Skip to content
Attack Detection
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVE-2016-0800 Update rules naming Sep 18, 2018
CVE-2016-1285 Update rules naming Sep 18, 2018
CVE-2016-2208 Update rules naming Sep 18, 2018
CVE-2016-2386 Update rules naming Sep 18, 2018
CVE-2016-3078 Update rules naming Sep 18, 2018
CVE-2016-3087 Update rules naming Sep 18, 2018
CVE-2016-4010 Update rules naming Sep 18, 2018
CVE-2016-4971 Fix some errors after renaming rules Sep 18, 2018
CVE-2016-6304 Update rules naming Sep 18, 2018
CVE-2016-6366 Update rules naming Sep 18, 2018
CVE-2016-6367 Update rules naming Sep 18, 2018
CVE-2016-6662 Update rules naming Sep 18, 2018
CVE-2016-7237 Update rules naming Sep 18, 2018
CVE-2016-7636 Update rules naming Sep 18, 2018
CVE-2016-9147 Update rules naming Sep 18, 2018
CVE-2016-9565 Update rules naming Sep 18, 2018
CVE-2017-13089 Update rules naming Sep 18, 2018
CVE-2017-14492 Update rules naming Sep 18, 2018
CVE-2017-14493 Update rules naming Sep 18, 2018
CVE-2017-14494 Update rules naming Sep 18, 2018
CVE-2017-16943 Update rules naming Sep 18, 2018
CVE-2017-2491 Update rules naming Sep 18, 2018
CVE-2017-3143 Update rules naming Sep 18, 2018
CVE-2017-5638 Update rule Nov 12, 2018
CVE-2017-7269 Update rules naming Sep 18, 2018
CVE-2017-7494 Update rules naming Sep 18, 2018
CVE-2017-8045 Update rules naming Sep 18, 2018
CVE-2017-9798 Update rules naming Sep 18, 2018
CVE-2018-0171 Update rules naming Sep 18, 2018
CVE-2018-0886 Update rules naming Sep 18, 2018
CVE-2018-1000006 Update rules naming Sep 18, 2018
CVE-2018-1000207 Update rules naming Sep 18, 2018
CVE-2018-1111 Update rules naming Sep 18, 2018
CVE-2018-1306 Update rules naming Sep 18, 2018
CVE-2018-14847 Add new rule Oct 23, 2018
CVE-2018-15379 Add new rule Oct 11, 2018
CVE-2018-15442 Add new rules Oct 25, 2018
CVE-2018-15454 Add new rule Nov 1, 2018
CVE-2018-17245 Add "ATTACK [PTsecurity] Kibana < 6.4.3 <5.6.13 Arbitrary File Inclus… Dec 18, 2018
CVE-2018-5955 Update rules naming Sep 18, 2018
CVE-2018-6789 Update rules naming Sep 18, 2018
CVE-2018-7445 Update rules naming Sep 18, 2018
CVE-2018-7600 Update "ATTACK [PTsecurity] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE th… Jul 10, 2019
CVE-2018-7602 Update rules naming Sep 18, 2018
CVE-2018-8495 Add new rule Oct 12, 2018
CVE-2018-8581 Add "ATTACK [PTsecurity] MS Exchange 2010-2019 Possible privilege esc… Jan 29, 2019
CVE-2019-0227 Add new rules Apr 12, 2019
CVE-2019-0232 Update cve-2019-0232.rules Jul 15, 2019
CVE-2019-0708 Add new rules for BlueKeep (CVE-2019-0708) Jun 5, 2019
CVE-2019-1003001 Add "ATTACK [PTsecurity] Jenkins sandbox bypassing RCE (CVE-2019-1003… Feb 18, 2019
CVE-2019-2618 Add "ATTACK [PTsecurity] Oracle Weblogic file upload RCE (CVE-2019-26… Apr 30, 2019
CVE-2019-2725 reslove conflict Jun 26, 2019
CVE-2019-3396 Add new rules Apr 12, 2019
CVE-2019-3924 Add "ATTACK [PTsecurity] MikroTik Firewall & NAT Bypass (CVE-2019-3924)" Feb 22, 2019
CVE-2019-6340 Add "ATTACK [PTsecurity] Arbitrary PHP RCE in Drupal 8 < 8.5.11,8.6.1… Feb 26, 2019
DNS Rebinding Update rules naming Sep 18, 2018
Dridex Fix some errors after renaming rules Sep 18, 2018
FreePBX_13_14_rce Update rules naming Sep 18, 2018
GraphicsMagick_shell_vulnerability Update rules naming Sep 18, 2018
MS17-010 Update rules naming Sep 18, 2018
Microtik Router OS Stack Clash Update rules naming Sep 18, 2018
Neutrino Add new rules Feb 27, 2019
Omnivista_8770_RCE Update rules naming Sep 18, 2018
PowerShell Empire Update rules naming Sep 18, 2018
SilentTrinity Add new rules for Silent Trinity Jun 17, 2019
Squid 3.5 http cache poisoning Update rules naming Sep 18, 2018
Suricon2018 Fix duplicate sid's in rules #12 Dec 4, 2018
ThePrinterBug Add new rules Dec 3, 2018
aes.ddos.dofloo Add new rules "MALWARE [PTsecurity] AES.DDoS.Dofloo" Apr 12, 2019
apache_continuum_cmd_injection Update rules naming Sep 18, 2018
badtunnel Update rules naming Sep 18, 2018
carbanak_pegasus Update rules naming Sep 18, 2018
dcshadow Update rules naming Sep 18, 2018
eternalblue(WannaCry,Petya) Update rules naming Sep 18, 2018
httpoxy Update rules naming Sep 18, 2018
ios 10.1.x remote memory corruption Update rules naming Sep 18, 2018
nfcapd Update rules naming Sep 18, 2018
phpggc Update "ATTACK [PTsecurity] PHP Object Deserialization RCE POP Chain … Feb 26, 2019
raisecom_gpon_rce Add new rules Feb 15, 2019
redis_replication_rce Add "ATTACK [PTsecurity] Redis Master-Slave replication RCE successful" Jul 16, 2019
scm_tools_rce Update rules naming Sep 18, 2018
wannamine Update rules naming Sep 18, 2018
wordpress LearnDash plugin arbitrary file upload Update rules naming Sep 18, 2018
LICENSE Move license to separate file May 5, 2016
README.md add announcement about TLS rules Jun 26, 2019
pt.rules.tar.gz Update archive with rules Jul 17, 2019
pt.rules.tar.gz.md5 Update archive with rules Jul 17, 2019

README.md

Suricata PT Open Ruleset

The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers’ TTPs, so we develop Suricata rules for detecting all sorts of such activities.

Structure

This repository consisting of folders with self-explanatory names contains Suricata rules, PoC exploits, and traffic samples in zip archives with default password.

🔧 Some rules in this repo are aimed to detect communications under TLS. Please, set encryption-handling: full in suricata.yaml configuration file to activate them.

SID range

We use SID 10000000-10999999 for our rules.

License

This software is provided under a custom License. See the accompanying LICENSE file for more information.

You can’t perform that action at this time.