Some Facts About Advanced Evasion Techniques
Chances are you've heard the recent "news" about Advanced Evasion Techniques (AETs) from Finnish IPS vendor Stonesoft. Originally announced in an October 4 press release, the good folks at Stonesoft reported the IDS/IPS evasion techniques mentioned in their release
Rule Release for Today, Tuesday October 12th, 2010
Big day for Microsoft patches today. Lots of rules to accompany it. Release notes here: http://www.snort.org/vrt/advisories/2010/10/12/vrt-rules-2010-10-12.html Read them here too: Microsoft Security Advisory MS10-070: The Microsoft .NET Framework discloses enough information
Rule Release for Today, Monday September 27th, 2010
We've added and modified multiple rules in the chat, dns, exploit, ftp, imap, misc, netbios, oracle, policy, pop3, rpc, specific-threats sql, tftp, web-activex, web-client and web-misc rule sets. Get it: http://www.snort.org/vrt/advisories/2010/09/27/vrt-rules-2010-09-27.htm
Rule Release for Today, Thursday September 23rd, 2010
Microsoft .NET Framework Information Disclosure (CVE-2010-3332): The Microsoft .NET Framework discloses enough information in error responses that an attacker is able to decrypt and modify encrypted data. The attacker is also able to forge cookies and obtain application files via
Rule Release for Today, Tuesday September 21st, 2010
Maintenance release this one. Quite a few modifications and additions. Check it out here http://www.snort.org/vrt/advisories/2010/09/21/vrt-rules-2010-09-21.html
Rule Release for Today, Tuesday September 14th, 2010
Microsoft Security Advisory MS10-061: The Microsoft Windows Print Spooler service contains a programming error that may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting this vulnerability is included in this release and are identif
Rule Release for Today, Thursday September 9th, 2010
Adobe Acrobat Reader and Adobe Acrobat contains a programming error that may allow a remote attacker to execute code on an affected system. The problem occurs when parsing TrueType font data. More info: http://www.snort.org/vrt/advisories/2010/09/09/vrt-rules-2010-09-09.html
Rule Release for Today, Tuesday September 7th, 2010
Additions and modifications to the policy, specific-threats and web-client rule sets.
Introduction to ClamAV's Low Level Virtual Machine (LLVM)
Users of prior versions of ClamAV may have noticed a drastic increase in the size of the tarball with the introduction of 0.96. This is due to the addition of a bytecode interpreter, and a JIT Low Level Virtual Machine (LLVM). It greatly extends ClamAV detection capabilities by b