Tools:

• Razorback
• PE-Sig

Web Tools:

• SO Rule Generator

Mind Games:

• AWBO Exercises

Papers:

• Index

See also:

• VRT Blog
• Snort.org

Contact:

• Sourcefire VRT
  research @ sourcefire . com
• Other Methods and PGP Key

VRT Labs

Papers

Papers and presentations written by various team members and presented at conferences around the world.

A Close Look at Rogue Antivirus Programs

A Close Look at Rogue AV Programs presentation by Alain Zidouemba at Hack in Paris Paris, France, June 2011.

Characteristics and Detection of HTTP C&C Channels

Characteristics and Detection of HTTP C&C Channels presentation by Alex Kirk at Caro 2011 Prague, Czech Republic, May 2011 and YSTS, Sao Paolo, Brazil, May 2011.

Detecting Obfuscated Malicious JavaScript with Snort and Razorback

Detecting Obfuscated Malicious Javascript presentation by Alex Kirk at Hackers 2 Hackers, Sao Paolo, Brazil, November 2010.

Zeus Trojan Analysis

Analysis of the Zeus Trojan by Alex Kirk

Content-Type Mismatch Detection

Content-Type mismatch rule research by Alex Kirk

Microsoft to SID mapping archive

View the archive

('')

About the Sourcefire Vulnerability Research Team

The Sourcefire Vulnerability Research Team (VRT) is a group of leading edge intrusion detection and prevention experts working to discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.

All materials contained on this site © Sourcefire VRT