General

Profile

James Emery-Callcott

  • Login: jcallcott
  • Registered on: 07/03/2019
  • Last sign in: 06/13/2025

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 5 3 8

Activity

06/13/2025

09:38 PM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
Does this mean there is no plan to change this behaviour and that it is intended? James Emery-Callcott
01:35 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
I've just tested http.accept; for this same logic and it seems that buffer is affected too. I suspect all http stick... James Emery-Callcott
01:06 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
My concerns here is that this could now lead to bypassing many existing signatures with ease.
If a signature inclu...
James Emery-Callcott
12:58 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
Came back to this with fresh eyes and I think I've identified the cause however, it's potentially still a bug.
It ...
James Emery-Callcott
12:44 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
Re-posting the same signature in a code block so certain characters aren't interpreted as formatting efforts.
<pre...
James Emery-Callcott
12:42 AM Suricata Bug #7754 (New): http.host and http.host.raw contain the same Host header value twice, with a delimiter
I ran into some strange behaviour when drafting a rule to detect RFC non-compliant characters within the HTTP host he... James Emery-Callcott

12/10/2024

06:00 PM Suricata Feature #7446: add logic to parse QUIC CRYPTO frames and provide a keyword to access the reassembled data
can probably close this out :) Chris W discovered quic.sni exists, it just wasn't documented James Emery-Callcott

12/08/2024

11:27 PM Suricata Feature #7446: add logic to parse QUIC CRYPTO frames and provide a keyword to access the reassembled data
semi-relevant https://redmine.openinfosecfoundation.org/issues/4985 James Emery-Callcott
11:23 PM Suricata Feature #7446 (New): add logic to parse QUIC CRYPTO frames and provide a keyword to access the reassembled data
Apologies if this is a duplicate report, I couldn't find anything else when searching.
Currently, we have no metho...
James Emery-Callcott

10/11/2024

01:05 AM Suricata Feature #7322 (Rejected): ability to negate the existence of fields via buffer negation
While writing hunting signatures today, we noticed that it is not possible to negate the existence of a buffer which ... James Emery-Callcott

Also available in: Atom