Skip to content
/ CVE-2020-16898 Public

A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability)

License

BSD-3-Clause license
9 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

corelight/CVE-2020-16898

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
scripts
scripts
 
 
testing
testing
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bro-pkg.meta
bro-pkg.meta
 
 
zkg.meta
zkg.meta
 
 

Repository files navigation

"Bad Neighbor" Detection, CVE-2020-16898 (Windows TCP/IP RCE)

Summary:

A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability)

References:

Notices raised :

CVE-2020-16898 exploit detected from %s. https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898#ID0EUGAC . Details from packet for reference: info=%s , options=%s

Usage, notes and recommendations:

  • To use against a pcap you already have zeek -Cr scripts/__load__.zeek your.pcap
  • This package will run in clustered or non clustered environments.

Feedback

  • As details emerge, we are keen to improve this package for the benefit of the community, please feel free to contact the author with any suggestions and feedback.

About

A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability)

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

9 stars

Watchers

13 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages