Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS Assessments....and the I{D|P}S evasion research project

from [Sam Gorton] Network Security [Permanent Link]
Subject: Re: IDS Assessments....and the I{D|P}S evasion research project
Date: Thu, 16 Nov 2006 14:51:51 -0500 
On Wed, Nov 15, 2006 at 04:22:19PM -0500, Joseph McCray wrote:

Have any of you ever taken the time to develop a list signatures and
their corresponding tools and/or exploits that actually trigger every
individual signature the IDS has?


Joe, we did something similar for a client - we picked a single 
exploit and performed a whole set of mangling and evasion tests with 
it.

As a foundation, we used the ISAPI .printer exploit by eEye, which has 
the very useful payload of writing a file on the target system.  If 
the file is there, you know the exploit worked.

To help us automate the correlation, we bound each individual test 
case to a unique source port, and included the source port in the file 
name. (Well, we used N for 9, because the exploit couldn't write a 9, 
but you get the idea).  So that way we knew that for a given suite of 
tests, source port 30000 was test X.

Even if you can't do the rest of it, keying each test case to a source 
port is an enormous help in correlation.

--
Sam Gorton                |   Skaion Corporation
sgorton@skaion.com        |   978-251-3963

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Lotus Domino over 443 pentesting., Isidro Ramon Labrador Rodriguez
Next by Date:  RE: Tutorial for brute forcing Web apps,, Maxime Ducharme
Previous by Thread:  IDS Assessments....and the I{D|P}S evasion research project, Joseph McCray
Next by Thread:  Re: IDS Assessments....and the I{D|P}S evasion research project, Eric Hacker
Indexes:  [Date] [Thread] [Top] [All Lists]