Sourcefire VRT DI is Hiring
Here's your chance to become part of the Intelligence unit that powers the Vulnerability Research Team. We know all, we see all and we say almost nothing to anyone about anything. Kinda. Alright, not really. We get the data, we manage the data, we mine the data, we give out i
Rule Release for Today, Thursday July 22nd, 2010
Two main vulnerabilities covered in this release. Microsoft Windows Shell shortcut vulnerability (CVE-2010-2568) and the Siemens Simatic WinCC and PCS 7 SCADA vuln (CVE-2010-2772). Both of these are being actively used by the Stuxnet worm. More details are available here: http:/
Innovation -- You Keep Using That Word...
So, this week, the OISF has been on a media blitz about Suricata, their open-source Intrusion Detection System. As always, my preference is for you to review the information yourself, so before I give you my thoughts about the state of Suricata, here are some links: http://www.
The Power of Scapy
There is a special place in my heart for someone who accidentally causes all the Macs in the office to repeatably crash at the Grey Screen of Death. If you too like fun "accidents" or need to craft up some packets check out Judy Novak's SANS class on Scapy. This is
Vulnerability Report - July 2010
Sourcefire VRT Vulnerability Report July 2010 from Sourcefire VRT on Vimeo.
New Rule Categories
Three new rule categories were introduced yesterday (Tuesday, 13th July 2010) in SEU 348 and into the VRT Certified Rule packages. I'd like to take a moment to explain what's in these categories, where the data behind them is coming from, and what you should do if you tur
Rule Release for Today, Tuesday July 13th, 2010
Microsoft Security Advisory MS10-042: Microsoft Help and Support Center contains a programming error that may allow a remote attacker to bypass security restrictions on an affected system. The error occurs when invalid hex-encoded characters are used as a parameter to a search
Fundamentals of Exploit Development Class in VEGAS!
Need some more exploit fun? Want to stay in Vegas a little longer? Need some face time with the VRT? We are holding the fundamentals of exploit development class right after DefCon this year. August 2nd, 3rd and 4th in Las Vegas, NV. For more details and to book your place, take
Increase in attacks on CVE-2010-1885
Microsoft is warning that there has been an increase of attacks against a zero-day vulnerability in Microsoft Help and Support Center. The vulnerability is due to an error when using invalid hexadecimal characters in the search topic parameter of a URI. It can be used to bypass r