![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Pattern Matching in encoded Shellcode
From: "felix.matenaar@rwth-aachen" <felix.matenaar () rwth-aachen de>
Date: Sat, 24 Apr 2010 01:04:20 +0200
If there is encoding which can be neutralized by this method and you want to do pattern matching, then there is a use case. When the exploitation process transports encoded shellcode which is a common case as far as i know there is a possibility to detect exploitation. For example there are a few patterns for common shellcode techniques which are able to detect a lot of automatic exploitation from botnets. Jason Brvenik wrote:
The approach we use is to detect exploitation rather than shellcode. Is there a use case instead?
------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Pattern Matching in encoded Shellcode felix.matenaar@rwth-aachen (Apr 23)
- Message not available
- Re: Pattern Matching in encoded Shellcode felix.matenaar@rwth-aachen (Apr 23)
- Message not available
- Re: Pattern Matching in encoded Shellcode felix.matenaar@rwth-aachen (Apr 24)
- Re: Pattern Matching in encoded Shellcode Matt Olney (Apr 24)
- Re: Pattern Matching in encoded Shellcode felix.matenaar@rwth-aachen (Apr 23)
- Message not available