General

Profile

Brandon Murphy

  • Login: zoomequipd
  • Registered on: 09/17/2019
  • Last connection: 08/04/2022

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 17 9 26

Activity

09/14/2022

06:30 PM Suricata Bug #5541 (New): Unexpected behavior of `endswith` in combination with negated content matches
Please consider the following rule and attached pcaps.
The intention of the rule is to alert when the http.host b... Brandon Murphy

07/07/2022

05:26 PM Suricata Bug #5439 (New): Invalid certificate when Issuer is not present.
When investigating the Sliver Framework, it was observed that certificates which lack an Issuer (or contain an issuer... Brandon Murphy

06/15/2022

04:24 PM Suricata Bug #5223: base64_decode does not populate base64_data buffer once hitting non-base64 chars
Updated pcap as Shivani pointed out the 97b97bef320a2ea.pcap was missing the hose host header and resulted in anomaly... Brandon Murphy

06/10/2022

08:51 PM Suricata Bug #5208: DCERPC protocol detection when nested in SMB
> So I guess the question is if the dcerpc app protocol specification in the rule should be overloaded to mean "eithe... Brandon Murphy

04/10/2022

02:38 AM Suricata Bug #5197: fast_pattern assignment of specific content results in FN
I just tested again, just to make sure and was able to replicate only sid:1 alerting.
Attached are the config, and ... Brandon Murphy

04/08/2022

01:32 PM Suricata Feature #5245 (New): allow fast_pattern on base64_data strings
As referenced within issue 5220 - the engine today does not use nor error out when a fast_pattern is provided on a co... Brandon Murphy

03/30/2022

04:39 PM Suricata Bug #5223: base64_decode does not populate base64_data buffer once hitting non-base64 chars
the following rule, when run on snort 2.9.18 (only tested version) works as expected. this is equivalent to sid:1; of... Brandon Murphy
04:11 PM Suricata Bug #5223: base64_decode does not populate base64_data buffer once hitting non-base64 chars
correction:
> Pay particular attention to sid:4 and sid:2 where the only difference is how far into the base64 enc... Brandon Murphy
04:09 PM Suricata Bug #5223 (In Progress): base64_decode does not populate base64_data buffer once hitting non-base64 chars
consider the following rules and the attached pcap.
The rules are designed to test the behavior of when non-base6... Brandon Murphy

03/25/2022

07:29 PM Suricata Feature #5075: smb: keyword for the SMB version
any support for SMB3?
https://docs.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview Brandon Murphy

Also available in: Atom