About Emerging Threats

What is Emerging Threats?

Emerging Threats is a center for Open Security Research. We are formerly known as Bleeding Edge Threats. We produce data feeds regarding new and up to the minute threats and research, and a number of other related security projects. Emerging Threats brings together the most experienced, and the least experienced security professionals.

This site takes Open Research and produces a number of feeds, the most prominent being signatures for Snort, Dragon, and other IDS/IPS platforms. We welcome your contributions, ideas, or just tweaks. What makes this project so effective are both the ideas and peer review of all content. Our overriding goal is to make this process happen quickly and in an Open manner to help all of us as security professionals respond quickly to known and unknown threats.

If you have an idea for a signature, or another security project, please email it to the [[http://lists.emergingthreats.net/cgi-bin/mailman/listinfo/][Emerging-Sigs mailing list] or emerging@emergingthreats.com. Or join us on IRC at irc.freenode.net in #emerging-threats

The Goods

A number of other security projects have found a home at Emerging Threats, and we’re always looking for others that need a home and a community. Many projects in the security space are applicable to small groups, or require community maintenance. We are the home for projects like this, even when the original author no longer has a need to maintain the project themselves.

The signatures can be found here:

AllRulesets

AllProjects

Contributing

There are many ways you can chip in to help keep these projects and signatures flowing.

* 1. Send in a signature idea!! Send it to the emerging-sigs list, or to the admins directly if you're unsure. The strangest ideas have yielded the most productive rules! Please just send it in. It won't hurt, we promise! Use the emerging-sigs list or threats@emergingthreats.net to submit.

* 2. Become a Sandnet Analyst We need volunteers to help go through the results of our malware analysis. It's a great way to learn about malware and see what the current trends are. You'll have help, so you don't have to be extremely experienced. Contact threats@emergingthreats.net if you'd like to help out.

* 3. Send in Samples Send us things you find manually, or setup a Nepenthes instance and send it's captured binaries in to the sandnet. Please send samples of anything to samples@sandnet.emergingthreats.net. They can be zipped or not. If you pass protect please use the password "infected". More on how to automate setting up nepenthes submissions at SubmitSamples.

Our History

Bleeding Edge Threats came about in early 2003 to satisfy a need in the community. Prior to our formation, security professionals had to monitor a large number of security mailing lists and websites to glean all of the new IDS signatures that were being discussed and distributed. There was no real way to make sure you had the latest version, or contribute effectively a tweak to improve a signature.

Bleeding Edge Threats was founded by Matt Jonkman and James Ashton to fill that need. It is a completely volunteer run project using donated servers and resources. In late 2007 a change was necessary and Emerging Threats came about to replace Bleeding Threats.

Some of the other projects that have found a home at Emerging Edge Threats:

• Snort BaitnSwitch
• SpywareListeningPost
• Snort.conf Samples (SnortConfSamples)
• SEC Rules Repository (SecRules?)
• SnortClamAV
• CoreMark? Snort Test Suite
• Dragon Signatures (DragonSignatures?)
• RemoteBHO? Scanner
• Spyware User-Agents List
• SPADE Revival

An EmergingFAQ is available as well.

-- MattJonkman - 08 Jan 2008