Initial Notes

Intrusion detection system.

• https://github.com/bro

• https://github.com/LiamRandall/bro-training

Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example, this folder has some pcaps containing traffic from a yayih trojan:

• https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih

More info:

• https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A

Hat tip:

• http://wiki.securityweekly.com/wiki/index.php/Episode336

Returning Notes

Returning to this: how do you utilize outlier detection, unsupervised learning, and classification to improve networking benchmarks and differentiation of traffic? (Or maybe that's what bro actually does in the first place.)