While discussing with Hol about fl0p, I came out the idea of writing this paper - Basic Fl0p Signature Writing Guide to compliment his paper which I will put up soon. If you don't know what is fl0p, check out its description from Michal Zalewski himself -
Fl0p is a passive L7 flow fingerprinter that does not examine packet payloads, only their relative sizes, the sequence of client-server traffic, and its timing. The tool can be thus used to peek into encrypted tunnels, automatically tell users from robots, and far more.
On the other hand, dakrone has also published his first paper - An Introduction To NSM Console. The paper will cover the underlying concept of NSM Console and its functionalities.
I hope all the raWPacket team members can contribute more papers so we have richer documentation to share with the world as we have benefit from others papers too.
Enjoy ;]
Fl0p is a passive L7 flow fingerprinter that does not examine packet payloads, only their relative sizes, the sequence of client-server traffic, and its timing. The tool can be thus used to peek into encrypted tunnels, automatically tell users from robots, and far more.
On the other hand, dakrone has also published his first paper - An Introduction To NSM Console. The paper will cover the underlying concept of NSM Console and its functionalities.
I hope all the raWPacket team members can contribute more papers so we have richer documentation to share with the world as we have benefit from others papers too.
Enjoy ;]
No comments:
Post a Comment