Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

GH-541: add test cases for NTLM AV Pair sequence handling

Browse source
This commit is contained in:
Jon Siwek 2019-08-26 10:28:46 -07:00
parent a9f14bf503
commit b954767488
8 changed files with 56 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
testing/btest/scripts/base/protocols/dce-rpc/ntlm-empty-av-pair-seq.zeek Normal file
View file

@ -0,0 +1,8 @@
# Tests for good parsing/handling of empty NTLM AV Pair sequences.
# @TEST-EXEC: zeek -b -r $TRACES/dce-rpc/ntlm-empty-av-sequence.pcap %INPUT
# @TEST-EXEC: btest-diff ntlm.log
# @TEST-EXEC: btest-diff dpd.log
@load base/protocols/dce-rpc
@load base/protocols/ntlm

8
testing/btest/scripts/base/protocols/dce-rpc/ntlm-unterminated-av-pair-seq.zeek Normal file
View file

@ -0,0 +1,8 @@
# Tests for good parsing/handling of unterminated NTLM AV Pair sequences.
# @TEST-EXEC: zeek -b -r $TRACES/dce-rpc/ntlm-unterminated-av-sequence.pcap %INPUT
# @TEST-EXEC: btest-diff ntlm.log
# @TEST-EXEC: btest-diff dpd.log
@load base/protocols/dce-rpc
@load base/protocols/ntlm