Bro: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
* https://github.com/LiamRandall/bro-training | * https://github.com/LiamRandall/bro-training | ||
Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example | Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example: | ||
* This folder has some pcaps containing traffic from a yayih trojan: https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih | |||
* Here is a page that explains what the hell the yayih trojan is: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A | |||
Hat tip: | Hat tip: | ||
Revision as of 03:41, 14 March 2017
Initial Notes
Intrusion detection system.
Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example:
- This folder has some pcaps containing traffic from a yayih trojan: https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih
- Here is a page that explains what the hell the yayih trojan is: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A
Hat tip:
Returning Notes
Returning to this: how do you utilize outlier detection, unsupervised learning, and classification to improve networking benchmarks and differentiation of traffic? (Or maybe that's what bro actually does in the first place.)