Open Information Security Foundation

11/14/2023

09:07 AM Suricata Feature #2695: websocket support

websocket pcaps found on malware-traffic-analysis.net:
* https://www.malware-traffic-analysis.net/2018/09/04/201... b1 tg

05/17/2023

02:04 AM Suricata Bug #6008: smb: wrong offset when parse SMB_COM_WRITE_ANDX record

Pcap to show padding bug:
In the origin packet, data_length == bcc == 20, if we use a proxy to change data_length to... b1 tg

05/15/2023

11:31 AM Suricata Bug #6008: smb: wrong offset when parse SMB_COM_WRITE_ANDX record

Add pcap for test windows behaviour on handling data_offset of smb1 write_andx_request b1 tg

04/19/2023

03:44 AM Suricata Bug #6008: smb: wrong offset when parse SMB_COM_WRITE_ANDX record

pcap: https://www.malware-traffic-analysis.net/2018/04/30/2018-04-30-Trickbot-goes-from-client-to-domain-controller... b1 tg

03:38 AM Suricata Bug #6008 (Closed): smb: wrong offset when parse SMB_COM_WRITE_ANDX record

In function parse_smb1_write_andx_request_record, when wct == 12, offset should use 32-bits value rather than stay ... b1 tg

02/01/2023

10:42 AM Suricata Bug #5783: smb: wrong endian conversion when parse NTLM Negotiate Flags

add .pcap file for reference in suricata-verify b1 tg

01/13/2023

06:07 AM Suricata Optimization #5785 (New): smb: use u32.to_be_bytes to replace function u32_as_bytes

I think use std function here is more straightforward.
u32_as_bytes implement: https://github.com/OISF/surica... b1 tg

01/12/2023

02:56 PM Suricata Bug #5783 (Closed): smb: wrong endian conversion when parse NTLM Negotiate Flags

NTLM Negotiate Flags value in follow image is 0xe2888215, function parse_ntlm_auth_nego_flags return version_set_fl... b1 tg