http://blog.securityonion.net/2014/09/bash-vulnerability-part-2.html
As mentioned in an update to that blog post, Seth Hall wrote a ShellShock detector for Bro that detects successful exploitation (not just an attempt):
https://github.com/broala/bro-shellshock
I've added these Bro scripts to our securityonion-bro-scripts package and submitted the package for testing:
https://groups.google.com/forum/#!topic/security-onion-testing/kOBEKrhKvTo
If you're not already a member of the security-onion-testing Google Group, please join the group and help us test this new package so we can get it released as quickly as possible.
Thanks!
 |
| Bro Notice for ShellShock::Exploit |
 |
| Bro http.log showing ShellShock::HIT |
Please see Part 4:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-4-another.html
UPDATE 20140927 08:01
The updated securityonion-bro-scripts package has been released to our stable PPA:
http://blog.securityonion.net/2014/09/new-securityonion-bro-scripts.html
No comments:
Post a Comment