Re: RPC Evasion techniques
From: crazy frog crazy frog (i.m.crazy.frog_at_gmail.com)
Date: 11/04/05
- Previous message: Planz: "Re: IPv6 support in IDS/IPS products"
- In reply to: Pukhraj Singh: "Re: RPC Evasion techniques"
- Next in thread: Pukhraj Singh: "Re: RPC Evasion techniques"
- Reply: Pukhraj Singh: "Re: RPC Evasion techniques"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Nov 2005 12:30:09 +0530 To: Pukhraj Singh <pukhraj.singh@gmail.com>
hi,
does current ids/ips are able to detect attacks such as polymorphic
shell code(adm mutent) or any other such techniques?
_CF
-- bam bam ting ding ting ding ting ding ting ding ting ding ding i m crazy frog :) "oh yeah oh yeah... another wannabe, in hackerland!!!" On 10/31/05, Pukhraj Singh <pukhraj.singh@gmail.com> wrote: > Lot of things can be done to evade IPS/IDS. > > The tricks vary from protcol to protocol. The difference in the > decoding mechanism of security appliance and the application server > can lead to many evasion techniques. I have created and tested many > mutant exploits and they worked beautifully. The idea is to strike and > exploit some fundamental concepts of logic and protocols which > IDS/IPS makers tend to ignore or is simply beyond their device > capability > > Apparently, I haven't documented and organized the work I did. > > But here is an introductory paper you should definitely read: > http://www.cs.ucsb.edu/~rsg/Hidra/Papers/2004_vigna_robertson_balzarotti_CCS04.pdf > > --Pukhraj Singh > > > On 10/27/05, tcp fin <inet_inaddr@yahoo.com> wrote: > > Hi Guys , > > Any tips and tricks or good article on IDS/IPS evasion > > ? > > I have beautiful paper "Insertion, Evasion and Denial > > of Service: > > Eluding Network Intrusion detection". > > I need some pointers on RPC based evasion techniques. > > > > Regards, > > TCP FIN . > > > > > > > > > > __________________________________ > > Yahoo! Mail - PC Magazine Editors' Choice 2005 > > http://mail.yahoo.com > > > > ------------------------------------------------------------------------ > > Test Your IDS > > > > Is your IDS deployed correctly? > > Find out quickly and easily by testing it > > with real-world attacks from CORE IMPACT. > > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > > to learn more. > > ------------------------------------------------------------------------ > > > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > > - ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
- Previous message: Planz: "Re: IPv6 support in IDS/IPS products"
- In reply to: Pukhraj Singh: "Re: RPC Evasion techniques"
- Next in thread: Pukhraj Singh: "Re: RPC Evasion techniques"
- Reply: Pukhraj Singh: "Re: RPC Evasion techniques"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
