Overview
Syllabus
Intro
Presentation Outline
Background
What is a signature
What are the other opportunities
What are good signatures
How we think about detection
What is it
How to find it
Assembling sample sets
Testing existing protections
Generating data
Writing rules
Intelligence Gathering
Example
Group Samples
Detection
Mutual Support
enumerate
test
register32 overview
register32 detection
FTP WebDAV
Argument reordering
Arguments
Changing Arguments
Double Quotes
HTTP
SCT Detection
Class ID
Script Tags
Script Language
Whitespace
Attack Lifecycle
Summary
Know your tools
New application techniques
Taught by
BruCON Security Conference