Thursday, September 25, 2014

Bash Vulnerability Part 3

Earlier today, I wrote a quick blog post about detecting exploit attempts for this new Bash Vulnerability:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-2.html

As mentioned in an update to that blog post, Seth Hall wrote a ShellShock detector for Bro that detects successful exploitation (not just an attempt):
https://github.com/broala/bro-shellshock

I've added these Bro scripts to our securityonion-bro-scripts package and submitted the package for testing:
https://groups.google.com/forum/#!topic/security-onion-testing/kOBEKrhKvTo

If you're not already a member of the security-onion-testing Google Group, please join the group and help us test this new package so we can get it released as quickly as possible.

Thanks!

Bro Notice for ShellShock::Exploit

Bro http.log showing ShellShock::HIT
UPDATE 20140926 14:12
Please see Part 4:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-4-another.html

UPDATE 20140927 08:01
The updated securityonion-bro-scripts package has been released to our stable PPA:
http://blog.securityonion.net/2014/09/new-securityonion-bro-scripts.html

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive