Bro: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
=Initial Notes= | |||
Intrusion detection system. | Intrusion detection system. | ||
https://github.com/bro | * https://github.com/bro | ||
https://github.com/LiamRandall/bro-training | * https://github.com/LiamRandall/bro-training | ||
Bro training has pcaps with | Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example, this folder has some pcaps containing traffic from a yayih trojan: | ||
* https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih | |||
More info: | |||
* https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A | |||
https:// | |||
Hat tip: | |||
* http://wiki.securityweekly.com/wiki/index.php/Episode336 | |||
=Returning Notes= | |||
Returning to this: how do you utilize outlier detection, unsupervised learning, and classification to improve networking benchmarks and differentiation of traffic? (Or maybe that's what bro actually does in the first place.) | |||
Revision as of 03:40, 14 March 2017
Initial Notes
Intrusion detection system.
Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example, this folder has some pcaps containing traffic from a yayih trojan:
More info:
Hat tip:
Returning Notes
Returning to this: how do you utilize outlier detection, unsupervised learning, and classification to improve networking benchmarks and differentiation of traffic? (Or maybe that's what bro actually does in the first place.)