[Bro-Dev] [JIRA] (BIT-1286) Add policy script for Windows version detection via CryptoAPI HTTP Traffic
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Wed Nov 5 06:28:07 PST 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Seth Hall reassigned BIT-1286:
------------------------------
Assignee: Seth Hall
> Add policy script for Windows version detection via CryptoAPI HTTP Traffic
> --------------------------------------------------------------------------
>
> Key: BIT-1286
> URL: https://bro-tracker.atlassian.net/browse/BIT-1286
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: git/master
> Reporter: grigorescu
> Assignee: Seth Hall
>
> Windows systems access a Microsoft Certificate Revocation List (CRL) periodically. The user agent for these requests reveals which version of Crypt32.dll installed on the system, which can uniquely identify the version of Windows that's running.
> This branch adds a Software framework policy script will log the version of Windows that was identified.
--
This message was sent by Atlassian JIRA
(v6.4-OD-09-005#64005)
More information about the bro-dev
mailing list