bro stuff
play

Bro stuff Justin Azoff Aug 4, 2015 try.bro.org on github Figure : - PowerPoint PPT Presentation

Jan 02, 2023 •130 likes •286 views

Bro stuff Justin Azoff Aug 4, 2015 try.bro.org on github Figure : try.bro on github Bro Dockerfiles on github Figure : try.bro on github try.bro.org CORS CORS is enabled on API endpoints. http:

  1. Bro stuff Justin Azoff Aug 4, 2015

  2. try.bro.org on github Figure : try.bro on github

  3. Bro Dockerfiles on github Figure : try.bro on github

  4. try.bro.org CORS ◮ CORS is enabled on API endpoints. ◮ http: //www.ncsa.illinois.edu/People/jazoff/bro.html

  5. BHR New implemenation of a BlackHole Router with bro integration. ◮ https://github.com/JustinAzoff/bhr-site ◮ https://github.com/JustinAzoff/bhr-bro Use: @load ./bhr-bro redef BHR::block_types += { Scan::Port_Scan, Scan::Address_Scan, };

  6. Fuzz ◮ Let’s fuzz bro!

  7. Fuzz ◮ Let’s fuzz bro! ◮ Basic approach yields 1.8 executions/second - too slow ◮ Tabled for a while.

  8. Fuzz take 2 New features to the rescue: afl-fuzz persistent mode http://lcamtuf.blogspot.com/2015/06/new-in-afl-persistent- mode.html Hack up bro and try again: src/Net.cc | 12 +++++++----- src/main.cc | 25 ++++++++++++++++++++++--- 2 files changed, 29 insertions(+), 8 deletions(-)

  9. Fuzz take 2 New features to the rescue: afl-fuzz persistent mode http://lcamtuf.blogspot.com/2015/06/new-in-afl-persistent- mode.html Hack up bro and try again: src/Net.cc | 12 +++++++----- src/main.cc | 25 ++++++++++++++++++++++--- 2 files changed, 29 insertions(+), 8 deletions(-) Result: 1000+ executions/second.

  10. Fuzz take 2 New features to the rescue: afl-fuzz persistent mode http://lcamtuf.blogspot.com/2015/06/new-in-afl-persistent- mode.html Hack up bro and try again: src/Net.cc | 12 +++++++----- src/main.cc | 25 ++++++++++++++++++++++--- 2 files changed, 29 insertions(+), 8 deletions(-) Result: 1000+ executions/second. But no crashes :(

  11. TODO: Fuzz take 3 Need to build a test bro binary that bypasses libpcap and basic tcp reassembly to feed data directly into analyzers.

  12. Fuzz Detour Maybe I should try something simpler like bro-cut.

  13. Fuzz Detour Maybe I should try something simpler like bro-cut. Figure : bro-cut fuzz crashes

  14. bro-cut bugs Failed conversion of out of range or invalid timestamps #fields ts #types time 77777777777777777 File header contains a missing or null separator #separator #fields a hi #separator \x00 #fields a hi

  15. bro-cut bugs -=2 Figure : bro-cut fuzz success

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ultrafast spectroscopy Detector Stuff Generally you have some stuff and you want to

Ultrafast spectroscopy Detector Stuff Generally you have some stuff and you want to

Ultrafast spectroscopy Detector Stuff Generally you have some stuff and you want to know something about the dynamics of the stuff Kick the stuff with an excitation or pump pulse which triggers some dynamical process

817 views • 33 slides
CRITICAL INFORMATICS Our stuff keeps your stuff from becoming their stuff CRITICAL INFORMATICS

CRITICAL INFORMATICS Our stuff keeps your stuff from becoming their stuff CRITICAL INFORMATICS

CRITICAL INFORMATICS www.criticalinformatics.com January 31, 2018 CRITICAL INFORMATICS Our stuff keeps your stuff from becoming their stuff CRITICAL INFORMATICS www.criticalinformatics.com Page 2 UW UW T Tec ech h Co Conn nnec ect

585 views • 21 slides
Biohacking: Some/mes Spooky Stuff and Some/mes Wonderful Stuff

Biohacking: Some/mes Spooky Stuff and Some/mes Wonderful Stuff

Frazier (nulltone) presents Biohacking: Some/mes Spooky Stuff and Some/mes Wonderful Stuff Biohacking is the prac/ce of engaging biology with the

722 views • 55 slides
Stuff Ive Seen: Retrospective and Prospective Susan Dumais SIGIR Desktop

Stuff Ive Seen: Retrospective and Prospective Susan Dumais SIGIR Desktop

Stuff Ive Seen: Retrospective and Prospective Susan Dumais SIGIR Desktop Search Workshop Overview What is Stuff Ive Seen (SIS)? SIS @ SIGIR 2003 Key findings What has changed? What is next? Stuff

388 views • 20 slides
Music: April Showers By ProleteR Brought to you by: Stuff You Knead! Stuff You Knead!

