General

Profile

b1 tg

  • Login: b1tg
  • Registered on: 01/12/2023
  • Last connection: 01/03/2024

Issues

open closed Total
Assigned issues 1 1 2
Reported issues 1 2 3

Projects

Project Roles Registered on
Suricata Developer 01/12/2023
Suricata-Update Developer 01/12/2023

Activity

11/14/2023

09:07 AM Suricata Feature #2695: websocket support

websocket pcaps found on malware-traffic-analysis.net:
* https://www.malware-traffic-analysis.net/2018/09/04/201...
b1 tg

05/17/2023

02:04 AM Suricata Bug #6008: smb: wrong offset when parse SMB_COM_WRITE_ANDX record
Pcap to show padding bug:
In the origin packet, data_length == bcc == 20, if we use a proxy to change data_length to...
b1 tg

05/15/2023

11:31 AM Suricata Bug #6008: smb: wrong offset when parse SMB_COM_WRITE_ANDX record
Add pcap for test windows behaviour on handling data_offset of smb1 write_andx_request b1 tg

04/19/2023

03:44 AM Suricata Bug #6008: smb: wrong offset when parse SMB_COM_WRITE_ANDX record

pcap: https://www.malware-traffic-analysis.net/2018/04/30/2018-04-30-Trickbot-goes-from-client-to-domain-controller...
b1 tg
03:38 AM Suricata Bug #6008 (Closed): smb: wrong offset when parse SMB_COM_WRITE_ANDX record

In function parse_smb1_write_andx_request_record, when wct == 12, offset should use 32-bits value rather than stay ...
b1 tg

02/01/2023

10:42 AM Suricata Bug #5783: smb: wrong endian conversion when parse NTLM Negotiate Flags
add .pcap file for reference in suricata-verify b1 tg

01/13/2023

06:07 AM Suricata Optimization #5785 (New): smb: use u32.to_be_bytes to replace function u32_as_bytes

I think use std function here is more straightforward.
u32_as_bytes implement: https://github.com/OISF/surica...
b1 tg

01/12/2023

02:56 PM Suricata Bug #5783 (Closed): smb: wrong endian conversion when parse NTLM Negotiate Flags

NTLM Negotiate Flags value in follow image is 0xe2888215, function parse_ntlm_auth_nego_flags return version_set_fl...
b1 tg

Also available in: Atom