This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
About tboire
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About tboire
01-30-2018
17Posts
5Likes
3Solutions
Jan 30, 2018Last Visited
User
Activity
User
Profile
Latest posts by tboire
| Subject | Views | Posted |
|---|---|---|
| 9933 | 09-22-2017 01:39 PM | |
| 3982 | 07-13-2016 05:39 AM | |
| 1662 | 07-05-2016 09:43 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 4 Likes | 07-13-2016 05:39 AM | |
| 1 Like | 07-05-2016 09:43 AM |
User Badges
Community Statistics
| Member Since | 06-20-2016 08:29 AM |
| Date Last Visited | 01-30-2018 04:33 PM |
| Posts | 17 |
| Total Likes Received | 5 |
01-09-2019
04:18 PM
1 Kudo
If you had AutoFocus, you can check these hashes to see how we classify them, IOCs related to the file (if malicious), when it was first seen, and if there is any relevance to threat actors, malware campaigns, etc. As a previous posted noted, Palo doesn't do signatures based on hash, as hashes are more unique than the malware itself and it would be inefficient to create hundreds/thousands or more of signatures for different hashes, especially if the underlying malware or virus is the same. Palo cares more about the underlying malicious file and its underlying activity.
... View more
06-18-2017
09:44 PM
Hi @aelmore @tboire @BenjAudy.MTL I know I am late in this thread, but I wanted to share this two options with you all. Option 1: URL filtering Simply blacklist the following url: pgorelease.nianticlabs.com (this is used to make API calls by the APP) Option 2: Create a custom application which looks for the SNI string set application pokemon-go default port tcp/443 set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match pattern pgorelease.nianticlabs.com set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match context ssl-req-client-hello set application pokemon-go signature PG-SSL scope protocol-data-unit set application pokemon-go signature PG-SSL order-free no set application pokemon-go signature PG-SSL comment “Pattern match against the SNI for Pokemon Go" set application pokemon-go category media set application pokemon-go subcategory gaming set application pokemon-go technology client-server set application pokemon-go description "Pokemon Go is a social game released in 2016 by Niantic Labs." set application pokemon-go risk 1 set application pokemon-go parent-app ssl
... View more
07-05-2016
09:43 AM
1 Kudo
DISCLAIMER: As with all custom signatures on this forum, this signature is being provided by the author as a result of enthusiasm for the product and to share ideas with the Palo Alto Networks security community. It is: - Not recommended for deployment in a production network of any kind without internal testing. - Not a solution to any vulnerability. - Not an official supported Palo Alto Networks signature This write up is to help the Palo Alto Networks community with detecting a specific PE file. The sample signature was created on PAN OS Version 7.0.x : SHA256: 92914013abfd071b0513d366bcaead978dce2f552c9d2853f4ce775604fb841f Fill out the appropriate field under the configuration tab Choose the standard option from the radio button and click on add to create a signature Since we only have one condition it doesn’t matter if we choose the ‘and’/’or’ condition To determine a unique string the *NIX utility xxd was used in this case, however any hex editor will work for this purpose. The string was then converted to hex and used in a pattern match to detect the file. In this case the author of the file put what we believe to be their name in the file and that was used as a unique identifier. Once this custom signature is applied and a web browser is used to attempt to download the file the firewall will either block or alert on detection depending on the action you set.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-30-2018
04:33 PM
|
Latest Tags
No tags yet
Likes From
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks