SlideShare une entreprise Scribd logo

Harden Security Devices Against Increasingly Sophisticated Evasions

Télécharger en tant que PPTX, PDF
Ixia
Ixia

separate the professional hacker from the vandal. Evasion techniques are used to bypass security measures on EVERY type of device, at EVERY layer. Are you 100% confident your IPS, firewall and other security devices will stand up to these increasingly sophisticated evasions? Join BreakingPoint security researchers for this free webcast and receive a comprehensive briefing on Strike Evasions. Learn how to act with precision to detect evasions with little impact on latency. Get up-to-the-minute details on the latest evasions seen in the wild, the proper ways to test for evasion resistance, and BreakingPoint's five keys for protecting your network against cyber criminals.

Technologie
1  sur  17
Harden Security Devices Against Increasingly Sophisticated Evasions BreakingPoint Webcast Wednesday December 16, 2009
www.breakingpointlabs.com Introductions/Agenda • BreakingPoint speakers: – Dennis Cox, CTO – Todd Manning, Protocol & Security Researcher – Dustin D. Trammell, Protocol & Security Researcher • Quick Glance Agenda: – Evasions Overview – Evasions in Layer 3, 4, 5, 7 and more – Latest evasion techniques – How to validate you are protected – BreakingPoint Five Keys 2
www.breakingpointlabs.com Evasion Technique Introduction • What Is An Evasion? – Legitimate Permutation of Data • Data remains valid • Data looks different – Attempt at bypassing detection or filters • Data representation not recognized or understood by the monitoring entity • Cause the monitor to revert to a less scrutinizing state • Transport of data in a state that is not observable by the monitor 3
www.breakingpointlabs.com Where are Evasions Used? • Everywhere! – Layer 3: IP – Layer 4: TCP – Layer 5: DCERPC, SunRPC, SIP – Layer 7: HTTP, SMTP, POP3, FTP – Content: HTML, OLE, Command-lines (Windows & UNIX), Exploit Shellcode 4
www.breakingpointlabs.com Layer 3: IP Evasions • FragEvasion – IP Fragmentation – Four IP fragmentation methods available: • Overlapping end fragments, favoring either old or new data • Overlapping all fragments, favoring either old or new data • FragOrder – Change the order in which fragments are sent – Three behavior options: • Normal order • Reverse order • Randomize order 5
www.breakingpointlabs.com Layer 4: TCP Evasions • SegmentOrder – Change the order in which segments are sent – Three behavior options: • Normal order • Reverse order • Randomize order • SkipHandShake – Skip the three-way handshake for all connections 6
www.breakingpointlabs.com Layer 5: SIP Evasions • CompactHeaders – Use compact header names instead of full-length header names – Example: “From: <user>” -> “f: <user>” • PadHeadersLineBreak – Pad headers with line breaks – Example: ‘Authorization: Digest username=“user”, realm=“home”’ -> ‘Authorization: Digest rnusername=“user”, rnrealm=“home”’ • PadHeadersWhitespace – Pad headers with whitespace elements – Example: “From: <user>” -> “From:tt<user> “ • RandomizeCase – Randomize the case of data which is case insensitive – Example: “From: <user>” -> “fROm: <UsEr>” 7
www.breakingpointlabs.com Layer 7: Common Evasions • PadCommandWhiteSpace – SMTP, POP3, FTP, Commands (Windows, UNIX) – Inserts arbitrary whitespace between commands and their arguments – Examples: • SMTP: “HELO example.com” -> “HELOtt t example.com” • FTP: “USER username” -> “USER t tt username” • Commands: “rm -rf /” -> “rmt t –rft tt/” • PadPathSlashes – Commands (Windows, UNIX) – Uses slashes to pad command path names – Examples: • Commands: “/bin/cat /etc/passwd” -> “/////bin///cat /etc////passwd” 8
www.breakingpointlabs.com Layer 7: HTTP Evasions • Too many to list them all here… • DirectorySelfReference – Convert all directories to self-referenced relative directories – Example: “GET /path/to/myfile.txt” -> “GET /./path/./to/./myfile.txt” • EncodeHexRandom – Encode random parts of the URI in hex – Example: “GET /index.html” -> “GET /ind%65x.%68tml” • ServerChunkedTransfer – Use “chunked” transfer-encoding to split up the server response • ServerCompression – Use gzip to encode the server response • EncodeUnicodeRandom – Encode random parts of the URI in wide Unicode (UTF-16) 9
www.breakingpointlabs.com Content Evasions • HTML Evasions: HTMLUnicodeEncoding • Encodes HTML in the selected flavor of Unicode: – UTF_7: 7-bit – UTF_8: 8-bit – UTF_16BE: 16-bit big-endian – UTF_16LE: 16-bit little-endian – UTF_32BE: 32-bit big-endian – UTF_32LE: 32-bit little-endian • Shellcode Evasions: RandomNops • Uses random nop-equivalent sequences instead of actual No-Op instructions • Example (ia32): – “x90x90x90x90x90x90x90x90” – becomes – “x16x2fx5dx55x91x06x44x0e” 10
www.breakingpointlabs.com The Latest Evasion Techniques • Latest and greatest • 2010 Forecast? 11
www.breakingpointlabs.com Do Evasions Cause Damage? 12
www.breakingpointlabs.com How To Validate You Are Protected • Forward Thinking • Test, Test, Test • Be Realistic • Be Random • Be Consistent 13
Properly Testing Using Evasions
www.breakingpointlabs.com Enabling Evasions for BreakingPoint • BreakingPoint Methods – Attack Manager: • Attack Group Options - Affects only the attack group selected – Security Test Component: • Parameters Tab, Attack Profile setting - Affects the entire test • Overrides Tab - Affects the entire test • Order of precedence – Overrides – Group Options – Attack Profile 15
www.breakingpointlabs.com The Five Keys BreakingPoint Provides 1. 80+ evasion techniques 2. Dedicated security team 3. New evasion techniques 4. Apply across 4,300+ attacks 5. Multi-layered evasions 16
www.breakingpointlabs.com Q&A Thank You! 17

