|
About the Tutorials, Tips & Tricks category
|
|
0
|
1010
|
September 12, 2022
|
|
Flexible Rule Writing: Seeing Around The Bend
|
|
0
|
59
|
March 25, 2025
|
|
Introduction to IOC Pivoting, and the Pyramid of Pain
|
|
0
|
185
|
March 25, 2025
|
|
Changes to ET SocGholish Rule Names to Reflect TA569 and TA2726/2727 Activity
|
|
0
|
63
|
March 13, 2025
|
|
ET SocGholish Rules Response Guidance
|
|
2
|
9569
|
March 12, 2025
|
|
Snort 3 Install Guide for Modern Debian Distributions
|
|
0
|
745
|
May 8, 2024
|
|
Addressing HTTP/2 in Suri7
|
|
0
|
706
|
November 8, 2023
|
|
Vidar Stealer Picks Up Steam!
|
|
1
|
4665
|
January 12, 2024
|
|
Get Started with Suricata CLI Debugging
|
|
0
|
561
|
December 11, 2023
|
|
Prefilter Keyword Usage and Signature Performance
|
|
0
|
221
|
October 13, 2023
|
|
Handling False Positive Reports as A Rule Writer! Special Guests: PCREs, Dalton, Dalton’s Flowsynth
|
|
11
|
471
|
October 12, 2023
|
|
If you get the alert "ET POLICY Vulnerable Java Version 1.8.x Detected"
|
|
2
|
781
|
September 22, 2023
|
|
If you get the alert "ET INFO Microsoft Connection Test"
|
|
0
|
1065
|
September 22, 2023
|
|
If you get the alert "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management"
|
|
0
|
611
|
September 22, 2023
|
|
If you get the alert "ET INFO TLS Handshake Failure"
|
|
0
|
724
|
September 20, 2023
|
|
If you get the alert "ET INFO Session Traversal Utilities for NAT (STUN Binding Request)"
|
|
1
|
1300
|
September 20, 2023
|
|
Android/MMRAT : Additional Analysis
|
|
0
|
390
|
September 14, 2023
|
|
If you get the alert "ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent"
|
|
1
|
1415
|
August 28, 2023
|
|
Translating Suricata http.header_names content to Snort
|
|
3
|
520
|
July 27, 2023
|
|
Understanding Signature Direction
|
|
0
|
509
|
July 14, 2023
|
|
Rule Metadata & Exploit Signature Difficulties
|
|
0
|
655
|
June 9, 2023
|
|
Intro to Traffic Analysis and Suricata Signature Development Lab - Bsides SLC 2022
|
|
1
|
1364
|
June 4, 2023
|
|
Investigating and Interpreting TLS SNI and DNS query rules
|
|
1
|
1608
|
May 19, 2023
|
|
Cobalt Strike and Malleable C2 Profiles
|
|
0
|
779
|
March 7, 2023
|
|
HTTP/2 in Suricata 6
|
|
0
|
1946
|
January 10, 2023
|
|
Need help finding Pcap with no signatures
|
|
6
|
345
|
January 10, 2023
|
|
SocksTroy - An interesting use case with byte_jump, isdataat, and stream_size
|
|
0
|
1369
|
December 16, 2022
|
|
MSSQL Maggie Rules and My Thoughts
|
|
3
|
730
|
November 22, 2022
|
|
The Complexities of byte_jump
|
|
0
|
771
|
October 28, 2022
|