Hi there,
On Fri, 31 Aug 2012, Maarten Broekman wrote:
I see where your confusion comes from. I'm not generating pdb
signatures. I'm generating ndb signatures ...
Sorry, bit of a senior moment there. They seem to be creeping up on
me lately. :( I had to go back and read
Hello again,
On Thu, 30 Aug 2012, Maarten Broekman wrote:
Some of the phishing content that I'm finding is resulting in hex
dumps in the 10k+ character range and I think it's more dangerous to
replace sections with '*' than to replace certain substrings with
specific length wildcards.
This
On 8/30/12 4:21 AM, G.W. Haywood wrote:
Please would someone explain to me the use of {7-8}? I do not
recognize it as valid regular expression syntax.
Here is an example used in a Sane Security signature:
http://sane.mxuptime.com/s.aspx?id=Sanesecurity.Phishing.Auction.1749
It is an
Hi there,
On Wed, 29 Aug 2012, Maarten Broekman wrote:
Does anyone know of a tool that would take strings in a hex signature
and turn them into appropriate wildcards? For instance, I want to strip
out all the http://; and https://; and replace them with {7-8}
Your suggested replacement does
-Original Message-
Despite the statement of your objective it isn't clear to me what you
think you're going to achieve. My expectation would be a very large
increase in the false positive rates if you attempt to use signatures
modified in the way you describe. Can you be more
On 08/29/2012 09:46 AM, Maarten Broekman wrote:
-Original Message-
Despite the statement of your objective it isn't clear to me what you
think you're going to achieve. My expectation would be a very large
increase in the false positive rates if you attempt to use signatures
modified
On Wed, Aug 29, 2012 at 10:29 AM, Michael Orlitzky mich...@orlitzky.comwrote:
On 08/29/2012 09:46 AM, Maarten Broekman wrote:
-Original Message-
Despite the statement of your objective it isn't clear to me what you
think you're going to achieve. My expectation would be a very
-Original Message-
The rate of false positives is wholly dependent on the strings
that
you are replacing with wildcards.
As an example, when generating signatures to identify phishing
content (say, content targeting bank customers), I wanted to be
able
to strip out
Does anyone know of a tool that would take strings in a hex signature
and turn them into appropriate wildcards? For instance, I want to strip
out all the http://; and https://; and replace them with {7-8} to
reduce the size of the signature and get more 'useful' strings in the
signature? There
