has identified active scanning for the phpThumb() ...
[Honeypot Alert] Plone and Zope Remote Command Execution Detected
December 27, 2011 | Ryan Barnett
We have identified active scanning for the recent Plone and Zope Remote Command ...
TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin
December 23, 2011 | Robert Foggia
The Spiderlabs team at Trustwave published a new advisory for a ...
TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface
December 21, 2011 | Robert Foggia
The Spiderlabs team at Trustwave published a new advisory for a authentication ...
[Honeypot Alert] User Agent Field Arbitrary PHP Code Execution
December 21, 2011 | Ryan Barnett
While reviewing today's web honeypot logs, SpiderLabs Research identified two ...
Announcing Release of OWASP ModSecurity Core Rule Set v2.2.3
December 19, 2011 | Ryan Barnett
The SpiderLabs Research Team is pleased to announce the ModSecurity OWASP Core ...
[Honeypot Alert] phpAlbum PHP Code Execution Attacks
December 19, 2011 | Ryan Barnett
We have seen a number of scans probing for phpAlbum code execution vulns in our ...
BayThreat Follow-up: More About Mobile Devices and Privacy
December 15, 2011 | Luiz Eduardo Dos Santos
We just saw a recent post here on SpiderLabs Anterior about one of mostly used ...
Mobile Device Location Tracking, and Why It Matters
December 14, 2011
Throughout the past decade, there has been a substantial increase in mobile ...
[Honeypot Alert] Awstats Command Injection Scanning Detected
December 13, 2011 | Ryan Barnett
Issue Detected Our daily web honeypot analysis has detected an increase in ...
Microsoft Patch Tuesday, December 2011
December 13, 2011
This Patch Tuesday, there are 3 new Critical and 10 new Important Bulletins. ...
[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
December 09, 2011 | Ryan Barnett
Our web honeypot analysis today detected scanning looking for SQL Injection ...
[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
December 09, 2011 | Ryan Barnett
Our web honeypot analysis today detected scanning looking for SQL Injection ...
[Honeypot Alert] Mass Joomla Component LFI Attacks Identified
November 17, 2011 | Ryan Barnett
Joomla Component LFI Vulnerabilities Joomla has hundreds of Controller ...
Trustwave Protections Deployed: MS11-083
November 15, 2011 | Robert Foggia
Last week, it was Microsoft's Patch Tuesday! For November, Microsoft released ...
Trustwave Protections Deployed: Duqu
November 06, 2011 | Robert Foggia
Recent reports of the zero-day exploit found in the Win32k True Type Font ...
NickiSpy.C - Android Malware Analysis Demo
October 26, 2011 | Josh Grunzweig
Recently I got the chance to dig into a nice little piece of Android spyware, ...
ModSecurity Advanced Topic of the Week: Commercial Rules Overview
October 04, 2011
As you may have heard, Trustwave recently announced the availability of ...
Interesting Authentication Bypass Vulnerabilities
September 30, 2011
Recently I've been writing a talk called "Authentication Bypass Zoo: Pwnage and ...
Google Android Focus Stealing Vulnerability Demo
September 27, 2011
Way back in August 2011, myself and Sean Schulte gave a presentation at DEF CON ...
TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server
September 23, 2011
The Spiderlabs team at Trustwave published a new advisory today which detail ...
Analyzing PDF Malware - Part 1
September 22, 2011
Background
Trustwave Releases New ModSecurity Rules and Support
September 22, 2011
ModSecurity is the most popular open source web application firewall (WAF) ...
Blinkie Lights howto by nosteve
September 22, 2011 | nosteve
At DEF CON 19, I showed a project that uses an LED matrix to display network ...
Advanced BNAT in the Wild
September 15, 2011 | Jonathan Claudius
Just this week, we were asked to help out with some "TCP weirdness" that was ...
ModSecurity Advanced Topic of the Week: Remote File Inclusion Attack Detection
September 11, 2011 | Ryan Barnett
Remote file inclusion (RFI) is a popular technique used to attack web ...
Morto: More than Meets the Eye
September 06, 2011 | Josh Grunzweig
There's been a lot of talk the past week or so about Morto. For those ...