Latest Tutorials, Tips & Tricks topics

Topic	Replies	Views	Activity
About the Tutorials, Tips & Tricks category	0	1158	September 12, 2022
Cyber Security Awareness Month - Web Browser Security	0	202	October 3, 2025
Detection Exercise: D-Link DIR-513 (CVEs: 2025-8184, 8169, and 8168)	0	203	August 2, 2025
Come Sail the CVEs Part 1: Data Acquisition rss , cves , detection-engineerin , malware-analysis , pcaps	2	457	July 10, 2025
Double Firewall Hopping with PfSense	0	144	June 7, 2025
Come Sail the CVEs Part 2: Turning Data Into Rules dalton , pcaps , suricata , cves , detection-engineerin	0	285	May 21, 2025
ET TOAD Rules Response Guidance toad	0	97	April 24, 2025
Flexible Rule Writing: Seeing Around The Bend	0	206	March 25, 2025
Introduction to IOC Pivoting, and the Pyramid of Pain threat_intel , pyramid-of-pain , data_pivoting	0	603	March 25, 2025
Changes to ET SocGholish Rule Names to Reflect TA569 and TA2726/2727 Activity socgholish , injectors , ta569 , ta2727 , ta2726	0	309	March 13, 2025
ET SocGholish Rules Response Guidance socgholish	2	10913	March 12, 2025
Snort 3 Install Guide for Modern Debian Distributions snort2lua , snort3 , ubuntu , debian	0	1003	May 8, 2024
Addressing HTTP/2 in Suri7	0	873	November 8, 2023
Vidar Stealer Picks Up Steam! malware , vidar	1	4871	January 12, 2024
Get Started with Suricata CLI Debugging suricata , debugging	0	615	December 11, 2023
Prefilter Keyword Usage and Signature Performance	0	247	October 13, 2023
Handling False Positive Reports as A Rule Writer! Special Guests: PCREs, Dalton, Dalton’s Flowsynth dalton , pcre , flowsynth , tutorial , false-positives	11	543	October 12, 2023
If you get the alert "ET POLICY Vulnerable Java Version 1.8.x Detected"	2	904	September 22, 2023
If you get the alert "ET INFO Microsoft Connection Test"	0	1351	September 22, 2023
If you get the alert "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management"	0	709	September 22, 2023
If you get the alert "ET INFO TLS Handshake Failure"	0	843	September 20, 2023
If you get the alert "ET INFO Session Traversal Utilities for NAT (STUN Binding Request)"	1	1629	September 20, 2023
Android/MMRAT : Additional Analysis	0	410	September 14, 2023
If you get the alert "ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent"	1	1760	August 28, 2023
Translating Suricata http.header_names content to Snort	3	587	July 27, 2023
Understanding Signature Direction	0	548	July 14, 2023
Rule Metadata & Exploit Signature Difficulties	0	709	June 9, 2023
Intro to Traffic Analysis and Suricata Signature Development Lab - Bsides SLC 2022 training	1	1396	June 4, 2023
Investigating and Interpreting TLS SNI and DNS query rules	1	1743	May 19, 2023
Cobalt Strike and Malleable C2 Profiles cobalt-strike	0	857	March 7, 2023

About the Tutorials, Tips & Tricks category

0

1158

September 12, 2022

Cyber Security Awareness Month - Web Browser Security

0

202

October 3, 2025

Detection Exercise: D-Link DIR-513 (CVEs: 2025-8184, 8169, and 8168)

0

203

August 2, 2025

Come Sail the CVEs Part 1: Data Acquisition

2

457

July 10, 2025

Double Firewall Hopping with PfSense

0

144

June 7, 2025

Come Sail the CVEs Part 2: Turning Data Into Rules

dalton , pcaps , suricata , cves , detection-engineerin

0

285

May 21, 2025

ET TOAD Rules Response Guidance

toad

0

97

April 24, 2025

Flexible Rule Writing: Seeing Around The Bend

0

206

March 25, 2025

Introduction to IOC Pivoting, and the Pyramid of Pain

threat_intel , pyramid-of-pain , data_pivoting

0

603

March 25, 2025

Changes to ET SocGholish Rule Names to Reflect TA569 and TA2726/2727 Activity

socgholish , injectors , ta569 , ta2727 , ta2726

0

309

March 13, 2025

ET SocGholish Rules Response Guidance

socgholish

2

10913

March 12, 2025

Snort 3 Install Guide for Modern Debian Distributions

snort2lua , snort3 , ubuntu , debian

0

1003

May 8, 2024

Addressing HTTP/2 in Suri7

0

873

November 8, 2023

Vidar Stealer Picks Up Steam!

malware , vidar

1

4871

January 12, 2024

Get Started with Suricata CLI Debugging

suricata , debugging

0

615

December 11, 2023

Prefilter Keyword Usage and Signature Performance

0

247

October 13, 2023

Handling False Positive Reports as A Rule Writer! Special Guests: PCREs, Dalton, Dalton’s Flowsynth

dalton , pcre , flowsynth , tutorial , false-positives

11

543

October 12, 2023

If you get the alert "ET POLICY Vulnerable Java Version 1.8.x Detected"

2

904

September 22, 2023

If you get the alert "ET INFO Microsoft Connection Test"

0

1351

September 22, 2023

If you get the alert "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management"

0

709

September 22, 2023

If you get the alert "ET INFO TLS Handshake Failure"

0

843

September 20, 2023

If you get the alert "ET INFO Session Traversal Utilities for NAT (STUN Binding Request)"

1

1629

September 20, 2023

Android/MMRAT : Additional Analysis

0

410

September 14, 2023

If you get the alert "ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent"

1

1760

August 28, 2023

Translating Suricata http.header_names content to Snort

3

587

July 27, 2023

Understanding Signature Direction

0

548

July 14, 2023

Rule Metadata & Exploit Signature Difficulties

0

709

June 9, 2023

Intro to Traffic Analysis and Suricata Signature Development Lab - Bsides SLC 2022

training

1

1396

June 4, 2023

Investigating and Interpreting TLS SNI and DNS query rules

1

1743

May 19, 2023

Cobalt Strike and Malleable C2 Profiles

cobalt-strike

0

857

March 7, 2023