About nsheikh

DISCLAIMER: As with all custom signatures on this forum, this signature is being provided by the author as a result of enthusiasm for the product and to share ideas with the Palo Alto Networks security community.   It is:   - Not recommended for deployment in a production network of any kind without internal testing. - Not a solution to any vulnerability. - Not an official supported Palo Alto Networks signature     This write up is to help the Palo Alto Networks community with detecting a specific linux ELF sample in this example.     The sample signature was created on PAN OS Version 7.0.x :   Hash256: 92fd1971f7ac512d096821a4bf8553bc13d1c478680999dd2e15400fe8973793   Fill out the appropriate field under the configuration tab   Choose the standard option from the radio button and click on add to create a signature   Since we only have one condition it doesn’t matter if we choose the ‘and’/’or’ condition   Within the ELF file we are looking for a particular pattern on hex values.  Make sure to choose the context type as: file-elf-body   Below is a threat log that is being triggered on this signature   Sample xml signature attached to this document. ... View more