Open Information Security Foundation

02/24/2022

12:34 PM Suricata Bug #5160 (New): smb: Misguiding keyword smb.named_pipe

The "smb.named_pipe" this keyword is used to match shares in the tree_connect request that contains named pipes (su... Eloy Pérez

02/17/2022

12:52 PM Suricata Bug #5087 (Closed): smb: file.name sticky buffer doesn't match all smb files

The file.name doesn't need the Unicode characters and only matches the transferred files. Eloy Pérez

11:17 AM Suricata Bug #5087 (Closed): smb: file.name sticky buffer doesn't match all smb files

Eloy Pérez

12:05 PM Suricata Documentation #5088 (Closed): file.name sticky buffer is not documented

The file.name sticky buffer is not documented. It should be documented in _/rules/file-keywords.html#filename_ as t... Eloy Pérez

02/16/2022

11:35 AM Suricata Feature #5082 (Closed): smb: keyword for matching the SMB files

It would be nice to have a keyword that allows to match the filenames that are being accessed/created through smb c... Eloy Pérez

02/14/2022

10:13 AM Suricata Feature #5075 (Closed): smb: keyword for the SMB version

Create a new keyword to allow match an specific SMB version, that can be 1 or 2.
Eloy Pérez

02/11/2022

12:56 PM Suricata Feature #5069 (In Review): smb: SMB keyword for match the smb command

Create a new keyword to allow match an specific SMB command (message type). Eloy Pérez

02/10/2022

10:38 AM Suricata Feature #5067 (New): smb/dcerpc: Match dcerpc (over smb) requests before bind_ack

Windows computers made a heavy use of the dcerpc protocol. I being working with a Windows Server 2019 and observed ... Eloy Pérez

01/12/2022

12:26 PM Suricata Optimization #4950 (New): Code improvement in KRB5State.parse function

The function KRB5State.parse function requires a couple of improvements in code readability:
- Giving meaningful n... Eloy Pérez

10/21/2021

10:20 AM Suricata Bug #4529: Not keyword matches in Kerberos requests

Update: it also happens with TGS-REQ and KRB-ERROR messages. Eloy Pérez