[Emerging-Sigs] Binary Packer Signatures

Matt Jonkman jonkman at jonkmans.com
Fri Jan 23 00:07:49 EST 2009


Great stuff Josh. Give me some time to look them over, lots in there.

Thanks!!

Matt

Josh Smith wrote:
> I've been working (when I can get the chance from school) in my spare
> time on converting the PEiD packer database straight to snort
> signatures.  I've refined them to specific byte patterns, but when I
> tested a pcap of a transferred binary packed with UPX, about 10
> signatures fired off.  There are a little over 1800 signatures that I
> have converted, but I feel they still need refining to reduce false
> positives.  Attached is the snort signature database I have made,
> along with my PEiD database.
> 
> -Josh Smith
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc




More information about the Emerging-sigs mailing list