├── .gitignore ├── README.md ├── extract-files ├── bro-ids-file-extraction-http-ftp-smtp-irc.pdf └── extract-files.bro ├── fire-scripts ├── COPYING ├── README.md ├── capture-events.bro ├── dns-fire-count.bro ├── dns-fire.bro ├── http-fire-count.bro ├── http-fire-detail-raw.bro ├── http-fire.bro ├── ssl-tls-fire-count.bro └── ssl-tls-fire.bro ├── http ├── COPYING └── detect-bruteforce │ ├── README.md │ ├── detect-bruteforce.bro │ └── http-status-codes-with-client.bro ├── ssl ├── cert-hash.bro ├── expiring-certs.bro ├── extract-certs-pem.bro ├── known-certs.bro ├── lucky-13 │ ├── detect-lucky-13-ratio.bro │ ├── detect-lucky-13-threshold.bro │ ├── detect-lucky-13.bro │ ├── detect-lucky-13.bro.backup │ └── detection-exploration.bro └── validate-certs.bro ├── talks-and-training ├── Bro_IDS-and-the-Bro-Network-Programming-Language-Liam_Randall-Hectaman-Shmoocon-2013.pdf ├── bro-ids-file-extraction-http-ftp-smtp-irc.pdf └── bro-ids-v2.1-expiring-certificates.pdf └── update-twitter ├── COPYING ├── README.md ├── register-twitter.py.skel ├── update-twitter.bro └── update-twitter.py.skel /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/.gitignore -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/README.md -------------------------------------------------------------------------------- /extract-files/bro-ids-file-extraction-http-ftp-smtp-irc.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/extract-files/bro-ids-file-extraction-http-ftp-smtp-irc.pdf -------------------------------------------------------------------------------- /extract-files/extract-files.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/extract-files/extract-files.bro -------------------------------------------------------------------------------- /fire-scripts/COPYING: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/COPYING -------------------------------------------------------------------------------- /fire-scripts/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/README.md -------------------------------------------------------------------------------- /fire-scripts/capture-events.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/capture-events.bro -------------------------------------------------------------------------------- /fire-scripts/dns-fire-count.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/dns-fire-count.bro -------------------------------------------------------------------------------- /fire-scripts/dns-fire.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/dns-fire.bro -------------------------------------------------------------------------------- /fire-scripts/http-fire-count.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/http-fire-count.bro -------------------------------------------------------------------------------- /fire-scripts/http-fire-detail-raw.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/http-fire-detail-raw.bro -------------------------------------------------------------------------------- /fire-scripts/http-fire.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/http-fire.bro -------------------------------------------------------------------------------- /fire-scripts/ssl-tls-fire-count.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/ssl-tls-fire-count.bro -------------------------------------------------------------------------------- /fire-scripts/ssl-tls-fire.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/fire-scripts/ssl-tls-fire.bro -------------------------------------------------------------------------------- /http/COPYING: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/http/COPYING -------------------------------------------------------------------------------- /http/detect-bruteforce/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/http/detect-bruteforce/README.md -------------------------------------------------------------------------------- /http/detect-bruteforce/detect-bruteforce.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/http/detect-bruteforce/detect-bruteforce.bro -------------------------------------------------------------------------------- /http/detect-bruteforce/http-status-codes-with-client.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/http/detect-bruteforce/http-status-codes-with-client.bro -------------------------------------------------------------------------------- /ssl/cert-hash.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/cert-hash.bro -------------------------------------------------------------------------------- /ssl/expiring-certs.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/expiring-certs.bro -------------------------------------------------------------------------------- /ssl/extract-certs-pem.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/extract-certs-pem.bro -------------------------------------------------------------------------------- /ssl/known-certs.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/known-certs.bro -------------------------------------------------------------------------------- /ssl/lucky-13/detect-lucky-13-ratio.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/lucky-13/detect-lucky-13-ratio.bro -------------------------------------------------------------------------------- /ssl/lucky-13/detect-lucky-13-threshold.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/lucky-13/detect-lucky-13-threshold.bro -------------------------------------------------------------------------------- /ssl/lucky-13/detect-lucky-13.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/lucky-13/detect-lucky-13.bro -------------------------------------------------------------------------------- /ssl/lucky-13/detect-lucky-13.bro.backup: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/lucky-13/detect-lucky-13.bro.backup -------------------------------------------------------------------------------- /ssl/lucky-13/detection-exploration.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/lucky-13/detection-exploration.bro -------------------------------------------------------------------------------- /ssl/validate-certs.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/ssl/validate-certs.bro -------------------------------------------------------------------------------- /talks-and-training/Bro_IDS-and-the-Bro-Network-Programming-Language-Liam_Randall-Hectaman-Shmoocon-2013.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/talks-and-training/Bro_IDS-and-the-Bro-Network-Programming-Language-Liam_Randall-Hectaman-Shmoocon-2013.pdf -------------------------------------------------------------------------------- /talks-and-training/bro-ids-file-extraction-http-ftp-smtp-irc.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/talks-and-training/bro-ids-file-extraction-http-ftp-smtp-irc.pdf -------------------------------------------------------------------------------- /talks-and-training/bro-ids-v2.1-expiring-certificates.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/talks-and-training/bro-ids-v2.1-expiring-certificates.pdf -------------------------------------------------------------------------------- /update-twitter/COPYING: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/update-twitter/COPYING -------------------------------------------------------------------------------- /update-twitter/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/update-twitter/README.md -------------------------------------------------------------------------------- /update-twitter/register-twitter.py.skel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/update-twitter/register-twitter.py.skel -------------------------------------------------------------------------------- /update-twitter/update-twitter.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/update-twitter/update-twitter.bro -------------------------------------------------------------------------------- /update-twitter/update-twitter.py.skel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LiamRandall/bro-scripts/HEAD/update-twitter/update-twitter.py.skel --------------------------------------------------------------------------------