Music: April Showers By ProleteR Brought to you by: Stuff You Knead! Stuff You Knead!

Music: April Showers By ProleteR Brought to you by: Stuff You Knead! Stuff You Knead! Email: stuffyoukneadnyc@gmail.com Instagram:@stuff_you_knead FaceBook: @StuffYouKnead A short history... A short history... The practice of bread

521 views • 21 slides
College Student Success How Universities Can Impact Outcomes Some stuff you know and other stuff

College Student Success How Universities Can Impact Outcomes Some stuff you know and other stuff

College Student Success How Universities Can Impact Outcomes Some stuff you know and other stuff that is new Alison L. Barton, PhD East Tennessee State University barton@etsu.edu What Is College Student Success? What Is College Student

554 views • 38 slides
SELL MORE PRODUCTS ONLINE STEP FIVE SELL THEM STUFF PART 1 jane hamill 1 STEP 5: SELL STUFF

SELL MORE PRODUCTS ONLINE STEP FIVE SELL THEM STUFF PART 1 jane hamill 1 STEP 5: SELL STUFF

SELL MORE PRODUCTS ONLINE STEP FIVE SELL THEM STUFF PART 1 jane hamill 1 STEP 5: SELL STUFF What well cover in Step Five Whats working NOW Your marketing triggers as a way to sell more Increase conversions When

419 views • 20 slides
Stuff New HW on the web later today No lab today Tests graded by Thurs Last Time

Stuff New HW on the web later today No lab today Tests graded by Thurs Last Time

Stuff New HW on the web later today No lab today Tests graded by Thurs Last Time CAN Bus Intro Low-level stuff Frame types Arbitration Filtering Higher-level protocols Today Embedded wireless networking

600 views • 29 slides
Parser Combinators in Smalltalk 1 Tims Trick Whats so cool about functional

Parser Combinators in Smalltalk 1 Tims Trick Whats so cool about functional

Parser Combinators in Smalltalk 1 Tims Trick Whats so cool about functional programming? referential transparency if x = foo stuff , then x + x = foo stuff + foo stuff = is mathematical equality, and you can replace equal

547 views • 18 slides
GO10-4: Bulky Stuff Class Presentation Welcome to GO10, Class 4 Big and Bulky, Chunky and

GO10-4: Bulky Stuff Class Presentation Welcome to GO10, Class 4 Big and Bulky, Chunky and

GO10-4: Bulky Stuff Class Presentation Welcome to GO10, Class 4 Big and Bulky, Chunky and Fluffy Stuff. This is what our Organized Only Space looked like after Go10-3 Things youll need this week: Sorting Guides we talked about these

63 views • 3 slides
WHO CAN'T TAKE PICTURES GOOD AND WANNA LEARN TO DO OTHER STUFF GOOD TOO Stay a while and

WHO CAN'T TAKE PICTURES GOOD AND WANNA LEARN TO DO OTHER STUFF GOOD TOO Stay a while and

Benjamin Cecchetto BEN CECCHETTO TALK FOR PEOPLE WHO CAN'T TAKE PICTURES GOOD AND WANNA LEARN TO DO OTHER STUFF GOOD TOO Stay a while and Overview listen... Equipment Do Other Stuff Good Too Take Pictures Good Photo shoots

611 views • 25 slides
Straight Talk on Bitcoin and Blockchain Cutting through the BS to get to the tech and stuff you

Straight Talk on Bitcoin and Blockchain Cutting through the BS to get to the tech and stuff you

Straight Talk on Bitcoin and Blockchain Cutting through the BS to get to the tech and stuff you need to know. Jarret Dyrbye - UofA BSc. Computer Engineering 2005 - Doing Bitcoin-related stuff - UofA MSc. Electrical and Computer

665 views • 40 slides
Safety Fun!! Use Stuff Let s See How Much We Know THE HUDSON TMA ! A B C Quick Check What

Safety Fun!! Use Stuff Let s See How Much We Know THE HUDSON TMA ! A B C Quick Check What

