Out of Band Microsoft Security Advisory MS08-067
Today, Microsoft released an out of band patch for a vulnerability concerning DCE/RPC that is being actively exploited by a Trojan. We were busy today :D Details on what we were busy with are available here: http://www.snort.org/vrt/advisories/vrt-rules-2008-10-23.html More de
Introduction to Network Penetration Testing
Overview In an effort to broaden the audience and topic base for the VRT blog, this week we are going to take a very high level view of what a network penetration test looks like from the tester's perspective. Some of the techniques and ideas behind a high-level network pene
Mac Transitions - Fixing Files
In the transition from Linux to Mac, I also ran across a small problem with Mac formatted text files on remote Linux machines. Line endings. I had assumed (and we all know what that means) that the Mac running OS X, being as it's userland roots lie firmly in the BSD camp, wou
Perl Snippet
Recently, I have been moving Perl scripts from BSD and Linux machines onto OS X. Mostly, things are pretty smooth but today I had to change a script slightly so that I could read data from /private/var/tmp/ on OS X. The scripts I had on the other systems would read from /var/tmp/
Guide to AWBO Exercises
Over here at the VRT, we've thoroughly enjoyed sinking our teeth into the awbo exercises. Hopefully, readers who've had the chance to work through these are eagerly anticipating those to come. On the other hand, there may still be some of you who are interested in giving
Snort startup script for Ubuntu
#! /bin/sh ### BEGIN INIT INFO # Provides: Snort # Required-Start: $local_fs $remote_fs $syslog $network mysql # Required-Stop: $local_fs $remote_fs $syslog $network mysql # Default-Start: 2 3 4 5 # Default-Stop: S 0 1 6 # Short-Description: Init script
AWBO4!
Some of you tore through awbo3 pretty quickly, but I wanted to give others time to catch up before posting this one. We're going to start getting into some issues you'll see in live software when working on exploits. This one in particular might remind you of a certain ba
Logical signatures in ClamAV 0.94
Up until ClamAV 0.93, the following formats have been used the most to write signatures to detect malware: SignatureName;TargetDescriptionBlock;LogicalExpression;Subsig0;Subsig1;Subsig2;... Logical signatures should be stored in .ldb files. Let us illustrate how logical signat
Webcast Teaser -- Basic Buffer Overflow Detection
Our next webcast, Performance Rules Creation: Rules Options and Techniques, is scheduled for 1pm EST on Wednesday, September 17th. We’ll be using actual published VRT rules to demonstrate common rule structures, rule options and some of the gotchas that you might run across when