Hi,
And of course check Fermin Serna work (nidsfindshellcode) you'll find it
useful.
http://www.ngsec.com/ngresearch/ngtools/?lang=en
The problem with this engine and with others such as Fnord is the false
positive rate. They tend to recognize anything as a shellcode.
I am looking for a way to decrease the rate of false posetives of such
algorithms.
Regards,
_________________________________________________________________
MSN Messenger: appels gratuits de PC à PC !
http://www.msn.fr/msger/default.asp
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
