Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Team0x42 Snort rules

from [Lurene A Grenier] Network Security [Permanent Link]
Subject: Re: [Snort-users] Team0x42 Snort rules
Date: Mon, 7 Apr 2008 18:05:44 -0400 
In addition you might want to note that the MSF default behavior is to
encode all shellcode and append a decoder to the beginning of the payload,
so none of those MSF shellcode rules will work except the HPUX on PA-RISC
because it lacks a valid encoder (though HPUX on ia64 should still be
undetectable with that rule).

I'm not in Brooklyn but I am crafty.

_________________________
Lurene A Grenier, 
Analyst Team Lead
Senior Research Engineer
 
Office: (410) 423-1918
Mobile: (703) 839-3898
                 ,,_
SourceFire Inc. o"  )~
                 ''''


-----Original Message-----
From: snort-users-bounces@lists.sourceforge.net
[mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of Brian
Caswell
Sent: Monday, April 07, 2008 6:00 PM
To: TheWell
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Team0x42 Snort rules

On Apr 7, 2008, at 5:01 PM, TheWell wrote:

Some good snort rules by Team0x42


Team B,

Really?

I see 5 rules that are all basically the same thing.  Perhaps you  
should update your regular expression to include all 5 cases you  
attempt to cover in 1 rule.

The following regular expression is released under the license to ill,  
however you may not use it unless you are in Brooklyn, and you did not  
sleep while traveling to said city.

(\%(60|3b|7c|00)|<)

Brian

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Register now and save $200. Hurry, offer ends at 11:59 p.m., 
Monday, April 7! Use priority code J8TLD2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javao
ne
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Register now and save $200. Hurry, offer ends at 11:59 p.m., 
Monday, April 7! Use priority code J8TLD2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Team0x42 Snort rules, Brian Caswell
Next by Date:  Re: [Snort-users] Team0x42 Snort rules, M. Shirk
Previous by Thread:  Re: [Snort-users] Team0x42 Snort rules, Brian Caswell
Next by Thread:  Re: [Snort-users] Team0x42 Snort rules, M. Shirk
Indexes:  [Date] [Thread] [Top] [All Lists]