IP Blacklisting in Snort
Our Supreme Overlord and Benevolent Dictator, Marty Roesch, had a little free time on his hands over the weekend and spent some of it writing a new preprocessor for Snort 2.8.4.1 that implements IP blocklisting. This should help a great deal with performance for those folks who l
Microsoft Tuesday Coverage for May MS09-017
Microsoft Security Advisory MS09-017: Microsoft PowerPoint contains several programming errors that may allow a remote attacker to execute code on a vulnerable system via a specially crafted PowerPoint file. Rules to detect attacks targeting these vulnerabilities are included in
Exploit Development Class
Want to impress your friends, colleagues, girls, boys, employer, future employer? Want to become more attractive to the opposite sex? Want to make your past employer and/or ex-(girlfriend|boyfriend|spouse) jealous? Then you need to get dangerous and become awesome. We're run
Estimating Time
One of the developers here at Sourcefire, Andrew Williams, has written what we think is an interesting piece on Estimating Time for project planning. Take a look at it here: http://www.baltdad.com/2009/05/estimation/
Snort and Neural Networks
Jacson Rodrigues Correia da Silva just finished his Bachelors degree in computer science. As part of his final project, he came up with an implementation that allows you to use Snort with JavaNNS. (see http://www.cis.cau.edu/675/javasnns.html). This means, you could use Snort in
DoJoSec and dnssnarf
One of our IT guys, (total security geek Christopher McBee) found some interesting information from last nights DoJoSec meeting. Here's what he has to say: During Sean Wilkerson's talk at last nights DojoSec meeting (http://www.dojosec.com), Sean discussed some simple op
Rule release for today - May 5th 2009
Adobe Reader Code Execution (CVE-2009-1492): The JavaScript API in Adobe Reader may allow a remote attacker to execute code on an affected system. The problem occurs when specially crafted JavaScript uses the getAnnots method in a PDF document. A rule to detect attacks targeting
DoJoSec Meeting - May 7th
Here lie the details: http://www.dojosec.com/?p=109 A few of us are planning on attending the meeting, come and say hello. Also, from last month's meeting, our fearless leader and Senior Director of Chaos and Mayhem gave a talk that had something to do with PDFs and Adobe :
Rule release for today - April 21st 2009
A small set of new rules in today's release and a couple of modifications. Here are the highlights: Adobe Flash Player Buffer Overflow (CVE-2009-0520): Adobe Flash Player contains a programming error that may allow a remote attacker to execute code on a vulnerable system via