[Bro] Extract files from SMTP
Derek Banks
itsecderek at gmail.com
Thu Nov 7 05:01:53 PST 2013
Hello All,
I've been using bro now for a good few months and I still feel like a
complete noob. I need to extract out mime types in smtp traffic - I am
looking to extract docx files from our last few weeks of pcaps to then go
check for embedded TIFF files (latest 0 day out on MS apps). Time is not
on my side at the moment - management is bothered about this one for some
reason.
I am running from git master and cannot seem to figure out how the new file
handling works. Has anyone done something like this recently after the
file handling change and would be willing to share?
Once I get the docx files extracted my intent was to use yara to look for
tiffs then foremost to carve any out.
Regards,
Derek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131107/2b51bae5/attachment.html
More information about the Bro
mailing list