Revision as of 05:03, 18 April 2017

Initial Notes

Intrusion detection system.

https://github.com/bro

https://github.com/LiamRandall/bro-training

Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example:

This folder has some pcaps containing traffic from a yayih trojan: https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih
Here is a page that explains what the hell the yayih trojan is: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A

Hat tip:

http://wiki.securityweekly.com/wiki/index.php/Episode336

Returning Notes

Returning to this: how do you utilize outlier detection, unsupervised learning, and classification to improve networking benchmarks and differentiation of traffic? (Or maybe that's what bro actually does in the first place.)

Revision as of 02:39, 17 April 2017 (view source) Bleep bloop (talk \| contribs) m (Bot: Orphan page, add template) ← Older edit		Revision as of 05:03, 18 April 2017 (view source) Admin (talk \| contribs) No edit summary Newer edit →
Line 1:		Line 1:
	~~{{Orphan\|date=April 2017}}~~
	=Initial Notes=		=Initial Notes=

Bro: Difference between revisions

From charlesreid1

Revision as of 05:03, 18 April 2017

Initial Notes

Returning Notes