├── LICENSE ├── README.md ├── detection ├── bro │ ├── README.md │ ├── old │ │ ├── README.md │ │ └── qi.bro │ ├── rexmit_inconsistency-bro-2.3.2.patch │ └── rexmit_inconsistency-bro-2.4.1.patch ├── snort │ ├── README.md │ ├── stream_quantuminsert-snort-2.9.6.2.patch │ └── stream_quantuminsert-snort-2.9.7.2.patch └── suricata │ └── README.md ├── pcaps ├── README.md ├── qi_internet_SYNACK_curl_jsonip.pcap ├── qi_local_GET_slashdot_redirect.pcap ├── qi_local_SYNACK_curl_jsonip.pcap ├── qi_local_SYNACK_imgur_qdp.pcap ├── qi_local_SYNACK_linkedin_redirect.pcap ├── qi_local_SYNACK_putty_dl.pcap └── qi_local_SYNACK_slashdot_redirect.pcap ├── poc ├── README.md ├── monitor.py └── shooter.py └── presentations └── brocon2015 ├── BroCon2015_Fox-IT_QuantumInsert_Detection.pdf ├── demo ├── README.md ├── index.html ├── inject.js ├── monitor.py └── shooter.py └── pcaps ├── README.md ├── bro.org-harlemshake-inject.pcap └── id1.cn-inject.pcap /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/README.md -------------------------------------------------------------------------------- /detection/bro/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/detection/bro/README.md -------------------------------------------------------------------------------- /detection/bro/old/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/detection/bro/old/README.md -------------------------------------------------------------------------------- /detection/bro/old/qi.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/detection/bro/old/qi.bro -------------------------------------------------------------------------------- /detection/bro/rexmit_inconsistency-bro-2.3.2.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/detection/bro/rexmit_inconsistency-bro-2.3.2.patch -------------------------------------------------------------------------------- /detection/bro/rexmit_inconsistency-bro-2.4.1.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/detection/bro/rexmit_inconsistency-bro-2.4.1.patch -------------------------------------------------------------------------------- /detection/snort/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/detection/snort/README.md -------------------------------------------------------------------------------- /detection/snort/stream_quantuminsert-snort-2.9.6.2.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/detection/snort/stream_quantuminsert-snort-2.9.6.2.patch -------------------------------------------------------------------------------- /detection/snort/stream_quantuminsert-snort-2.9.7.2.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/detection/snort/stream_quantuminsert-snort-2.9.7.2.patch -------------------------------------------------------------------------------- /detection/suricata/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/detection/suricata/README.md -------------------------------------------------------------------------------- /pcaps/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/pcaps/README.md -------------------------------------------------------------------------------- /pcaps/qi_internet_SYNACK_curl_jsonip.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/pcaps/qi_internet_SYNACK_curl_jsonip.pcap -------------------------------------------------------------------------------- /pcaps/qi_local_GET_slashdot_redirect.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/pcaps/qi_local_GET_slashdot_redirect.pcap -------------------------------------------------------------------------------- /pcaps/qi_local_SYNACK_curl_jsonip.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/pcaps/qi_local_SYNACK_curl_jsonip.pcap -------------------------------------------------------------------------------- /pcaps/qi_local_SYNACK_imgur_qdp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/pcaps/qi_local_SYNACK_imgur_qdp.pcap -------------------------------------------------------------------------------- /pcaps/qi_local_SYNACK_linkedin_redirect.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/pcaps/qi_local_SYNACK_linkedin_redirect.pcap -------------------------------------------------------------------------------- /pcaps/qi_local_SYNACK_putty_dl.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/pcaps/qi_local_SYNACK_putty_dl.pcap -------------------------------------------------------------------------------- /pcaps/qi_local_SYNACK_slashdot_redirect.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/pcaps/qi_local_SYNACK_slashdot_redirect.pcap -------------------------------------------------------------------------------- /poc/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/poc/README.md -------------------------------------------------------------------------------- /poc/monitor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/poc/monitor.py -------------------------------------------------------------------------------- /poc/shooter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/poc/shooter.py -------------------------------------------------------------------------------- /presentations/brocon2015/BroCon2015_Fox-IT_QuantumInsert_Detection.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/presentations/brocon2015/BroCon2015_Fox-IT_QuantumInsert_Detection.pdf -------------------------------------------------------------------------------- /presentations/brocon2015/demo/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/presentations/brocon2015/demo/README.md -------------------------------------------------------------------------------- /presentations/brocon2015/demo/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/presentations/brocon2015/demo/index.html -------------------------------------------------------------------------------- /presentations/brocon2015/demo/inject.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/presentations/brocon2015/demo/inject.js -------------------------------------------------------------------------------- /presentations/brocon2015/demo/monitor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/presentations/brocon2015/demo/monitor.py -------------------------------------------------------------------------------- /presentations/brocon2015/demo/shooter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/presentations/brocon2015/demo/shooter.py -------------------------------------------------------------------------------- /presentations/brocon2015/pcaps/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/presentations/brocon2015/pcaps/README.md -------------------------------------------------------------------------------- /presentations/brocon2015/pcaps/bro.org-harlemshake-inject.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/presentations/brocon2015/pcaps/bro.org-harlemshake-inject.pcap -------------------------------------------------------------------------------- /presentations/brocon2015/pcaps/id1.cn-inject.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fox-it/quantuminsert/HEAD/presentations/brocon2015/pcaps/id1.cn-inject.pcap --------------------------------------------------------------------------------