Forum Discussion

Bronze I

1 day ago

Help with Snort Rules: Fake Tech Support Popup

I'm stuck on parts 7-9 part 7 wants me to Create a Snort rule to detect the domain 'site.topwebsite4.xyz', then submit the token. alert udp any any -> any 53 (msg:"site.topwebsite4.xyz"; sid:1000...

Community Manager

13 hours ago

Hmm, it could be that you need to tell snort to search for "content:site.topwebsite4.xyz" rather than just a "msg:"?

Forum Discussion

Help with Snort Rules: Fake Tech Support Popup

Featured Places

Help

Related Content

Snort Rules: Ep.5 – Fake Tech Support Popup

Snort Rules: Ep.9 – Exploit Kits

Snort Rules: Ep.7 – Lokibot Infection Traffic

Serial Maze Support Group

How can I reach the Immersive Labs Support team for help?

Recent Discussions

No files show up in the Microsoft Azure Basics: Function Apps lab

Help with Snort Rules: Fake Tech Support Popup

AI Plugin Injection

Git Security: Git History

Introduction to Detection Engineering: Ep.5 – Custom Alerting