cancel
Showing results for 
Search instead for 
Did you mean: 
amcnic1
Level 7

Sharing HIPS Signatures based on high profile threats

Hey Everyone,

I was curious to see if anyone knows of any good online resources for sharing/posting HIPS signatures based on some of the more high profile attacks.  For example we can look at a recent attack with Adobe PDF (CVE 2011-2462) and it dropped files (Pretty.exe and easy.exe) in the temp folder.  Creating HIPS rules for this activity to log or block is very beneficial depending on who you are defending.

If you have resources for creating HIPS signatures for some of the high profile threats please let me know (I realize making HIPS rules for all attacks isn't feasible).  I am looking to ramp up HIPS signature creation so if you are interested in benefiting from HIPS sigs created from threat intel in the future please let me know.  Maybe we can setup some way to share lessons learned/a Sticky thread on this forum.

Food for thought, please let me know what you think.

Thanks!

Message was edited by: amcnic1 on 1/7/12 11:09:13 PM CST
0 Kudos
1 Reply
rangerlj
Level 7

Re: Sharing HIPS Signatures based on high profile threats

Hi guy...Sharing is a good idea...So.Creating sig in hips is difficult......The best way is published some documents by McAfee......

0 Kudos