Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Fwd: [DEMO] Sample videos about IDS/IPS evasions...
From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Mon, 1 Nov 2010 06:06:00 +0800

---------- Forwarded message ----------
From: Nelson Brito <nbrito () sekure org>
Date: Mon, Nov 1, 2010 at 5:40 AM
Subject: RE: [Full-disclosure] [DEMO] Sample videos about IDS/IPS evasions...
To: Jacky Jack <jacksonsmth698 () gmail com>


http://vimeo.com/16371447

Use this instead!!!

-----Original Message-----
From: Jacky Jack [mailto:jacksonsmth698 () gmail com]
Sent: Sunday, October 31, 2010 5:43 PM
To: Nelson Brito
Subject: Re: [Full-disclosure] [DEMO] Sample videos about IDS/IPS
evasions...

This video has been removed as a violation of YouTube's policy against
spam, scams, and commercially deceptive content.



On Sat, Oct 30, 2010 at 4:47 AM, Nelson Brito <nbrito () sekure org>
wrote:
Hi, everyone!



As so many highlights have been given on Intrusion Detection System
and
Intrusion Prevention System evasions (?) last week, I decided to send
this
message just to let you all know that I published a brand-new sample
video,
demonstrating two Exploit Next Generation® example modules,
successfully
evading:

·         SNORT 2.8.6 detection for MS02-056 vulnerability.

·         SURICATA 0.9.0 detection for MS08-078 vulnerability.



Here is the YouTube video:

·         http://www.youtube.com/watch?v=iHgtf4PXqeU



PS: So, Intrusion Detection System and Intrusion Prevention System
evasions
are not that BIG NEWS, at least not for the H2HC Sixth Edition's
audience.



Before someone asks what the similarities and/or differences between
Exploit
Next Generation® (ENG++) and Advanced Evasion Techniques (AET), let
me get
this clear:

·         ENG++ has a different approach and has no similarity to
AET,
despite the fact that both of them can be used to bypass IDS and IPS
technology. Besides, ENG++ is a much older research.

·         ENG++ was first designed in 2004, coded in 2005, published
in 2008
(“Exploit creation - The random approach” or “Playing with random to
build
exploits”), and became a methodology in 2009 (“The Departed: Exploit
Next
Generation – The Philosophy”).

·         ENG++ became a methodology when I decided to port it to
work
with/to any open exploit development framework, i.e., Metasploit
Framework.

·         Ported means that ENG++ has been developed for a long,
long, long
time, so just some modules is working on Metasploit Framework to
release
some of its example and to help people understanding that really cool
stuff
can be done when you are innovating and creating.



In a few words: Exploit Next Generation® Compliance Methodology is
not the
same thing as Advanced Evasion Techniques (ENG++ != AET).



For further information, please, visit the URL:

·         http://j.mp/ExploitNG



For online information and news about Exploit Next Generation®
Compliance
Methodology, please, follow @Exploit_NG on Twitter.



Cheers.



Nelson Brito

Security Researcher

http://fnstenv.blogspot.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault