I hereby claim:
- I am sethhall on github.
- I am remor (https://keybase.io/remor) on keybase.
- I have a public key whose fingerprint is 421B 904C FF8C 56F0 D94C 88EB C4B7 768B D10C DBD5
To claim this, I am signing this object:
const DIR="" &redef; | |
@load base/utils/dir | |
@load frameworks/files/hash-all-files | |
redef exit_only_after_terminate=T; | |
event bro_init() | |
{ |
# Jason Batchelor Edits, 9/19/2014 | |
# Signatures informed by the following resource | |
# http://www.garykessler.net/library/file_sigs.html | |
signature file-olecf { | |
file-magic /(\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1)/ | |
file-mime "application/olecf", 150 | |
} | |
signature file-ooxml { | |
file-magic /(\x50\x4b\x03\x04\x14\x00\x06\x00)/ | |
file-mime "application/vnd.openxmlformats-officedocument", 100 |
I hereby claim:
To claim this, I am signing this object:
redef exit_only_after_terminate = T; | |
module BroExchangeWatch; | |
export { | |
redef enum Notice::Type += { | |
Woo, | |
}; | |
} |
redef record HTTP::Info += { | |
post_body: string &optional &log; | |
}; | |
redef record fa_file += { | |
http_log: HTTP::Info &optional; | |
}; | |
event http_get_post_body(f: fa_file, data: string) |
#!/bin/bash | |
available_governors=$(cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_available_governors \ | |
| head -1 | sed -e 's/ \([a-zA-Z0-9]\)/|\1/g' -e 's/ $//') | |
if [ $# -ne 1 ] | |
then | |
echo "USAGE: $0 [$available_governors]" | |
fi |
1398506591.523781 CsXIjO1BWbvfZpbnha 209.126.230.74 17193 x.x.x.x 443 - -- tcp Heartbleed::SSL_Heartbeat_Attack An TLS heartbleed attack was detected! Record length 3, payload length 16384 - 209.126.230.74 x.x.x.x 443 - worker1-10 Notice::ACTION_LOG 3600.000000 F - - - - - |
#separator \x09 | |
#set_separator , | |
#empty_field (empty) | |
#unset_field - | |
#path conn | |
#open 2014-04-12-23-52-22 | |
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents | |
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] | |
1397349488.146539 CgiXSR3iafr2IvmXH8 96.25.174.16 12929 107.170.194.215 443 tcp ssl 4.071024 606 72872 S1 - 0 ShADad 39 2322 57 75164 (empty) | |
#close 2014-04-12-23-52-22 |
#separator \x09 | |
#set_separator , | |
#empty_field (empty) | |
#unset_field - | |
#path conn | |
#open 2014-04-11-02-09-00 | |
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents | |
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] | |
1397163796.404676 Cojr4LYR0U4FkAT2i 192.168.11.130 57534 192.168.11.128 443 tcp ssl 0.020171 463 51011 RSTO - 0 ShADadR 24 1635 41 53151 (empty) | |
#close 2014-04-11-02-09-00 |
#separator \x09 | |
#set_separator , | |
#empty_field (empty) | |
#unset_field - | |
#path conn | |
#open 2014-04-10-21-40-58 | |
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents | |
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] | |
1397173677.295334 CRVrQz4kM8bETkZAd9 10.20.30.165 5353 224.0.0.251 5353 udp dns 3.000172 120 0 S0 - 0 D 3 204 0 0 (empty) | |
1397173669.761904 C0oDrV3mAS653MpdGh 10.20.30.157 53669 10.20.30.165 443 tcp ssl 2.133122 257 5015 S1 - 0 ShADd 13 777 11 5459 (empty) |