Focus on IDS Mode:
(Page 12 of 199)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
Re: CSLID evasion - Client protection 2009-03-25
ushacker20002001 yahoo com
In case of application filtering capability embedded inside IDS solutions such as SnortIDS, BroIDS or Prelude...PCRE format should be able to detect such payload signature (if constant). However, in terms of complexity of a threat, one should workout on Dynamic plug-ins to stabilize the detection pr

[ more ]  [ reply ]
CSLID evasion - Client protection 2009-03-25
Ravi Chunduru (ravi is chunduru gmail com) (2 replies)
In many cases, ActiveX CLSID is sent in HTML pages as a simple string such as

CLSID:06723E09-F4C2-43c8-835d-09FCD1DB0766

To evade detection by intermediate security devices, clsid information
can be sent as java script which looks like this:

<script>
var object1=document.createElement('object');

[ more ]  [ reply ]
RE: CSLID evasion - Client protection 2009-03-25
Addepalli Srini-B22160 (saddepalli freescale com) (1 replies)
Re: CSLID evasion - Client protection 2009-03-26
Stuart Staniford (sstaniford FireEye com)
Re: CSLID evasion - Client protection 2009-03-25
Stuart Staniford (sstaniford FireEye com)
CFP RAID 2009 2009-03-24
Corrado Leita (corrado_leita symantec com)

CALL FOR PAPERS
RAID 2009

12th International Symposium on
Recent Advances in Intrusion Detection 2009

September 23-25, 2009

Saint Malo, Brittany, France

http://www.r

[ more ]  [ reply ]
Workshop on the Analysis of System Logs (WASL) Oct 14, 2009 2009-03-23
Greg Bronevetsky (greg bronevetsky com)
Workshop on the Analysis of System Logs (WASL) 2009
http://www.systemloganalysis.com
Call for Papers

===============================
October 14, 2009
Big Sky, MT

[ more ]  [ reply ]
Detection evasion technique by invalid UTF-8 sequences 2009-03-23
bugtraq01 hash-c co jp (1 replies)
Title: Detection evasion technique by invalid UTF-8 sequences
Reported By: Hiroshi Tokumaru of HASH Consulting Corp.
Impact: A remote attacker can evade detection.

Overview
========

Invalid UTF-8 sequences are ignored in ASP.NET 1.1.
This may be used for the detection evasion of IDS/IPS/WAF.

Pr

[ more ]  [ reply ]
Re: Detection evasion technique by invalid UTF-8 sequences 2009-03-27
Frank Knobbe (frank knobbe us)
Protocol coverage metrics... 2009-03-19
kowsik (kowsik gmail com) (1 replies)
If all you have is a pcap with some protocol packets in it, how would
you know how much of the actual protocol specification (the possible
set of fields that the packets could carry) is being covered? This is
a useful metric to have when writing a dissector or IPS/DPI
signatures. This is much in the

[ more ]  [ reply ]
Re: Protocol coverage metrics... 2009-03-20
Webmaster 003 (webmaster networkdefense biz) (1 replies)
Re: Protocol coverage metrics... 2009-03-20
Aaron Turner (synfinatic gmail com)
Re: Intrusion Detection Evaluation Datasets 2009-03-19
Joel Esler (eslerj gmail com) (1 replies)
On Mar 19, 2009, at 4:30 PM, Paul Schmehl wrote:

> --On Thursday, March 19, 2009 14:33:29 -0400 Joel Esler <eslerj (at) gmail (dot) com [email concealed]
> > wrote:
>
>> Would this be an appropriate use for byte_test or byte_jump?
>>
>
> That's what I was referring to when I mentioned applications. The
> problem with http

[ more ]  [ reply ]
Re: Intrusion Detection Evaluation Datasets 2009-03-20
Ravi Chunduru (ravi is chunduru gmail com)
(Page 12 of 199)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus