[Discussion] Binary Signature Detection

• Previous message (by thread): [Discussion] Binary Signature Detection
• Next message (by thread): [Discussion] Binary Signature Detection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Josh, thanks for bringing this up!

Josh Smith wrote:
> I have been working on converting the PEiD database of binary packer
> signatures straight to snort signatures.  I've been refining my
> signatures with other members from Emerging Threats, and have over
> 10,000 snort signatures for packers.  I was told this may be a good
> topic to bring up (binary packer detection) for OISF.

10k sigs is quite a lot :) Can you tell something about the nature of
these sigs? Are they complex, or do they just use one content match for
example?

Should they be matches against full packets and streams or would we be
able to match them against a small part of it?

Cheers,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

• Previous message (by thread): [Discussion] Binary Signature Detection
• Next message (by thread): [Discussion] Binary Signature Detection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]