Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: HIPS Buffer Overflow Protection - Bypass

from [Sanjay R] Network Security [Permanent Link]
Subject: Re: HIPS Buffer Overflow Protection - Bypass
Date: Thu, 16 Nov 2006 09:14:45 +0530 
Hi Bart:
As mentioned by Danny, HIPS under testing is targeting only exploit
codes and few commonly used shellcodes. The signatures are being
written for exploit codes, not for vulerabilities. Otherwise, MS06-040
exploit must had been detected, irrespective of shellcodes. I think,
if it is not that confidential, it would be good if you mention the
product names, so that those companies as well as other users will
come to know about the right picture.

thanks
-Sanjay
On 11/16/06, dfullerton@mantor.org <dfullerton@mantor.org> wrote:

Bart,

Basically this means that this HIPS does not detect nor protect against this buffer 
overflow. Looks like the only thing detected by the IPS was the different Metasploit 
payload except the "adduser" one (the actual shellcode signature). 
Consequently, we can say that any custom payload would go undetected. Signature-based 
recognition is one part of the whole detection picture and looks like this IPS can't do 
much in others portions of detection/prevention for this vulnerability such as stack 
protection (write and execution of stack memory segment) and heuristic.

Danny Fullerton
IT security Specialist
Mantor Organization

___________________________________
NOCC, http://nocc.sourceforge.net



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------




--
PhD
Intoto Softwares, Hyderabad, India

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DDOS Products, Drexx Laggui [personal]
Next by Date:  Re: Call Center Security Testing, Justin Lintz
Previous by Thread:  Re: HIPS Buffer Overflow Protection - Bypass, dfullerton
Next by Thread:  Gleg Ltd - Metasploit add-ons ceased due to Security Reasons, toggmeister
Indexes:  [Date] [Thread] [Top] [All Lists]