16 matches found
suricata-detections
suricata-detections Network IDS signature development grounde...
CVE-2025-51005
A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at dochecksummathliveplay in tcpliveplay.c, leading to a possible denial of service...
tsharkVM - Tshark + ELK Analytics Virtual Machine
This project builds virtual machine which can be used for analytics of tshark -T ek ndjson output. The virtual appliance is built using vagrant, which builds Debian 10 with pre-installed and pre-configured ELK stack. After the VM is up, the process is simple: decoded pcaps tshark -T ek output /...
Exploit for Use After Free in Microsoft
CVE-2021-31166 Detection Rules Different rules to detect if CV...
Exploit for Use After Free in Microsoft
CVE-2021-31166 Detection Rules Different rules to detect if CV...
HoneyBot - Capture, Upload And Analyze Network Traffic
HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently this library provides three scripts: capture-and-analyze.py - Capture on an interface for some period of time, and upload capture for analysis. upload-and-analyze.py - Upload and...
Mutiny Fuzzing Framework - Network Fuzzer That Operates By Replaying PCAPs Through A Mutational Fuzzer
The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer. The goal is to begin network fuzzing as quickly as possible, at the expense of being thorough. The general workflow for Mutiny is to take a sample of legitimate traffic, such as a browse...
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads
Through fuzzing of network capture .pcap files, we have identified 16 crashes with unique stack traces in tcpdump. These crashes are caused by heap-based out-of-bounds memory reads, and can be reproduced with the latest tcpdump source code from GitHub, compiled with AddressSanitizer: --- cut --- ...
tcpdump: multiple overflow issues in protocol decoding
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
tcpdump: multiple overflow issues in protocol decoding
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
tcpdump: multiple overflow issues in protocol decoding
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
tcpdump: multiple overflow issues in protocol decoding
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
tcpdump: multiple overflow issues in protocol decoding
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
tcpdump: multiple overflow issues in protocol decoding
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
tcpdump: multiple overflow issues in protocol decoding
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
File2pcap - The Talos Swiss Army Knife of Snort Rule Creation
This post was authored by Martin Zeiser with contributions by Joel EslerAt Talos we are constantly on the lookout for threats to our customers networks, and part of the protection process is creating Snort rules for the latest vulnerabilities in order to detect any attacks.To improve your...