VRT Guide To IDS Ruleset Tuning
Everyone who's ever used Snort, or any other IDS for that matter, for any length of time knows that in order to get the most of out of their system, they need to tune it. Most people have at least a basic idea of what that means - choosing the right rules to run, placing the
Adobe Responds to Vendor Response Blog Post
Hey folks, Brad Arkin, Director, Product Security & Privacy for Adobe Systems left a note in the comments section of my blog entry on Vendor response (http://vrt-sourcefire.blogspot.com/2009/12/matts-guide-to-vendor-response.html). In that post, I expressed my concern on a nu
Rule release for today - January 6th 2010
First rule release of the year, a few updates a few modifications. Check it out here: http://www.snort.org/vrt/advisories/2010/01/06/vrt-rules-2010-01-06.html
New Year, New Snort
(I'm doing this now mainly to bump the bosses post down a slot... :)) Hey folks, we have some updated Snort information for you. Here is some information ofon the latest production build of Snort, and our first beta build of Snort 2.8.6. Snort 2.8.5.2 Update: A quick note
The Last List of 2009 - Predicting Security in 2010
As the guy in charge I've been too busy with the day-to-day operations of the Sourcefire VRT to create the cliched, annual "Top 10 List" of things that have come and gone, or things that will happen in the future. However I've procrastinated long enough on this
Matt's Guide to Vendor Response
Well...it's that weird period between Christmas and New Years, and I've realized that I hadn't gotten anything for those wonderful people that keep the VRT employed.So as a gift to you, software vendor, I present Matt's Guide to Vendor Response.Now...this is a com
DEP and Heap Sprays
Usually when you need to use a heap spray, you're SOL when it comes to DEP. The reason for this has to do with why you used the heap spray in the first place. In the case of a vtable overwrite you need a chain of pointers to get the job done. A neat way to deal with this is t
Sourcefire VRT Labs
We are opening the Sourcefire VRT Labs for business. We've had a few useful things floating around in the jungle for a while now and we decided to make everything available, in one place, for everyone to use. Right now, Labs has a few resources on it we thought folks might fi
Adobe Reader media.newPlayer() Analysis (CVE-2009-4324)
First off its not Friday, and hopefully you'll have a better weekend. The reason for that is you are set with rules and clam sigs. Now what the heck am I talking about…. Last night Adobe released an advisory detailing an in the wild exploit for Adobe Acrobat that is current