- Login: zoomequipd
- Registered on: 09/17/2019
- Last connection: 06/02/2021
- 10:04 PM Suricata Feature #4227: breakout components of tls.cert_subject and tls.cert_issuer into additional "sub" buffers
- Another use case for the "sub" buffers is for negations on specific components of the certificate. Such as negating ...
- 06:35 PM Suricata Bug #2224: Negated http_* match returns false if buffer not populated
- Just as an FYI - this issue/design/whatever continues to cause False Negatives on a pretty regular basis. If there i...
- 06:02 AM Suricata Feature #4227 (New): breakout components of tls.cert_subject and tls.cert_issuer into additional "sub" buffers
- h1. Problem
Writing signatures that use tls.cert_subject and tls.cert_issuer to match on content within the Common...
- 04:56 AM Suricata Bug #4226 (New): bsize is considerably slower than depth:x; isdataat:!1,relative
- When reviewing rule profiling output of comparing the speed of bsize:x; checks to using depth:x; isdataat:!1,relative...
- 03:53 AM Suricata Bug #4225 (Closed): SC_ERROR_CONF_YAML_ERROR anomaly logger error when in socket mode
- Upon the first pcap being submitted in socket mode, an error is logged...
- 05:57 PM Suricata Bug #3504 (Closed): http.header.raw prematurely truncates in some conditions
- In attempting to create a signature for the attached pcap, I found an unexpected behavior in suricata 5.0.0+ as it re...
- 02:57 PM Suricata Feature #3285: rules: XOR keyword
- Victor Julien wrote:
> I suppose it would be useful to use the result of byte_extract as input to the key.
- 02:55 PM Suricata Feature #3285: rules: XOR keyword
- Adding a real world example of how this will be helpful.
AZORult 3.2 uses a static XOR key to encode network comm...
- 01:10 PM Suricata Feature #3285: rules: XOR keyword
- Having given a bit more thought, this solution would only work where XOR keys are known. This limitation moves the u...
- 10:42 AM Suricata Feature #3285 (In Review): rules: XOR keyword
- Due to masked WebSocket usage with Masked payloads and XOR in general used by malware for network "encryption", I'm w...
Also available in: Atom