[Discussion] Binary Signature Detection

• Previous message (by thread): [Discussion] Binary Signature Detection
• Next message (by thread): [Discussion] Binary Signature Detection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David,

Well I originally converted the database file they offer on the PEiD
website, and that was about 1500 signatures.  Now I've just been
collecting database files from around the internet.  The one I
originally did may be dated, but still applies to quite a few binary
signatures.

-Josh

On Sun, Jan 25, 2009 at 11:58 AM, David Glosser <david.glosser at gmail.com> wrote:
> wow! is there any way to have a smaller list of "active" sigs? (or would
> that "smaller" list still be too large for most snort installations)?
>
>
>
> On Sun, Jan 25, 2009 at 11:38 AM, Josh Smith <famousjs at gmail.com> wrote:
>>
>> I have been working on converting the PEiD database of binary packer
>> signatures straight to snort signatures.  I've been refining my
>> signatures with other members from Emerging Threats, and have over
>> 10,000 snort signatures for packers.  I was told this may be a good
>> topic to bring up (binary packer detection) for OISF.
>>
>> -Josh
>> _______________________________________________
>> Discussion mailing list
>> Discussion at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>
>

• Previous message (by thread): [Discussion] Binary Signature Detection
• Next message (by thread): [Discussion] Binary Signature Detection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]