Recommandé

Password cracking
Password crackingPassword cracking
Password crackingIlan Mindel
 
Reverse shell
Reverse shellReverse shell
Reverse shellIlan Mindel
 
3 technical-dns-workshop-day2
3 technical-dns-workshop-day23 technical-dns-workshop-day2
3 technical-dns-workshop-day2DNS Entrepreneurship Center
 
Responder PPT
Responder PPTResponder PPT
Responder PPTIlan Mindel
 
Ports and services
Ports and servicesPorts and services
Ports and servicesIlan Mindel
 
Realtime Communication Techniques with PHP
Realtime Communication Techniques with PHPRealtime Communication Techniques with PHP
Realtime Communication Techniques with PHPWaterSpout
 
Ruby on embedded devices rug::b Aug 2014
Ruby on embedded devices rug::b Aug 2014Ruby on embedded devices rug::b Aug 2014
Ruby on embedded devices rug::b Aug 2014Eno Thierbach
 
Netcat
NetcatNetcat
Netcatpenetration Tester
 

Recommandé

Password cracking
Password crackingPassword cracking
Password crackingIlan Mindel
 
Reverse shell
Reverse shellReverse shell
Reverse shellIlan Mindel
 
3 technical-dns-workshop-day2
3 technical-dns-workshop-day23 technical-dns-workshop-day2
3 technical-dns-workshop-day2DNS Entrepreneurship Center
 
Responder PPT
Responder PPTResponder PPT
Responder PPTIlan Mindel
 
Ports and services
Ports and servicesPorts and services
Ports and servicesIlan Mindel
 
Realtime Communication Techniques with PHP
Realtime Communication Techniques with PHPRealtime Communication Techniques with PHP
Realtime Communication Techniques with PHPWaterSpout
 
