Threat Level: green Handler on Duty: Russ McRee

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Security Onion news: Updated ShellShock detection scripts for Bro

Published: 2014-10-01
Last Updated: 2014-10-01 21:03:13 UTC
by Russ McRee (Version: 1)
0 comment(s)

Per Security Onion's Doug Burks, Seth Hall has developed some comprehensive ShellShock detection scripts for Bro.
These scripts "detect successful exploitation of the Bash vulnerability with CVE-2014-6271 nicknamed "ShellShock" and are more comprehensive than most detections in that they're watching for behavior from the attacked host that might indicate successful compromise or actual vulnerability."
Seth has updated these scripts again today to "Add shellscripts as a post-exploit detection mechanism."
Doug has updated the securityonion-bro-scripts package to include these changes and has also updated the securityonion-web-page package to include some ELSA queries for "ShellShock Exploits" and "ShellShock Scanners".

This is great for current Security Onion users, and even better for readers who have not yet investigated and invested in Security Onion. Now's the time to become familiar and improve your situational awareness, particularly given the fact that it's National Cyber Security Awareness Month. :-)

Everything you need is available on Doug's blog: http://blog.securityonion.net/2014/10/new-securityonion-bro-scripts-and.html

0 comment(s)
VMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html
ISC StormCast for Wednesday, October 1st 2014 http://isc.sans.edu/podcastdetail.html?id=4171

If you have more information or corrections regarding our diary, please share.

Recent Diaries

DerbyCon highlights
published 23 hours ago by Russ McRee (0 comments)

Shellshock: Updated Webcast (Now 6 bash related CVEs!)
published 2 days ago by Dr. J. (0 comments)

Shellshock: A Collection of Exploits seen in the wild
published 2 days ago by Dr. J. (8 comments)

Shellshock: We are not done yet CVE-2014-6277, CVE-2014-6278
published 2 days ago by Dr. J. (0 comments)

Shellshock: Vulnerable Systems you may have missed and how to move forward
published 2 days ago by Dr. J. (2 comments)

What has Bash and Heartbleed Taught Us?
published 3 days ago by Guy (1 comment)

Why We Have Moved to InfoCon:Yellow
published 5 days ago by Richard (5 comments)

Webcast Briefing: Bash Code Injection Vulnerability
published 6 days ago by Dr. J. (7 comments)

Update on CVE-2014-6271: Vulnerability in bash (shellshock)
published 6 days ago by Dr. J. (25 comments)

Attention *NIX admins, time to patch!
published 1 week ago by Pedro (7 comments)

View All Diaries →

Latest Discussions

SSH Bruteforce Uptick Anyone?
created 1 day ago by Philip (0 replies)

XSS vulnerability in opencms v9.0.1 workplace
created 1 week ago by Murali (0 replies)

RSS feeds broken in Sage
created 4 weeks ago by Madmanguruman (0 replies)

Brown Breach.. . UPS
created 1 month ago by ICI2Eye (0 replies)

So, how dead is antivirus exactly?
created 1 month ago by Safensoft (3 replies)

View All Forums →

Latest News

View All News →