Been reading alot about MS06-040. Apparently this is going around the internet as being 'THE' thing. THE next vulnerability. Now, I've also seen alot of people trying to run around writing Snort signatures for it.
Be honest with you.. these signatures are not written by normal humans... :) The VRT team is 'Above the Rim' when it comes to netbios rules. Netbios rules are like, easily the most difficult rules written, and perhaps the hardest to understand. I teach rule classes all the time, and let me tell you, when I put a netbios rule up on the screen, after i get done teaching pcre, and byte_test, byte_jump.. students still don't understand it. So, if you have a Sourcefire rules subscription for VRT rules, go grab these guys. If you don't, well you'll have to wait 5 days. But these rules are exactly the reason that you should buy a subscription. This is why one is needed.
So, let me just say... today, we published rules for these guys. Check out the vulnerability notice we put out today here Also here:
Subscribe to:
Post Comments (Atom)
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
-
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
Let's say you're like me, an avid Omnifocus user, but you've been hearing great things about Reminders on MacOS/iOS/iPadOS, and ...
No comments:
Post a Comment