Thursday, September 25, 2014

Bash Vulnerability Part 3

Earlier today, I wrote a quick blog post about detecting exploit attempts for this new Bash Vulnerability:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-2.html

As mentioned in an update to that blog post, Seth Hall wrote a ShellShock detector for Bro that detects successful exploitation (not just an attempt):
https://github.com/broala/bro-shellshock

I've added these Bro scripts to our securityonion-bro-scripts package and submitted the package for testing:
https://groups.google.com/forum/#!topic/security-onion-testing/kOBEKrhKvTo

If you're not already a member of the security-onion-testing Google Group, please join the group and help us test this new package so we can get it released as quickly as possible.

Thanks!

Bro Notice for ShellShock::Exploit

Bro http.log showing ShellShock::HIT
UPDATE 20140926 14:12
Please see Part 4:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-4-another.html

UPDATE 20140927 08:01
The updated securityonion-bro-scripts package has been released to our stable PPA:
http://blog.securityonion.net/2014/09/new-securityonion-bro-scripts.html

No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive