all InfoSec news
Heyserial - Programmatically Create Hunting Rules For Deserialization Exploitation With Multiple Keywords, Gadget Chains, Object Types, Encodings, And Rule Types
May 12, 2022, 9:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
Programmatically create hunting rules for deserialization exploitation with multiple
- keywords (e.g. cmd.exe)
- gadget chains (e.g. CommonsCollection)
- object types (e.g. ViewState, Java, Python Pickle, PHP)
- encodings (e.g. Base64, raw)
- rule types (e.g. Snort, Yara)
Disclaimer
Rules generated by this tool are intended for hunting/research purposes and are not designed for high fidelity/blocking purposes.
Please test thoroughly before deploying to any production systems.
The Yara rules are primarily intended for scanning web server logs. Some of the "object prefixes" are only 2 …
deserialization exploitation hunting rules yara rule generator ysoserial
More from www.kitploit.com / KitPloit - PenTest Tools!
VectorKernel - PoCs For Kernelmode Rootkit Techniques Research
4 days, 19 hours ago |
www.kitploit.com
Cookie-Monster - BOF To Steal Browser Cookies & Credentials
5 days, 19 hours ago |
www.kitploit.com
Sicat - The Useful Exploit Finder
1 week, 6 days ago |
www.kitploit.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
L2-Network Security Administrator
@ Kyndryl | KIN51515 Mumbai (KIN51515) We Work
Head of Cybersecurity Advisory and Architecture
@ CMA CGM | Marseille, FR
Systems Engineers/Cyber Security Engineers/Information Systems Security Engineer
@ KDA Consulting Inc | Herndon, Virginia, United States
R&D DevSecOps Staff Software Development Engineer 1
@ Sopra Steria | Noida, Uttar Pradesh, India