From: crazy frog crazy frog (i.m.crazy.frog@gmail.com)
Date: Tue Oct 10 2006 - 00:23:29 EDT
Hello,
admutate is another thing to look for :)
www.newskicks.com
www.secgeeks.com
On 10/9/06, Joseph McCray <joe@learnsecurityonline.com> wrote:
> I was talking with a buddy of mine on the subject of IDS evasion. We
> were going on and on about how none of the old techniques really work
> anymore (substitution/obfuscation/session splicing/fragmentation, blah
> blah blah). I was an IDS monkey in a former life - maybe I'm just a
> glutton for punishment.
>
> There is a bunch of new stuff on the subject that really isn't all that
> well documented (AT LEAST NOT FOR FREE). Everybody charges for this kind
> of info these days - hey who am I to complain - I charge for teaching
> hacking too right? So I figured why not start an IDS/IPS Evasion
> research project of my own.
>
> I figured I could give a shout out to you guys here on the pentest/ids
> lists to help me try out some different open source tools against a few
> I{D|P}Ss, maybe even write a few new tools too, and we can see for
> ourselves what lights up and what doesn't. Now of course you know we'll
> start with Snort as it is by far the most accessible and the easiest to
> find competent users.
>
> Things I'm really interested in digging into:
> 1. Specifically which of the older IDS evasion techniques still work
> against modern I{D|P}Ss.
> 2. What types of tricks can we do with metasploit to evade I{D|P}Ss (and
> get it documented)
> 3. Solidifying, and expanding Renaud Bidou's good work on the subject
> 4. Nail down Firewall/IDS testing specifics for packet crafting tools
> like:
> * hping
> * scapy
> * rubyforger
> * isic
> * nemesis
> * Paketto Keritsu
>
> If you are interested in working on this send me an email. Won't be able
> to start for a week or two, but I can start getting the attack host and
> some targets ready during that time. We'll all figure out how we want to
> build/configure the test network.
>
>
> --
> Joe McCray
> Toll Free: 1-866-892-2132
> Email: joe@learnsecurityonline.com
> Web: https://www.learnsecurityonline.com
>
>
> Learn Security Online, Inc.
>
> * Security Games * Simulators
> * Challenge Servers * Courses
> * Hacking Competitions * Hacklab Access
>
>
>
-- --------------------------------------- http://www.secgeeks.com http://www.newskicks.com --------------------------------------- ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:10 EDT