General

Profile

James Emery-Callcott

  • Login: jcallcott
  • Registered on: 07/03/2019
  • Last sign in: 12/08/2024

Issues

open closed Total
Assigned issues 1 0 1
Reported issues 5 2 7

Activity

12/10/2024

06:00 PM Suricata Feature #7446: add logic to parse QUIC CRYPTO frames and provide a keyword to access the reassembled data
can probably close this out :) Chris W discovered quic.sni exists, it just wasn't documented James Emery-Callcott

12/08/2024

11:27 PM Suricata Feature #7446: add logic to parse QUIC CRYPTO frames and provide a keyword to access the reassembled data
semi-relevant https://redmine.openinfosecfoundation.org/issues/4985 James Emery-Callcott
11:23 PM Suricata Feature #7446 (New): add logic to parse QUIC CRYPTO frames and provide a keyword to access the reassembled data
Apologies if this is a duplicate report, I couldn't find anything else when searching.
Currently, we have no metho... James Emery-Callcott

10/11/2024

01:05 AM Suricata Feature #7322 (Rejected): ability to negate the existence of fields via buffer negation
While writing hunting signatures today, we noticed that it is not possible to negate the existence of a buffer which ... James Emery-Callcott
12:53 AM Suricata Feature #7321 (New): cross buffer byte_* keyword support
Currently, byte_* keywords are only useable within the same buffer and you cannot (as far as I am aware) use values f... James Emery-Callcott

07/07/2024

06:23 PM Suricata Documentation #7143 (In Progress): Legacy keyword used in example for 'bypass' keyword
In all versions of documentation where the 'bypass' keyword appears, the legacy keyword of 'http_host' is used in the... James Emery-Callcott

06/30/2024

02:31 AM Suricata Feature #7127 (New): extended http.referer buffers/keywords
Just a quick one, looking for an extension of the existing HTTP referer capabilities.
Ex.
http.referer; = https... James Emery-Callcott

02/23/2023

01:08 AM Suricata Feature #5872 (New): file structure awareness - precise identification of fields in file structs
*Backstory*
Earlier today, I was working through a couple of clamav vulnerabilities (CVE-2023-20032, CVE-2023-20052)... James Emery-Callcott

07/03/2019

06:47 PM Suricata Feature #3074: DNS full domain matching within the dns_query buffer
Edit - ignore the PCRE in the example rule structure, typo on my part. James Emery-Callcott
06:44 PM Suricata Feature #3074 (Closed): DNS full domain matching within the dns_query buffer
Hey folks,
There have been a few scenarios in which the following pcre has been applied to a rule -> "/(?:^|\.)goo... James Emery-Callcott

Also available in: Atom