Bro: Difference between revisions

From charlesreid1

No edit summary
No edit summary
Line 14: Line 14:


https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A
Hat tip: http://wiki.securityweekly.com/wiki/index.php/Episode336

Revision as of 21:39, 3 April 2016

Intrusion detection system.

https://github.com/bro

https://github.com/LiamRandall/bro-training

Bro training has pcaps with sample things like malware hiding shells in HTTP traffic.

For example, this folder has some pcaps containing traffic from a yayih trojan:

https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih

More info:

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A

Hat tip: http://wiki.securityweekly.com/wiki/index.php/Episode336

Retrieved from "https://charlesreid1.com/w/index.php?title=Bro&oldid=10314"