Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1:63194
This rule looks for HTTP requests that match a pattern resembling a screenshot exfiltration attempt.
1:63193
This rule looks for use of a "NT AUTHORITY/SYSTEM" user account in requests to the Progress OpenEdge AdminServer service. While this account is used for legitimate functionality, attackers are also able to use it to bypass authentication check and access potentially exploitable RMI interfaces.
1:63192
This rule looks for outbound HTTP requests known to be specific to Win.Malware.XClientStealer cnc communication traffic.
1:63191
This rule looks for specially crafted JavaScript code known to exploit an OOB read vulnerability in Google Chrome's JS engine.
1:63190
This rule looks for specially crafted JavaScript code known to exploit an OOB read vulnerability in Google Chrome's JS engine.
1:62794
This rule looks a WDDX packet that loads specific Java classes to achieve an arbitrary file write.