# Process packets despite bad checksums.
redef ignore_checksums = T;
This will change significantly with Bro 2.2 when we have the file analysis
event x509_certificate(c: connection, is_orig: bool, cert: X509, chain_idx: count, chain_len: count, der_cert: string) | |
{ | |
local domain = "%s.notary.icsi.berkeley.edu"; | |
when ( local str = lookup_hostname_txt(fmt(domain, sha1_hash(der_cert))) ) | |
{ | |
print str; | |
} | |
} |
when (local result = lookup_addr("www.bro-ids.org")) | |
{ | |
for (addr in result) | |
print addr; | |
} |
##! | |
##! A Facebook analysis script. | |
##! | |
##! The script parses the HTTP body of Facebook JSON messages and reconstructs | |
##! a stream of chat messages from it. | |
##! | |
##! Since Facebook switched to HTTPS only, this script no longer works. You may | |
##! use it for inspiration or instructional purposes. | |
##! | |
##! For details, see my blog post: |
@load base/frameworks/notice | |
module Malware; | |
export { | |
redef enum Notice::Type += { | |
## Miniduke C&C activity. | |
Miniduke_CC_Activity | |
}; | |
} |
#!/bin/sh | |
# Installs Bro on Redhat or Debian Linux. | |
if [ "$(id -u)" -ne "0" ] ; then | |
echo "must be root to install Bro" | |
fi | |
# Defaults | |
flavor=redhat | |
prefix=/opt/bro |
library(ggplot2) | |
library(reshape) | |
library(scales) | |
# Computes the number of kB a basic bloom filter requires. | |
# n: the number of elements to store | |
# fp: the desired false positive rate | |
space = function(n, fp) { -n * log(fp) / log(2)^2 / 8 / 1024 } | |
N = 10^(1:9) |
#include <iostream> | |
#include <vector> | |
#include "vast/util/range.h" | |
namespace util { | |
template <typename Derived> | |
class range | |
{ | |
Derived& derived() |
### Keybase proof | |
I hereby claim: | |
* I am mavam on github. | |
* I am mavam (https://keybase.io/mavam) on keybase. | |
* I have a public key whose fingerprint is 8A3B 1323 B469 CCBA 54D3 3BCC D5E7 8DF5 9C8D 4B41 | |
To claim this, I am signing this object: |
library(dplyr) | |
library(tidyr) | |
library(ggplot2) | |
parse_measurement_filename <- function(path) { | |
filename <- strsplit(basename(path), "\\.")[[1]][1] | |
s <- strsplit(filename, "_")[[1]] | |
list(Cores=as.factor(s[1]), Run=as.factor(s[3]), Type=as.factor(s[5])) | |
} |