Latest Tutorials, Tips & Tricks topics

Topic	Replies	Views	Activity
About the Tutorials, Tips & Tricks category	0	1020	September 12, 2022
ET TOAD Rules Response Guidance toad	0	8	April 24, 2025
Flexible Rule Writing: Seeing Around The Bend	0	94	March 25, 2025
Introduction to IOC Pivoting, and the Pyramid of Pain threat_intel , pyramid-of-pain , data_pivoting	0	256	March 25, 2025
Changes to ET SocGholish Rule Names to Reflect TA569 and TA2726/2727 Activity socgholish , injectors , ta569 , ta2727 , ta2726	0	111	March 13, 2025
ET SocGholish Rules Response Guidance socgholish	2	9763	March 12, 2025
Snort 3 Install Guide for Modern Debian Distributions snort2lua , snort3 , ubuntu , debian	0	801	May 8, 2024
Addressing HTTP/2 in Suri7	0	728	November 8, 2023
Vidar Stealer Picks Up Steam! malware , vidar	1	4692	January 12, 2024
Get Started with Suricata CLI Debugging suricata , debugging	0	563	December 11, 2023
Prefilter Keyword Usage and Signature Performance	0	229	October 13, 2023
Handling False Positive Reports as A Rule Writer! Special Guests: PCREs, Dalton, Dalton’s Flowsynth dalton , pcre , flowsynth , tutorial , false-positives	11	494	October 12, 2023
If you get the alert "ET POLICY Vulnerable Java Version 1.8.x Detected"	2	798	September 22, 2023
If you get the alert "ET INFO Microsoft Connection Test"	0	1109	September 22, 2023
If you get the alert "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management"	0	625	September 22, 2023
If you get the alert "ET INFO TLS Handshake Failure"	0	736	September 20, 2023
If you get the alert "ET INFO Session Traversal Utilities for NAT (STUN Binding Request)"	1	1338	September 20, 2023
Android/MMRAT : Additional Analysis	0	391	September 14, 2023
If you get the alert "ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent"	1	1460	August 28, 2023
Translating Suricata http.header_names content to Snort	3	525	July 27, 2023
Understanding Signature Direction	0	515	July 14, 2023
Rule Metadata & Exploit Signature Difficulties	0	660	June 9, 2023
Intro to Traffic Analysis and Suricata Signature Development Lab - Bsides SLC 2022 training	1	1373	June 4, 2023
Investigating and Interpreting TLS SNI and DNS query rules	1	1628	May 19, 2023
Cobalt Strike and Malleable C2 Profiles cobalt-strike	0	788	March 7, 2023
HTTP/2 in Suricata 6 configuration , config , http2 , suricata , overloading	0	1968	January 10, 2023
Need help finding Pcap with no signatures	6	349	January 10, 2023
SocksTroy - An interesting use case with byte_jump, isdataat, and stream_size sockstroy , proxy	0	1377	December 16, 2022
MSSQL Maggie Rules and My Thoughts maggie , mssql , backdoor	3	733	November 22, 2022
The Complexities of byte_jump	0	789	October 28, 2022