Snort - the de facto standard for intrusion detection/prevention
Lurene Grenier from our VRT team at Sourcefire does a great job of flushing this "Blackworm" Nymex virus thing down the toilet. Apparently this is the same worm that was released two years ago, and it still just as lame.
In case you haven't heard what I am talking about, all, I am talking about this worm right here (Click)
It's all over the news: Information Week Article and the analysis is running rampant.
I get an IM from my Director of Vulnerability Research, asking me if I can get a copy of the virus. To which, a 1/2 hour later I had a copy and emailed to him. Afterwards, he was working hard. Here is a VRT analysis.
Finally all the pcaps for the virus: Pcaps.
Over the past several years my job here at Cisco Talos has changed drastically. I took on new roles, which is awesome and exciting, but in ...
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
1. I don't feel like I have much to say. I do a tremendous amount of writing and blogging on the Snort, ClamAV, and Talos blogs. So...