[Snort-sigs] Pattern Matching in encoded Shellcode

felix.matenaar@...3492... felix.matenaar at ...3491...
Fri Apr 23 19:04:20 EDT 2010


If there is encoding which can be neutralized by this method and you
want to do pattern matching, then there is a use case.
When the exploitation process transports encoded shellcode which is a
common case as far as i know there is a possibility to detect
exploitation. For example there are a few patterns for common shellcode
techniques which are able to detect a lot of automatic exploitation from
botnets.

Jason Brvenik wrote:
>
> The approach we use is to detect exploitation rather than shellcode.
> Is there a use case instead?
>




More information about the Snort-sigs mailing list