Researchers from Errata Security at Black Hat USA will show how an attacker can reverse-engineer these zero-day filters that IPS (intrusion prevention system) vendors distribute. They will only demonstrate their research on TippingPoint’s IPS in its Thursday morning session, entitled “Simple Solutions to Complex Problems from the Lazy Hackers Handbook” The company was also able to do the same with signatures from Cisco, Juniper Networks, and McAfee, he says, although they won’t be releasing the tools.”]
Source: https://www.darkreading.com/analytics/black-hat-how-to-hack-ips-signatures