Security Onion Blog

Thursday, September 25, 2014

Bash Vulnerability Part 3

Earlier today, I wrote a quick blog post about detecting exploit attempts for this new Bash Vulnerability:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-2.html

As mentioned in an update to that blog post, Seth Hall wrote a ShellShock detector for Bro that detects successful exploitation (not just an attempt):
https://github.com/broala/bro-shellshock

I've added these Bro scripts to our securityonion-bro-scripts package and submitted the package for testing:
https://groups.google.com/forum/#!topic/security-onion-testing/kOBEKrhKvTo

If you're not already a member of the security-onion-testing Google Group, please join the group and help us test this new package so we can get it released as quickly as possible.

Thanks!

Bro Notice for ShellShock::Exploit

Bro http.log showing ShellShock::HIT
UPDATE 20140926 14:12
Please see Part 4:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-4-another.html

UPDATE 20140927 08:01
The updated securityonion-bro-scripts package has been released to our stable PPA:
http://blog.securityonion.net/2014/09/new-securityonion-bro-scripts.html

at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion Conference 2024 Save the Date and CFP

Our 11th annual Security Onion Conference is currently scheduled to be held in person in Augusta, GA on Friday, October 4, 2024. Registratio...

Popular Posts

Blog Archive