Colapse all |
Post message
CSLID evasion - Client protection 2009-03-25 Ravi Chunduru (ravi is chunduru gmail com) (2 replies) In many cases, ActiveX CLSID is sent in HTML pages as a simple string such as CLSID:06723E09-F4C2-43c8-835d-09FCD1DB0766 To evade detection by intermediate security devices, clsid information can be sent as java script which looks like this: <script> var object1=document.createElement('object'); [ more ] [ reply ] RE: CSLID evasion - Client protection 2009-03-25 Addepalli Srini-B22160 (saddepalli freescale com) (1 replies) Workshop on the Analysis of System Logs (WASL) Oct 14, 2009 2009-03-23 Greg Bronevetsky (greg bronevetsky com) Detection evasion technique by invalid UTF-8 sequences 2009-03-23 bugtraq01 hash-c co jp (1 replies) Title: Detection evasion technique by invalid UTF-8 sequences Reported By: Hiroshi Tokumaru of HASH Consulting Corp. Impact: A remote attacker can evade detection. Overview ======== Invalid UTF-8 sequences are ignored in ASP.NET 1.1. This may be used for the detection evasion of IDS/IPS/WAF. Pr [ more ] [ reply ] Re: Detection evasion technique by invalid UTF-8 sequences 2009-03-27 Frank Knobbe (frank knobbe us) Protocol coverage metrics... 2009-03-19 kowsik (kowsik gmail com) (1 replies) If all you have is a pcap with some protocol packets in it, how would you know how much of the actual protocol specification (the possible set of fields that the packets could carry) is being covered? This is a useful metric to have when writing a dissector or IPS/DPI signatures. This is much in the [ more ] [ reply ] Re: Protocol coverage metrics... 2009-03-20 Webmaster 003 (webmaster networkdefense biz) (1 replies) Re: Intrusion Detection Evaluation Datasets 2009-03-19 Joel Esler (eslerj gmail com) (1 replies) On Mar 19, 2009, at 4:30 PM, Paul Schmehl wrote: > --On Thursday, March 19, 2009 14:33:29 -0400 Joel Esler <eslerj (at) gmail (dot) com [email concealed] > > wrote: > >> Would this be an appropriate use for byte_test or byte_jump? >> > > That's what I was referring to when I mentioned applications. The > problem with http [ more ] [ reply ] |
Privacy Statement |
[ more ] [ reply ]