[Bro] Detecting remote powershell
anthony kasza
anthony.kasza at gmail.com
Fri Mar 16 16:03:39 PDT 2018
If you do some baselining in your environment, JA3 can be very successful
at detecting Powershell.
-AK
On Mar 16, 2018 2:13 PM, "Seth Hall" <seth at corelight.com> wrote:
>
>
> On 16 Mar 2018, at 13:46, James Lay wrote:
>
> > YAY
>
> Whew. Everytime I see stuff like that I start getting nervous.
>
> .Seth
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180316/a37a4f3c/attachment.html
More information about the Bro
mailing list