Ruby on embedded devices rug::b Aug 2014
Ruby on embedded devices rug::b Aug 2014Ruby on embedded devices rug::b Aug 2014
Ruby on embedded devices rug::b Aug 2014Eno Thierbach
 
Netcat
NetcatNetcat
Netcatpenetration Tester
 
Fileextraction with suricata
Fileextraction with suricataFileextraction with suricata
Fileextraction with suricataMrArora Arjuna
 
HTTP::Parser::XS - writing a fast & secure XS module
HTTP::Parser::XS - writing a fast & secure XS moduleHTTP::Parser::XS - writing a fast & secure XS module
HTTP::Parser::XS - writing a fast & secure XS moduleKazuho Oku
 
Cryptography and secure systems
Cryptography and secure systemsCryptography and secure systems
Cryptography and secure systemsVsevolod Stakhov
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueDianaWhitney4
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueDianaWhitney4
 
Tips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyTips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyOlivier Bourgeois
 
Using metasploit
Using metasploitUsing metasploit
Using metasploitCyberRad
 
Experimental dtrace
Experimental dtraceExperimental dtrace
Experimental dtraceMatthew Ahrens
 
Veil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeilFramework
 
Micro HTTP Server Implemented in C @ COSCUP 2016
Micro HTTP Server Implemented in C @ COSCUP 2016Micro HTTP Server Implemented in C @ COSCUP 2016
Micro HTTP Server Implemented in C @ COSCUP 2016Jian-Hong Pan
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first moduleredivy
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Tim eberhard bajug3_talk
Tim eberhard bajug3_talkTim eberhard bajug3_talk
Tim eberhard bajug3_talkTim Eberhard
 
rspamd-fosdem
rspamd-fosdemrspamd-fosdem
rspamd-fosdemVsevolod Stakhov
 
How to use SFTP
How to use SFTPHow to use SFTP
How to use SFTPsivachandra mandalapu
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army ToolChandrapal Badshah
 
Tunneling
TunnelingTunneling
TunnelingIlan Mindel
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsBerescu Ionut
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 

Contenu connexe

Tendances

Fileextraction with suricata
Fileextraction with suricataFileextraction with suricata
Fileextraction with suricataMrArora Arjuna
 
HTTP::Parser::XS - writing a fast & secure XS module
HTTP::Parser::XS - writing a fast & secure XS moduleHTTP::Parser::XS - writing a fast & secure XS module
HTTP::Parser::XS - writing a fast & secure XS moduleKazuho Oku
 
Cryptography and secure systems
Cryptography and secure systemsCryptography and secure systems
Cryptography and secure systemsVsevolod Stakhov
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueDianaWhitney4
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueDianaWhitney4
 
Tips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyTips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyOlivier Bourgeois
 
Using metasploit
Using metasploitUsing metasploit
Using metasploitCyberRad
 
Veil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeilFramework
 
Micro HTTP Server Implemented in C @ COSCUP 2016
Micro HTTP Server Implemented in C @ COSCUP 2016Micro HTTP Server Implemented in C @ COSCUP 2016
Micro HTTP Server Implemented in C @ COSCUP 2016Jian-Hong Pan
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first moduleredivy
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Tim eberhard bajug3_talk
Tim eberhard bajug3_talkTim eberhard bajug3_talk
Tim eberhard bajug3_talkTim Eberhard
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsBerescu Ionut
 

Tendances (20)

Fileextraction with suricata
Fileextraction with suricataFileextraction with suricata
Fileextraction with suricata
 
HTTP::Parser::XS - writing a fast & secure XS module
HTTP::Parser::XS - writing a fast & secure XS moduleHTTP::Parser::XS - writing a fast & secure XS module
HTTP::Parser::XS - writing a fast & secure XS module
 
Cryptography and secure systems
Cryptography and secure systemsCryptography and secure systems
Cryptography and secure systems
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB Blue
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB Blue
 
