[Discussion] Binary Signature Detection
Josh Smith
famousjs at gmail.com
Sun Jan 25 17:03:02 UTC 2009
David,
Well I originally converted the database file they offer on the PEiD
website, and that was about 1500 signatures. Now I've just been
collecting database files from around the internet. The one I
originally did may be dated, but still applies to quite a few binary
signatures.
-Josh
On Sun, Jan 25, 2009 at 11:58 AM, David Glosser <david.glosser at gmail.com> wrote:
> wow! is there any way to have a smaller list of "active" sigs? (or would
> that "smaller" list still be too large for most snort installations)?
>
>
>
> On Sun, Jan 25, 2009 at 11:38 AM, Josh Smith <famousjs at gmail.com> wrote:
>>
>> I have been working on converting the PEiD database of binary packer
>> signatures straight to snort signatures. I've been refining my
>> signatures with other members from Emerging Threats, and have over
>> 10,000 snort signatures for packers. I was told this may be a good
>> topic to bring up (binary packer detection) for OISF.
>>
>> -Josh
>> _______________________________________________
>> Discussion mailing list
>> Discussion at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>
>
More information about the Discussion
mailing list