Category Archives: Bro

Use Bro to spot SSL phishing pages (part 1)

A lot of phishes are starting to use SSL certificates, and this makes things interesting for a few reasons. Two big ones are: – End users are trained to look for the green padlock, because if it’s there the page … Continue reading

Posted in Bro | Leave a comment

How to Integrate CIF feeds into Bro Intel files

So you set up a SSH honeypot¬†and are gathering data, but what do you do with it? If you have Bro installed, you can integrate your feeds for monitoring in less than 15 minutes. I’ll show you how to pull … Continue reading

Posted in Bro, CIF, CSIRTG | Leave a comment