Tips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyTips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development Efficiency
 
Using metasploit
Using metasploitUsing metasploit
Using metasploit
 
Experimental dtrace
Experimental dtraceExperimental dtrace
Experimental dtrace
 
Veil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackers
 
Micro HTTP Server Implemented in C @ COSCUP 2016
Micro HTTP Server Implemented in C @ COSCUP 2016Micro HTTP Server Implemented in C @ COSCUP 2016
Micro HTTP Server Implemented in C @ COSCUP 2016
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first module
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
Tim eberhard bajug3_talk
Tim eberhard bajug3_talkTim eberhard bajug3_talk
Tim eberhard bajug3_talk
 
rspamd-fosdem
rspamd-fosdemrspamd-fosdem
rspamd-fosdem
 
How to use SFTP
How to use SFTPHow to use SFTP
How to use SFTP
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 
Tunneling
TunnelingTunneling
Tunneling
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminsky
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platforms
 

Similaire à Harden Security Devices Against Increasingly Sophisticated Evasions

CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptxLlobarro2
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...DefconRussia
 
Aerospike Go Language Client
Aerospike Go Language ClientAerospike Go Language Client
Aerospike Go Language ClientSayyaparaju Sunil
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005dflexer
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingNetSPI
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingNetSPI
 

Similaire à Harden Security Devices Against Increasingly Sophisticated Evasions (20)

CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breaches
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
 
Coporate Espionage
Coporate EspionageCoporate Espionage
Coporate Espionage
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptx
 
L27
L27L27
L27
 
Concurrency
ConcurrencyConcurrency
Concurrency
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
 
Aerospike Go Language Client
Aerospike Go Language ClientAerospike Go Language Client
Aerospike Go Language Client
 
rspamd-slides
rspamd-slidesrspamd-slides
rspamd-slides
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005
 
snort.ppt
snort.pptsnort.ppt
snort.ppt
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 

Plus de Ixia

Measuring Private Cloud Resiliency
Measuring Private Cloud ResiliencyMeasuring Private Cloud Resiliency
Measuring Private Cloud ResiliencyIxia
 
LTE Testing
LTE TestingLTE Testing
LTE TestingIxia
 
BreakingPoint Storm CTM Cost-Effective Testing Solution
BreakingPoint Storm CTM Cost-Effective Testing SolutionBreakingPoint Storm CTM Cost-Effective Testing Solution
BreakingPoint Storm CTM Cost-Effective Testing SolutionIxia
 
BreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data SheetBreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data SheetIxia
 
LTE Testing | 4G Testing
LTE Testing | 4G TestingLTE Testing | 4G Testing
LTE Testing | 4G TestingIxia
 
White Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device EvaluationWhite Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device EvaluationIxia
 
IPS Test Methodology
IPS Test MethodologyIPS Test Methodology
IPS Test MethodologyIxia
 
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test MethodologyDeep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test MethodologyIxia
 
Load Test Methodology: Server Load Testing
Load Test Methodology: Server Load TestingLoad Test Methodology: Server Load Testing
Load Test Methodology: Server Load TestingIxia
 
IPv6 Test Methodology
IPv6 Test MethodologyIPv6 Test Methodology
IPv6 Test MethodologyIxia
 
Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test MethodologyIxia
 
How to Test High-Performance Next-Generation Firewalls
How to Test High-Performance Next-Generation FirewallsHow to Test High-Performance Next-Generation Firewalls
How to Test High-Performance Next-Generation FirewallsIxia
 
Catalyst 6500 ASA Service Module
Catalyst 6500 ASA Service ModuleCatalyst 6500 ASA Service Module
Catalyst 6500 ASA Service ModuleIxia
 
Testing High Performance Firewalls
Testing High Performance FirewallsTesting High Performance Firewalls
Testing High Performance FirewallsIxia
 
