[Bro] Detecting Encryption
Seth Hall
seth at icir.org
Mon Aug 24 06:59:25 PDT 2015
> On Aug 21, 2015, at 3:50 PM, Robin Sommer <robin at icir.org> wrote:
>
> Bro has functions to measure entropy, see
> https://www.bro.org/sphinx-git/scripts/base/bif/bro.bif.bro.html#id-find_entropy.
Unfortunately we still haven’t added file and connection entropy analyzers yet. I have a file entropy analyzer floating around somewhere, but generally both of those are extremely easy to write. I think that Ben would need those to do what he’s trying to do.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list