For local rule six you can also leave the content in Hex and use Nocase rule option after content. The issue arrises with having the message say GET and not disabling case sensitvity.
Hi Motasem, For log4j section, the observation for @25:01 is that if we create a rule using IP protocol number of packets differ when compared to tcp protocol
you should be able to extract it from the log file via snort -r snort.log.12345678 -K ascii ( whatever number your log file is... I cannot recall exactly the code but that's pretty close) you should be able to copy and paste the Base64
Just for clarity, rev. Is for keeping track of the individual rules revision and does not have to be unique.
your videos are so helpful
For local rule six you can also leave the content in Hex and use Nocase rule option after content. The issue arrises with having the message say GET and not disabling case sensitvity.
Hi Motasem,
For log4j section, the observation for @25:01 is that if we create a rule using IP protocol number of packets differ when compared to tcp protocol
Just spent 30mins trying to do the dsize one but I was editing the local-1.rules in a different folder! Ugh! Dumb
Sir could you make a video about industrial control system pentestin
thank you
how can i easily extract the base64 encoded string?
you should be able to extract it from the log file via snort -r snort.log.12345678 -K ascii ( whatever number your log file is... I cannot recall exactly the code but that's pretty close) you should be able to copy and paste the Base64
@@MrMemorybit Thank you