Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pattern Matching in encoded Shellcode

From: "felix.matenaar@rwth-aachen" <felix.matenaar () rwth-aachen de>
Date: Sat, 24 Apr 2010 01:04:20 +0200
If there is encoding which can be neutralized by this method and you
want to do pattern matching, then there is a use case.
When the exploitation process transports encoded shellcode which is a
common case as far as i know there is a possibility to detect
exploitation. For example there are a few patterns for common shellcode
techniques which are able to detect a lot of automatic exploitation from
botnets.

Jason Brvenik wrote:


The approach we use is to detect exploitation rather than shellcode.
Is there a use case instead?



------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: