Snort mailing list archives
Re: Feasibility question
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 4 Dec 2014 23:42:24 +0000
No. You’d get a ton of false positives on that. We used that for research for awhile, but it was too much. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos
On Dec 4, 2014, at 2:18 PM, James Lay <jlay () slave-tothe-box net> wrote: Hey All, So as I go about reverse engineering here, a common theme is seeing PADDINGXX within exe's....would it be feasible to make a sig to match on executable for this? Thanks. James ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Feasibility question James Lay (Dec 04)
- Re: Feasibility question Joel Esler (jesler) (Dec 04)
- Re: Feasibility question James Lay (Dec 04)
- Re: Feasibility question Joel Esler (jesler) (Dec 04)