[Bro] Detecting Encryption
nhtvl
bmixonb1 at cs.unm.edu
Mon Aug 24 07:27:56 PDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Seth, was the link provided not a file entropy analyzer?
On 08/24/2015 07:59 AM, Seth Hall wrote:
>
>> On Aug 21, 2015, at 3:50 PM, Robin Sommer <robin at icir.org>
>> wrote:
>>
>> Bro has functions to measure entropy, see
>> https://www.bro.org/sphinx-git/scripts/base/bif/bro.bif.bro.html#id-f
ind_entropy.
>
>>
>>
>>
> Unfortunately we still haven’t added file and connection entropy
> analyzers yet. I have a file entropy analyzer floating around
> somewhere, but generally both of those are extremely easy to write.
> I think that Ben would need those to do what he’s trying to do.
>
> .Seth
>
> -- Seth Hall International Computer Science Institute (Bro) because
> everyone has a network http://www.bro.org/
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJV2ynsAAoJEO09Oz0uXqnK1K8H/RmbTLvghesVPVoPzjdmk5Ou
kGz1jGRA0rePMngbtAxMxSpnHi/S5FcMvpz8hyhvT5le23655hqpjtU98facdc6r
r+cNIp9nf9K3wWU5ToxaAXE+CCl+jc9+APwAwGDUgsF2f0QnVCejvXYxN77mBaS5
jAlWQLxV2hRdYzusb2WkaSOE2NtHnHzrdP4xzQrLiQDialhaUQBOvhH2537RUkSF
m1RLzuYY7Dd7ufpm6ERxTzoCuYoe6AxgSzYkOCaOl3kXf9nezfImXrSoaYyxfrlO
X9eRhsKDQRbjR8by25U5NRF3h9wZbFt7KIvCxhTJnG1MugncQyFomOWvtH3LA34=
=FaYJ
-----END PGP SIGNATURE-----
More information about the Bro
mailing list