Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6872 commits 387 branches 198 tags 286 MiB
Commit graph

9 commits

Author SHA1 Message Date
Seth Hall
520ac8d92c Merge remote-tracking branch 'origin/master' into topic/seth/smb 
# Conflicts:
#	scripts/base/protocols/dce-rpc/main.bro
#	scripts/base/protocols/ntlm/main.bro
#	scripts/policy/protocols/smb/smb1-main.bro
#	src/analyzer/protocol/smb/smb-common.pac
#	src/analyzer/protocol/smb/smb-strings.pac
#	src/analyzer/protocol/smb/smb1-com-locking-andx.pac
#	src/analyzer/protocol/smb/smb1-com-logoff-andx.pac
#	src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac
#	src/analyzer/protocol/smb/smb1-com-open-andx.pac
#	src/analyzer/protocol/smb/smb1-com-read-andx.pac
#	src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
#	src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac
#	src/analyzer/protocol/smb/smb1-com-transaction.pac
#	src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac
#	src/analyzer/protocol/smb/smb1-com-write-andx.pac
#	src/analyzer/protocol/smb/smb1-protocol.pac
 2016-08-08 15:46:49 -04:00
Robin Sommer
2a854acd2b Revert "Merge branch 'topic/seth/smb'" 
This reverts commit 9d9c7bafd3, reversing
changes made to eeb8c0cbb0.

The SMB analyzer wasn't ready yet.
 2016-08-05 15:04:49 -07:00
Seth Hall
ebd064de17 Add some more DCE_RPC endpoints. 2016-08-05 12:29:45 -04:00
Seth Hall
d1b1a560c0 Add a DCE-RPC test. 2016-07-07 14:17:25 -04:00
Seth Hall
dcb8dee3eb Small improvements to DCE/RPC handling. 
- Fix an issue with svcctl uuid -> operation mapping.
 - Add a heuristic to fill out the endpoint name in
   case the original dce/rpc binding wasn't seen.
 - Improve naming and code structure in the dce/rpc scripts.
 2016-04-13 12:10:51 -04:00
Seth Hall
ff3437d157 Clean up and moving a few SMB2 commands out into their own files. 
I assume that the upcoming SMB lock thing might be something
related to the SMB2 LOCK command...
 2016-04-01 22:45:07 -04:00
Seth Hall
03d5b655af Add epmapper operations to dce_rpc scripts. 2016-04-01 13:01:23 -04:00
Seth Hall
086519e851 Adding more dcerpc operations and fixing a bug with how log records are handled. 2016-04-01 10:16:02 -04:00
Seth Hall
5721db4be7 Lots of cleanup and improvement to DCE/RPC analyzer. 
- It works with DCE/RPC over SMB1+2 now.
   - Using named pipes in 1+2 and the transaction cmd in SMB1.
 - Base scripts based on work by Josh Liburdi.
 - New dce_rpc.log.  Feedback on how to make this log more compact
   and useful would be appreciated.
 2016-04-01 09:38:52 -04:00