[Bro] Exfil Framework Released

Robert Rotsted rotsted at reservoir.com
Wed Sep 10 12:14:24 PDT 2014


Hi all,

As announced at BroCon, Reservoir Labs just released the Exfil
Framework on Github.

The Exfil Framework is a suite of Bro scripts that detect file uploads
in TCP connections. The Exfil Framework can detect file uploads in
most TCP sessions including sessions that have encrypted payloads
(SCP,SFTP,HTTPS).

The scripts are located at:
https://github.com/reservoirlabs/bro-scripts/tree/master/exfil-detection-framework

Feel free to reach out to me if you have any questions, comments or
suggestions for improvement.

Best,

Bob

-- 
Bob Rotsted
Senior Engineer
Reservoir Labs, Inc.



More information about the Bro mailing list