Network Forensics Bro scripts & pcap samples
Bro
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
CIF
sample1 All samples uploaded Mar 7, 2014
sample2
sample3
sample4
scripts
README.md

README.md

Bro-samples

Bro scripts & pcap samples

Walk-through the samples using Bro IDS and CIF at Open Security Research: http://blog.opensecurityresearch.com/2014/03/identifying-malware-traffic-with-bro.html

References:

Catching “bayas” on the Wire: Practical. Kung-Fu to detect Malware Traffic. SANS EU Forensic Summit: http://digital-forensics.sans.org/summit-archives/Prague_Summit/Catching_Bayas_on_the_wire_Ismael_Valenzuela.pdf

Liam Randall’s samples, exercises and scripts: https://github.com/LiamRandall

Toolsmith: Collective Intelligence Framework: http://holisticinfosec.blogspot.com.es/2012/07/toolsmith-collective-intelligence.html

The Bro Network Security Monitor: http://www.bro.org/index.html

Malware dumps and pcaps: http://contagiodump.blogspot.com.es

Collective Intelligence Framework: https://code.google.com/p/collective-intelligence-framework/

Security Onion: http://blog.securityonion.net

Remnux: http://zeltser.com/remnux/

by Ismael Valenzuela (@aboutsecurity)