Adding Docker Container

2020-02-24 08:56:30 -05:00
commit 36eb702282
--- a/docker/labs/lab3/local.rules
+++ b/docker/labs/lab3/local.rules
@@ -0,0 +1 @@
+alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-FLASH Adobe Flash Player Exploit Kit decryption key detected"; flow:to_client,established; file_data; content:"|74 70 72 72 75 65 73 74 6A 62 61 66 65 69 61 78 66 6A 72 75 73 70 68 6D 6E 78|"; fast_pattern:only; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2015-5119; reference:url,malware.dontneedcoffee.com/2015/07/hackingteam-flash-0d-cve-2015-xxxx-and.html; classtype:attempted-user; sid:36193; rev:2;)
--- a/docker/labs/lab3/neutrino_flash_exploit.pcap
+++ b/docker/labs/lab3/neutrino_flash_exploit.pcap
				`@@ -0,0 +1 @@`
				alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-FLASH Adobe Flash Player Exploit Kit decryption key detected"; flow:to_client,established; file_data; content:"\|74 70 72 72 75 65 73 74 6A 62 61 66 65 69 61 78 66 6A 72 75 73 70 68 6D 6E 78\|"; fast_pattern:only; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2015-5119; reference:url,malware.dontneedcoffee.com/2015/07/hackingteam-flash-0d-cve-2015-xxxx-and.html; classtype:attempted-user; sid:36193; rev:2;)