Bro: Difference between revisions

From charlesreid1

(Created page with "Intrusion detection system. https://github.com/bro https://github.com/LiamRandall/bro-training Bro training has pcaps with sample things like malware hiding shells in HTTP...")
 
No edit summary
Line 6: Line 6:


Bro training has pcaps with sample things like malware hiding shells in HTTP traffic.
Bro training has pcaps with sample things like malware hiding shells in HTTP traffic.
For example, this folder has some pcaps containing traffic from a yayih trojan:
https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih
More info:


https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A

Revision as of 21:39, 3 April 2016

Intrusion detection system.

https://github.com/bro

https://github.com/LiamRandall/bro-training

Bro training has pcaps with sample things like malware hiding shells in HTTP traffic.

For example, this folder has some pcaps containing traffic from a yayih trojan:

https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih

More info:

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A

Retrieved from "https://charlesreid1.com/w/index.php?title=Bro&oldid=10313"