lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 29 Oct 2010 18:47:54 -0200
From: "Nelson Brito" <nbrito@...ure.org>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>,
	<dailydave@...ts.immunityinc.com>, <focus-ids@...urityfocus.com>,
	<br-scene@...glegroups.com>
Subject: [DEMO] Sample videos about IDS/IPS evasions...

Hi, everyone!

 

As so many highlights have been given on Intrusion Detection System and
Intrusion Prevention System evasions (?) last week, I decided to send this
message just to let you all know that I published a brand-new sample video,
demonstrating two Exploit Next GenerationR example modules, successfully
evading:

.         SNORT 2.8.6 detection for MS02-056 vulnerability.

.         SURICATA 0.9.0 detection for MS08-078 vulnerability.

 

Here is the YouTube video:

.         http://www.youtube.com/watch?v=iHgtf4PXqeU

 

PS: So, Intrusion Detection System and Intrusion Prevention System evasions
are not that BIG NEWS, at least not for the H2HC Sixth Edition's audience.

 

Before someone asks what the similarities and/or differences between Exploit
Next GenerationR (ENG++) and Advanced Evasion Techniques (AET), let me get
this clear:

.         ENG++ has a different approach and has no similarity to AET,
despite the fact that both of them can be used to bypass IDS and IPS
technology. Besides, ENG++ is a much older research. 

.         ENG++ was first designed in 2004, coded in 2005, published in 2008
( <http://packetstormsecurity.org/papers/general/ENG_in_a_nutshell.pdf>
"Exploit creation - The random approach" or "Playing with random to build
exploits"), and became a methodology in 2009 (
<http://www.h2hc.com.br/repositorio/2009/files/Nelson.en.pdf> "The Departed:
Exploit Next Generation - The Philosophy"). 

.         ENG++ became a methodology when I decided to port it to work
with/to any open exploit development framework, i.e., Metasploit Framework. 

.         Ported means that ENG++ has been developed for a long, long, long
time, so just some modules is working on Metasploit Framework to release
some of its example and to help people understanding that really cool stuff
can be done when you are innovating and creating. 

 

In a few words: Exploit Next GenerationR Compliance Methodology is not the
same thing as Advanced Evasion Techniques (ENG++ != AET).

 

For further information, please, visit the URL:

.         http://j.mp/ExploitNG

 

For online information and news about Exploit Next GenerationR Compliance
Methodology, please, follow @Exploit_NG <http://twitter.com/Exploit_NG>  on
Twitter.

 

Cheers.

 

Nelson Brito

Security Researcher

http://fnstenv.blogspot.com/

 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