[Bro-Dev] [JIRA] (BIT-1286) Add policy script for Windows version detection via CryptoAPI HTTP Traffic

Aashish Sharma (JIRA) Mon, 03 Nov 2014 11:20:17 -0800

    [ 
https://bro-tracker.atlassian.net/browse/BIT-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18703#comment-18703
 ]


Aashish Sharma commented on BIT-1286:
-------------------------------------

This is a very neat policy for sure!!


-- 
Aashish Sharma  ([email protected])                                
Cyber Security, 
Lawrence Berkeley National Laboratory  
http://go.lbl.gov/pgp-aashish 
Office: (510)-495-2680  Cell: (510)-612-7971


> Add policy script for Windows version detection via CryptoAPI HTTP Traffic
> --------------------------------------------------------------------------
>
>                 Key: BIT-1286
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1286
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: grigorescu
>
> Windows systems access a Microsoft Certificate Revocation List (CRL) 
> periodically. The user agent for these requests reveals which version of 
> Crypt32.dll installed on the system, which can uniquely identify the version 
> of Windows that's running.
> This branch adds a Software framework policy script will log the version of 
> Windows that was identified.



--
This message was sent by Atlassian JIRA
(v6.4-OD-09-005#64005)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1286) Add policy script for Windows version detection via CryptoAPI HTTP Traffic

Reply via email to