├── .gitignore
├── COPYING
├── LICENSE
├── README.md
├── bro-pkg.meta
├── scripts
    ├── __load__.zeek
    └── main.zeek
├── testing
    ├── .gitignore
    ├── Baseline
    │   ├── zerologon.CVE-2020-1472_exploit_win2016
    │   │   └── notice.log
    │   ├── zerologon.CVE-2020-1472_exploit_win2019
    │   │   └── notice.log
    │   ├── zerologon.CVE-2020-1472_test_win2016
    │   │   └── notice.log
    │   └── zerologon.CVE-2020-1472_test_win2019
    │   │   └── notice.log
    ├── Files
    │   └── random.seed
    ├── Makefile
    ├── Scripts
    │   ├── diff-remove-timestamps
    │   └── get-zeek-env
    ├── Traces
    │   ├── CVE-2020-1472_exploit_win2016.pcap
    │   ├── CVE-2020-1472_exploit_win2019.pcap
    │   ├── CVE-2020-1472_test_win2016.pcap
    │   └── CVE-2020-1472_test_win2019.pcap
    ├── btest.cfg
    └── zerologon
    │   ├── CVE-2020-1472_exploit_win2016
    │   ├── CVE-2020-1472_exploit_win2019
    │   ├── CVE-2020-1472_test_win2016
    │   ├── CVE-2020-1472_test_win2016_no_notice
    │   ├── CVE-2020-1472_test_win2019
    │   └── CVE-2020-1472_test_win2019_no_notice
└── zkg.meta


/.gitignore:
--------------------------------------------------------------------------------
1 | build
2 | .btest.failed.dat
3 | .state
4 | .tmp
5 | 


--------------------------------------------------------------------------------
/COPYING:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/COPYING


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/README.md


--------------------------------------------------------------------------------
/bro-pkg.meta:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/bro-pkg.meta


--------------------------------------------------------------------------------
/scripts/__load__.zeek:
--------------------------------------------------------------------------------
1 | @load ./main
2 | 


--------------------------------------------------------------------------------
/scripts/main.zeek:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/scripts/main.zeek


--------------------------------------------------------------------------------
/testing/.gitignore:
--------------------------------------------------------------------------------
1 | .btest.failed.dat
2 | .tmp
3 | 


--------------------------------------------------------------------------------
/testing/Baseline/zerologon.CVE-2020-1472_exploit_win2016/notice.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Baseline/zerologon.CVE-2020-1472_exploit_win2016/notice.log


--------------------------------------------------------------------------------
/testing/Baseline/zerologon.CVE-2020-1472_exploit_win2019/notice.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Baseline/zerologon.CVE-2020-1472_exploit_win2019/notice.log


--------------------------------------------------------------------------------
/testing/Baseline/zerologon.CVE-2020-1472_test_win2016/notice.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Baseline/zerologon.CVE-2020-1472_test_win2016/notice.log


--------------------------------------------------------------------------------
/testing/Baseline/zerologon.CVE-2020-1472_test_win2019/notice.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Baseline/zerologon.CVE-2020-1472_test_win2019/notice.log


--------------------------------------------------------------------------------
/testing/Files/random.seed:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Files/random.seed


--------------------------------------------------------------------------------
/testing/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Makefile


--------------------------------------------------------------------------------
/testing/Scripts/diff-remove-timestamps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Scripts/diff-remove-timestamps


--------------------------------------------------------------------------------
/testing/Scripts/get-zeek-env:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Scripts/get-zeek-env


--------------------------------------------------------------------------------
/testing/Traces/CVE-2020-1472_exploit_win2016.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Traces/CVE-2020-1472_exploit_win2016.pcap


--------------------------------------------------------------------------------
/testing/Traces/CVE-2020-1472_exploit_win2019.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Traces/CVE-2020-1472_exploit_win2019.pcap


--------------------------------------------------------------------------------
/testing/Traces/CVE-2020-1472_test_win2016.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Traces/CVE-2020-1472_test_win2016.pcap


--------------------------------------------------------------------------------
/testing/Traces/CVE-2020-1472_test_win2019.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/Traces/CVE-2020-1472_test_win2019.pcap


--------------------------------------------------------------------------------
/testing/btest.cfg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/btest.cfg


--------------------------------------------------------------------------------
/testing/zerologon/CVE-2020-1472_exploit_win2016:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/zerologon/CVE-2020-1472_exploit_win2016


--------------------------------------------------------------------------------
/testing/zerologon/CVE-2020-1472_exploit_win2019:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/zerologon/CVE-2020-1472_exploit_win2019


--------------------------------------------------------------------------------
/testing/zerologon/CVE-2020-1472_test_win2016:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/zerologon/CVE-2020-1472_test_win2016


--------------------------------------------------------------------------------
/testing/zerologon/CVE-2020-1472_test_win2016_no_notice:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/zerologon/CVE-2020-1472_test_win2016_no_notice


--------------------------------------------------------------------------------
/testing/zerologon/CVE-2020-1472_test_win2019:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/zerologon/CVE-2020-1472_test_win2019


--------------------------------------------------------------------------------
/testing/zerologon/CVE-2020-1472_test_win2019_no_notice:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/testing/zerologon/CVE-2020-1472_test_win2019_no_notice


--------------------------------------------------------------------------------
/zkg.meta:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/corelight/zerologon/HEAD/zkg.meta


--------------------------------------------------------------------------------