By corelight
A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability) AKA BadNeighbor
Enables plugins to write fine-grained policy for log filtering, modification, and path customization.
This script attempts to detect the Ebury ssh backdoor based on having base64 in the ssh client string.
This script expands the base known-services policy to include is_local_orig flag to indicate if the service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).
This script expands the base known-services policy to include is_local_orig flag to indicate if an outbound service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).
Page 1 of 1, showing 7 record(s) out of 7 total