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...Ixia
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSIxia
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Evaluating The Juni...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Evaluating The Juni...BreakingPoint & Juniper RSA Conference 2011 Presentation: Evaluating The Juni...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Evaluating The Juni...Ixia
 
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...Ixia
 
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets LieBreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets LieIxia
 

Plus de Ixia (20)

Measuring Private Cloud Resiliency
Measuring Private Cloud ResiliencyMeasuring Private Cloud Resiliency
Measuring Private Cloud Resiliency
 
LTE Testing
LTE TestingLTE Testing
LTE Testing
 
BreakingPoint Storm CTM Cost-Effective Testing Solution
BreakingPoint Storm CTM Cost-Effective Testing SolutionBreakingPoint Storm CTM Cost-Effective Testing Solution
BreakingPoint Storm CTM Cost-Effective Testing Solution
 
BreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data SheetBreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data Sheet
 
LTE Testing | 4G Testing
LTE Testing | 4G TestingLTE Testing | 4G Testing
LTE Testing | 4G Testing
 
White Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device EvaluationWhite Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device Evaluation
 
IPS Test Methodology
IPS Test MethodologyIPS Test Methodology
IPS Test Methodology
 
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test MethodologyDeep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
 
Load Test Methodology: Server Load Testing
Load Test Methodology: Server Load TestingLoad Test Methodology: Server Load Testing
Load Test Methodology: Server Load Testing
 
IPv6 Test Methodology
IPv6 Test MethodologyIPv6 Test Methodology
IPv6 Test Methodology
 
Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test Methodology
 
How to Test High-Performance Next-Generation Firewalls
How to Test High-Performance Next-Generation FirewallsHow to Test High-Performance Next-Generation Firewalls
How to Test High-Performance Next-Generation Firewalls
 
Catalyst 6500 ASA Service Module
Catalyst 6500 ASA Service ModuleCatalyst 6500 ASA Service Module
Catalyst 6500 ASA Service Module
 
Testing High Performance Firewalls
Testing High Performance FirewallsTesting High Performance Firewalls
Testing High Performance Firewalls
 
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Evaluating The Juni...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Evaluating The Juni...BreakingPoint & Juniper RSA Conference 2011 Presentation: Evaluating The Juni...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Evaluating The Juni...
 
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...
 
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets LieBreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
 

Dernier

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Dernier (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Harden Security Devices Against Increasingly Sophisticated Evasions

