Custom payload detection
Custom payload detection is a powerful feature that allows customers to add custom patterns that are matched on memory.
This feature is designed to enhance the detection capabilities of the system and to provide more flexibility to customers. By leveraging this feature, customers can detect specific payloads that are unique to their environment, and take appropriate actions based on the detection results.
It's worth noting that custom payload detection is a powerful and complex feature that can be overwhelming. Customers who are not familiar with this technique may unintentionally introduce false positives or find themselves feeling overwhelmed. As such, it's important to have a clear understanding of how to use this feature effectively and to test any rules thoroughly.
Pattern matching
Using "??
", customers can match any single byte sequence. For example, "A4 ?? A1"
would match "A4 00 A1"
,"A4 01 A1"
, and so on.
Use cases
Detecting custom payloads in memory can be extremely useful.
For example, you may want to protect your software against a specific type of tampering, such as uncommon code injection techniques. By creating a custom rule that detects the specific pattern of bytes that are injected into memory during the attack, you can trigger an alert or take an appropriate action to prevent further tampering.
Last updated