Discover and read the best of Twitter Threads about #Snort
Most recents (3)
If you're looking for network indicators of #log4j exploitation - this thread is for you. Every detection in this thread is freely available for use RIGHT NOW.
#snort #suricata #CVE202144228
#snort #suricata #CVE202144228
We have tons of inbound rules that'll hit on scanners and we've tried to cover ITW obfuscation methods, but let's be real, there are more ways to obfuscate these attacks than we can cover. 
For outbound traffic (generated by a successful "landing" of the attack strings) there are some good rules now.
1) 2014474 and 2014475
These existing sigs alert on java (as determined by the UA) downloading a class file. Today we tweaked flowbits (2013035) for better coverage.
1) 2014474 and 2014475
These existing sigs alert on java (as determined by the UA) downloading a class file. Today we tweaked flowbits (2013035) for better coverage.
#log4j thread
Detection Ideas + Yara by @cyb3rops - gist.github.com/Neo23x0/e4c8b0…
Hashes for vulnerable LOG4J versions by @mubix - github.com/mubix/CVE-2021…
SIGMA by @SOC_Prime - tdm.socprime.com/tdm/info/XY2Ej…
tdm.socprime.com/tdm/info/4SiOs…
Payloads list by @GreyNoiseIO - gist.github.com/nathanqthai/01…
Detection Ideas + Yara by @cyb3rops - gist.github.com/Neo23x0/e4c8b0…
Hashes for vulnerable LOG4J versions by @mubix - github.com/mubix/CVE-2021…
SIGMA by @SOC_Prime - tdm.socprime.com/tdm/info/XY2Ej…
tdm.socprime.com/tdm/info/4SiOs…
Payloads list by @GreyNoiseIO - gist.github.com/nathanqthai/01…
#Suricata and #Snort IDS signature by @ET_Labs - rules.emergingthreatspro.com/open/
Velociraptor artifact by @mgreen27 - docs.velociraptor.app/exchange/artif…
Callback domains by @GreyNoiseIO - gist.github.com/superducktoes/…
List of IP's looking for RCE by @GreyNoiseIO - gist.github.com/gnremy/c546c79…
Velociraptor artifact by @mgreen27 - docs.velociraptor.app/exchange/artif…
Callback domains by @GreyNoiseIO - gist.github.com/superducktoes/…
List of IP's looking for RCE by @GreyNoiseIO - gist.github.com/gnremy/c546c79…
Shodan query by @n0x08 -
#Drumpf was having tea with the queen in Buckingham palace. As usual, Trump was being a blowhard and bragging about himself, especially his intelligence. #snort The queen smiled and called Boris Johnson into the room. The queen called for Boris Johnson to join them.
A few minutes later Boris walked in. The queen asked him, "Your mother has a child that isn't your brothers or your sisters. Who is this?". Boris thought for a moment and said, "That's a simple question, your highness. It's me!" #Drumpf applauded.
