Get a Pentest and security assessment of your IT network.

News

Why 114 rules for MS08-067?

The vulnerability is in a DCERPC service. The rules must handle all of the differences and neuances of the underlying protocols to limit detection to just the field in question. The hard part is making sure the detection only detects attacks, not benign traffic. The code generator handles all of these permutations for me, allowing me to focus on the specifics of the attack, not the protocol. The end goal of all the rules is to detect attack traffic, while not alerting on benign traffic, in fact its pretty easy.”]

Source: https://blog.talosintelligence.com/2008/10/why-114.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2