Re: RPC Evasion techniques

From: crazy frog crazy frog (i.m.crazy.frog_at_gmail.com)
Date: 11/04/05

  • Next message: Pukhraj Singh: "Re: RPC Evasion techniques"
    Date: Fri, 4 Nov 2005 12:30:09 +0530
    To: Pukhraj Singh <pukhraj.singh@gmail.com>
    
    

    hi,
    does current ids/ips are able to detect attacks such as polymorphic
    shell code(adm mutent) or any other such techniques?
    _CF

    --
    bam bam
    ting ding ting ding ting ding
    ting ding ting ding ding
    i m crazy frog :)
    "oh yeah oh yeah...
     another wannabe, in hackerland!!!"
    On 10/31/05, Pukhraj Singh <pukhraj.singh@gmail.com> wrote:
    > Lot of things can be done to evade IPS/IDS.
    >
    > The tricks vary from protcol to protocol. The difference in the
    > decoding mechanism of security appliance and the application server
    > can lead to many evasion techniques. I have created and tested many
    > mutant exploits and they worked beautifully. The idea is to strike and
    > exploit some  fundamental concepts of logic and protocols which
    > IDS/IPS makers tend to ignore or is simply beyond their device
    > capability
    >
    > Apparently, I haven't documented and organized the work I did.
    >
    > But here is an introductory paper you should definitely read:
    > http://www.cs.ucsb.edu/~rsg/Hidra/Papers/2004_vigna_robertson_balzarotti_CCS04.pdf
    >
    > --Pukhraj Singh
    >
    >
    > On 10/27/05, tcp fin <inet_inaddr@yahoo.com> wrote:
    > > Hi Guys ,
    > > Any tips and tricks or good article on IDS/IPS evasion
    > > ?
    > > I have beautiful paper "Insertion, Evasion and Denial
    > > of Service:
    > > Eluding Network Intrusion detection".
    > > I need some pointers on RPC based  evasion techniques.
    > >
    > > Regards,
    > > TCP FIN .
    > >
    > >
    > >
    > >
    > > __________________________________
    > > Yahoo! Mail - PC Magazine Editors' Choice 2005
    > > http://mail.yahoo.com
    > >
    > > ------------------------------------------------------------------------
    > > Test Your IDS
    > >
    > > Is your IDS deployed correctly?
    > > Find out quickly and easily by testing it
    > > with real-world attacks from CORE IMPACT.
    > > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    > > to learn more.
    > > ------------------------------------------------------------------------
    > >
    > >
    >
    > ------------------------------------------------------------------------
    > Test Your IDS
    >
    > Is your IDS deployed correctly?
    > Find out quickly and easily by testing it
    > with real-world attacks from CORE IMPACT.
    > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    > to learn more.
    > ------------------------------------------------------------------------
    >
    >
    -
    ------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it 
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
    to learn more.
    ------------------------------------------------------------------------
    

  • Next message: Pukhraj Singh: "Re: RPC Evasion techniques"

    Relevant Pages

    • Re: sugget a small pentest distro
      ... crazy frog crazy frog wrote: ... >ting ding ting ding ting ding ... >Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: sugget a small pentest distro
      ... ting ding ting ding ting ding ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • RE: sugget a small pentest distro
      ... ting ding ting ding ting ding ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • Re: sugget a small pentest distro
      ... > ting ding ting ding ting ding ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • Re: RPC Evasion techniques
      ... people have implemented a few techniques. ... if used on a standalone basis can lead to a lot of false positives. ... The randomized NOP sleds generated by ADMutate can be detected. ... > ting ding ting ding ting ding ...
      (Focus-IDS)