BZAR Logo

BZAR

0
Free
Visit Website

BZAR (Bro/Zeek ATT&CK-based Analytics and Reporting) is a set of Bro/Zeek scripts that utilize the SMB and DCE-RPC protocol analyzers and the File Extraction Framework to detect ATT&CK-like activity, raise notices, and write to the Notice Log. It uses the Bro/Zeek Network Security Monitor to detect ATT&CK-based adversarial activity and is a component of the Cyber Analytics Repository. BZAR must be tuned for your specific operational environment to avoid unnecessary entries in the Notice Log.

FEATURES

ALTERNATIVES

Open source framework for network traffic analysis with advanced features.

Monitors network traffic for suspicious activity and alerts when potential threats are detected.

A tool for exploiting HTTP/2 cleartext smuggling vulnerabilities

Repository of pcap traces for evaluating Network Intrusion Detection Systems in HVAC systems.

Exploiting simple stack overflow vulnerabilities using return oriented programming (ROP) to defeat data execution prevention - DEP.

A tool for scanning networks, enumerating Siemens PLCs, and gathering detailed information about them.

JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.

Automate mass scanning of technologies used on websites

PINNED