Snort Lab: Activate / Dynamic Rules
We've already learned that using flowbits allows us to make Snort rules work as a group. In this lab, we are going to look at different, and a more narrowly...
Penetration testing
SNMP pentesting
In the previous article about SNMP, we have discussed how to set up your own vulnerable lab where we have configured pfSense and VyOS with SNMP misconfigurations....
Snort Lab: Rule Performance Analysis
There are various for analyzing Snort rules performance. In this lab, we are going to focus on the one that directly applies to rules: Rule Profiling. With...
Snort Lab: Blinding IDS
IDSs and IPSs can be attacked by generating false positives. If you can generate enough false positives, you can potentially:
Overwhelm the IDS console tool...
Snort Lab: Custom SCADA Protocol IDS Signatures
In this lab, you are going to learn how to create custom Snort signatures for the Modbus/TCP protocol.
First, let's take some time to examine the Modbus TCP...
Snort lab: Payload detection rules (PCRE)
Until now, when we used Snort to look for certain content within the payload, we've always looked for some specific values. What if we wanted to look for something...
Snort Session Sniping with FlexResp
FlexResp is a keyword used within Snort to snipe or tear down existing connections. The resp keyword is used to close sessions when an alert is triggered....
Complete Tour of PE and ELF: Section Headers
In the previous part, we have discussed the ELF and Program Header. In this article, we will cover the remaining part i.e. section headers. We will also see...
Complete Tour of PE and ELF: Structure
Since we have completed the PE structure, now it is time to look at the ELF structure which is somewhat easier to understand as compared to PE. For ELF structure,...
Snort Tracking Exploit Progress with Flowbits
So far in our exercises, we used individual rules against specific activities. The flowbits keyword allows several rules to work as a group, tracking a progress...