[Bro-Dev] [JIRA] (BIT-1286) Add policy script for Windows version detection via CryptoAPI HTTP Traffic

grigorescu (JIRA) Mon, 03 Nov 2014 10:57:13 -0800

grigorescu created BIT-1286:
-------------------------------

             Summary: Add policy script for Windows version detection via 
CryptoAPI HTTP Traffic
                 Key: BIT-1286
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1286
             Project: Bro Issue Tracker
          Issue Type: New Feature
          Components: Bro
    Affects Versions: git/master
            Reporter: grigorescu



Windows systems access a Microsoft Certificate Revocation List (CRL) 
periodically. The user agent for these requests reveals which version of 
Crypt32.dll installed on the system, which can uniquely identify the version of 
Windows that's running.

This branch adds a Software framework policy script will log the version of 
Windows that was identified.



--
This message was sent by Atlassian JIRA
(v6.4-OD-09-005#64005)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1286) Add policy script for Windows version detection via CryptoAPI HTTP Traffic

Reply via email to