Safety Fun!! Use Stuff Let s See How Much We Know THE HUDSON TMA ! A B C Quick Check What Does A stand for? a. Accidents b. Ariana Grande c. Air d. Aerodynamic c. AIR What should you do if your bike starts making strange

483 views • 22 slides
Getting Down to Business Grants and Reporting Semi Annual Visits Strut Your Stuff tour 1

Getting Down to Business Grants and Reporting Semi Annual Visits Strut Your Stuff tour 1

12/6/2018 Getting Down to Business Grants and Reporting Semi Annual Visits Strut Your Stuff tour 1 12/6/2018 Strut Your Stuff March 2019 September 2019 April 2020 Replaces BBC Program reporting (FUN) Two-hour

424 views • 6 slides
Why even worry about this stuff? 1 2/14/2019 Everyday could be the day Disasters are never

Why even worry about this stuff? 1 2/14/2019 Everyday could be the day Disasters are never

2/14/2019 Why even worry about this stuff? 1 2/14/2019 Everyday could be the day Disasters are never scheduled One big event doesnt mean the entire system stops Its about who you knowand what you do to serve the healthcare needs of

722 views • 14 slides
The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The Old Stuff The New Concepts The Bottom Line Gradual Sub-Lattice Reduction (now with more applications!) Andy Novocin andy@novocin.com LIRMM, Montpellier June 22nd The Old Stuff The New Concepts The Bottom Line The (gimmicky) Road

1.46k views • 99 slides
Software Security Dynamic analysis and fuzz testing Bhargava Shastry Prof. Jean-Pierre Seifert

Software Security Dynamic analysis and fuzz testing Bhargava Shastry Prof. Jean-Pierre Seifert

Software Security Dynamic analysis and fuzz testing Bhargava Shastry Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2016 1 / 21 Introduction What is this lecture about? How do we find bugs in programs? ... by

363 views • 21 slides
RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT

RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT

JOE ROZNER / @JROZNER RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT HERE Mostly clean room (ish) implementation of complex languages (context-free- ish) ~35k lines of grammar in total

400 views • 19 slides
OpenACC Tutorial GridKa School 2017: make science && run Andreas Herten , Forschungszentrum

OpenACC Tutorial GridKa School 2017: make science && run Andreas Herten , Forschungszentrum

Member of the Helmholtz Association OpenACC Tutorial GridKa School 2017: make science && run Andreas Herten , Forschungszentrum Jlich, 31 August 2017 Member of the Helmholtz Association Interoperability Visual Profiler Data Locality

2k views • 182 slides
msb( x ) in O(1) steps using 5 multiplications [M.L. Fredman, D.E. Willard, Surpassing the

msb( x ) in O(1) steps using 5 multiplications [M.L. Fredman, D.E. Willard, Surpassing the

msb( x ) in O(1) steps using 5 multiplications [M.L. Fredman, D.E. Willard, Surpassing the information-theoretic bound with fusion trees , Journal of Computer and System Sciences 47 (3): 424 436, 1993] Word size n = g g , g a power of 2

511 views • 17 slides
Disclosures Atrial Flutter: Optimal Management Major Strategies in 2016 Research grant:

Disclosures Atrial Flutter: Optimal Management Major Strategies in 2016 Research grant:

12/17/16 Disclosures Atrial Flutter: Optimal Management Major Strategies in 2016 Research grant: R01 HL102090 (NIH / NHLBI) Research grant: R01 HL126555 (NIH / NHLBI) Research grant: DP14-1403 (CDC) Research grant: R24

305 views • 9 slides
Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction to Computer Security Secure use of the OS Defensive programming and design, contd Announcements intermission Stephen McCamant Bernsteins

535 views • 8 slides
Rotary Club of Williamstowns Supporting healthier minds, bodies and communities through

Rotary Club of Williamstowns Supporting healthier minds, bodies and communities through

Welcome to the Rotary Club of Williamstowns Supporting healthier minds, bodies and communities through research, awareness and education Wear a Hat in May Phon hone:1800 e:1800 781 781 878 878 www.hatday.com.au Supporting healthier

262 views • 14 slides
Approximate Judgement Aggregation (for the case of the doctrinal paradox) Ilan Nehama Center for

Approximate Judgement Aggregation (for the case of the doctrinal paradox) Ilan Nehama Center for

Approximate Judgement Aggregation (for the case of the doctrinal paradox) Ilan Nehama Center for the Study of Rationality The Selim and Rachel Benin School of Computer Science and Engineering The Hebrew University of Jerusalem, Israel Third

734 views • 59 slides

More recommend