  • 1. Harden Security Devices Against Increasingly Sophisticated Evasions BreakingPoint Webcast Wednesday December 16, 2009
  • 2. www.breakingpointlabs.com Introductions/Agenda • BreakingPoint speakers: – Dennis Cox, CTO – Todd Manning, Protocol & Security Researcher – Dustin D. Trammell, Protocol & Security Researcher • Quick Glance Agenda: – Evasions Overview – Evasions in Layer 3, 4, 5, 7 and more – Latest evasion techniques – How to validate you are protected – BreakingPoint Five Keys 2
  • 3. www.breakingpointlabs.com Evasion Technique Introduction • What Is An Evasion? – Legitimate Permutation of Data • Data remains valid • Data looks different – Attempt at bypassing detection or filters • Data representation not recognized or understood by the monitoring entity • Cause the monitor to revert to a less scrutinizing state • Transport of data in a state that is not observable by the monitor 3
  • 4. www.breakingpointlabs.com Where are Evasions Used? • Everywhere! – Layer 3: IP – Layer 4: TCP – Layer 5: DCERPC, SunRPC, SIP – Layer 7: HTTP, SMTP, POP3, FTP – Content: HTML, OLE, Command-lines (Windows & UNIX), Exploit Shellcode 4
  • 5. www.breakingpointlabs.com Layer 3: IP Evasions • FragEvasion – IP Fragmentation – Four IP fragmentation methods available: • Overlapping end fragments, favoring either old or new data • Overlapping all fragments, favoring either old or new data • FragOrder – Change the order in which fragments are sent – Three behavior options: • Normal order • Reverse order • Randomize order 5
  • 6. www.breakingpointlabs.com Layer 4: TCP Evasions • SegmentOrder – Change the order in which segments are sent – Three behavior options: • Normal order • Reverse order • Randomize order • SkipHandShake – Skip the three-way handshake for all connections 6
  • 7. www.breakingpointlabs.com Layer 5: SIP Evasions • CompactHeaders – Use compact header names instead of full-length header names – Example: “From: <user>” -> “f: <user>” • PadHeadersLineBreak – Pad headers with line breaks – Example: ‘Authorization: Digest username=“user”, realm=“home”’ -> ‘Authorization: Digest rnusername=“user”, rnrealm=“home”’ • PadHeadersWhitespace – Pad headers with whitespace elements – Example: “From: <user>” -> “From:tt<user> “ • RandomizeCase – Randomize the case of data which is case insensitive – Example: “From: <user>” -> “fROm: <UsEr>” 7
  • 8. www.breakingpointlabs.com Layer 7: Common Evasions • PadCommandWhiteSpace – SMTP, POP3, FTP, Commands (Windows, UNIX) – Inserts arbitrary whitespace between commands and their arguments – Examples: • SMTP: “HELO example.com” -> “HELOtt t example.com” • FTP: “USER username” -> “USER t tt username” • Commands: “rm -rf /” -> “rmt t –rft tt/” • PadPathSlashes – Commands (Windows, UNIX) – Uses slashes to pad command path names – Examples: • Commands: “/bin/cat /etc/passwd” -> “/////bin///cat /etc////passwd” 8
  • 9. www.breakingpointlabs.com Layer 7: HTTP Evasions • Too many to list them all here… • DirectorySelfReference – Convert all directories to self-referenced relative directories – Example: “GET /path/to/myfile.txt” -> “GET /./path/./to/./myfile.txt” • EncodeHexRandom – Encode random parts of the URI in hex – Example: “GET /index.html” -> “GET /ind%65x.%68tml” • ServerChunkedTransfer – Use “chunked” transfer-encoding to split up the server response • ServerCompression – Use gzip to encode the server response • EncodeUnicodeRandom – Encode random parts of the URI in wide Unicode (UTF-16) 9
  • 10. www.breakingpointlabs.com Content Evasions • HTML Evasions: HTMLUnicodeEncoding • Encodes HTML in the selected flavor of Unicode: – UTF_7: 7-bit – UTF_8: 8-bit – UTF_16BE: 16-bit big-endian – UTF_16LE: 16-bit little-endian – UTF_32BE: 32-bit big-endian – UTF_32LE: 32-bit little-endian • Shellcode Evasions: RandomNops • Uses random nop-equivalent sequences instead of actual No-Op instructions • Example (ia32): – “x90x90x90x90x90x90x90x90” – becomes – “x16x2fx5dx55x91x06x44x0e” 10
  • 11. www.breakingpointlabs.com The Latest Evasion Techniques • Latest and greatest • 2010 Forecast? 11
  • 13. www.breakingpointlabs.com How To Validate You Are Protected • Forward Thinking • Test, Test, Test • Be Realistic • Be Random • Be Consistent 13
  • 15. www.breakingpointlabs.com Enabling Evasions for BreakingPoint • BreakingPoint Methods – Attack Manager: • Attack Group Options - Affects only the attack group selected – Security Test Component: • Parameters Tab, Attack Profile setting - Affects the entire test • Overrides Tab - Affects the entire test • Order of precedence – Overrides – Group Options – Attack Profile 15
  • 16. www.breakingpointlabs.com The Five Keys BreakingPoint Provides 1. 80+ evasion techniques 2. Dedicated security team 3. New evasion techniques 4. Apply across 4,300+ attacks 5. Multi-layered evasions 16

Notes de l'éditeur

  1. SneakAckHandshake Establish sessions with the SneakAck Handshake for all connections