Open Information Security Foundation

10/11/2024

01:05 AM Suricata Feature #7322 (New): ability to negate the existence of fields via buffer negation

While writing hunting signatures today, we noticed that it is not possible to negate the existence of a buffer which ... James Emery-Callcott

12:53 AM Suricata Feature #7321 (New): cross buffer byte_* keyword support

Currently, byte_* keywords are only useable within the same buffer and you cannot (as far as I am aware) use values f... James Emery-Callcott

07/07/2024

06:23 PM Suricata Documentation #7143 (In Progress): Legacy keyword used in example for 'bypass' keyword

In all versions of documentation where the 'bypass' keyword appears, the legacy keyword of 'http_host' is used in the... James Emery-Callcott

06/30/2024

02:31 AM Suricata Feature #7127 (New): extended http.referer buffers/keywords

Just a quick one, looking for an extension of the existing HTTP referer capabilities.
Ex.
http.referer; = https... James Emery-Callcott

02/23/2023

01:08 AM Suricata Feature #5872 (New): file structure awareness - precise identification of fields in file structs

*Backstory*
Earlier today, I was working through a couple of clamav vulnerabilities (CVE-2023-20032, CVE-2023-20052)... James Emery-Callcott

07/03/2019

06:47 PM Suricata Feature #3074: DNS full domain matching within the dns_query buffer

Edit - ignore the PCRE in the example rule structure, typo on my part. James Emery-Callcott

06:44 PM Suricata Feature #3074 (Closed): DNS full domain matching within the dns_query buffer

Hey folks,
There have been a few scenarios in which the following pcre has been applied to a rule -> "/(?:^|\.)goo... James Emery-Callcott