Snort mailing list archives
Re: Feasibility question
From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 04 Dec 2014 16:46:12 -0700
On 2014-12-04 04:42 PM, Joel Esler (jesler) wrote:
No. You'd get
a ton of false positives on that. We used that for research for awhile, but it was too much.
-- JOEL ESLER Open Source Manager Threat
Intelligence Team Lead
TalosOn Dec 4, 2014, at 2:18 PM, James
Lay <jlay () slave-tothe-box net [1]> wrote:
Hey All, So as
I go about reverse engineering here, a common theme is seeing
PADDINGXX within exe's....would it be feasible to make a sig to match on
executable for this? Thanks. James
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App
Integration & more
Get technology previously reserved for
billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk [2]
_______________________________________________ Snort-sigs
mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the
latest news about Snort! Thanks Joel...glad I asked. James Links: ------ [1] mailto:jlay () slave-tothe-box net [2] http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Feasibility question James Lay (Dec 04)
- Re: Feasibility question Joel Esler (jesler) (Dec 04)
- Re: Feasibility question James Lay (Dec 04)
- Re: Feasibility question Joel Esler (jesler) (Dec 04)