Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
New Ownership - Policies and Changes Going Forward
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average


What are some ways to evade IDSes? filter_list
Author
Message
Alan Turing Offline
do it pussy
Eleven Years of Service
Posts: 391
Threads: 37
Reputation: 0
Currency: 45 NSP
What are some ways to evade IDSes? 03-09-2014, 12:00 AM #1
I'm already familiar with Polymorphic Shellcode, XOR Values, Obfuscation, sending bits of the payload out of order so IDSes can't reconstruct them, fragmenting packets, slowing packets down for volumetric IDSes, and delaying packets over a long period of time.
No unicode conversion or instruction reversals either.
But what other methods are there? I don't care how advanced, would give me something nice to read up on.
Unleash the lead from my pistol into my head bumpin' crystal

Reply

Reiko Offline
Probably asleep
 *******
Registered (Diamond)
Eleven Years of Service
Posts: 655
Threads: 15
Reputation: 24
Currency: 119 NSP
WhitehatEliteLegendaryGoldBusinessmanBitcoinHoarderJack-O-LanternAkaneStaffAward Whore
RE: What are some ways to evade IDSes? 03-09-2014, 12:25 AM #2
Depends what IDS you're looking at, what it does, how it works.
Are you talking about a HIDS/HIPS or a NIDS/NIPS?
PGP
Sign: F202 79C9 76F7 40BB 54EC 494F 5DEF 1D70 14C1 C4CC
Encrypt: A5B3 1B21 55E1 80AF 4C6E DE83 467B 8EFC 3DEE 681C
Auth: CD55 E8A5 1A08 2933 8BA6 BC88 D81F 1943 739A 3C47

Reply

Alan Turing Offline
do it pussy
Eleven Years of Service
Posts: 391
Threads: 37
Reputation: 0
Currency: 45 NSP
RE: What are some ways to evade IDSes? 03-09-2014, 12:31 AM #3
(03-09-2014, 12:25 AM)Starfall Wrote: Depends what IDS you're looking at, what it does, how it works.
Are you talking about a HIDS/HIPS or a NIDS/NIPS?

Any Heuristic IDS, I don't care about Anomaly at the moment.
(03-09-2014, 12:25 AM)Starfall Wrote: Depends what IDS you're looking at, what it does, how it works.
Are you talking about a HIDS/HIPS or a NIDS/NIPS?

I also assumed IDSes all worked the same way, run off rules and what not. So I can't really see how they'd be different?
(This post was last modified: 03-09-2014, 12:32 AM by Alan Turing.)
Unleash the lead from my pistol into my head bumpin' crystal

Reply

w00t Offline
I'm here to make you think differently.
Registered (Legends)
Twelve Years of Service
Posts: 1,244
Threads: 7
Reputation: 0
Currency: 48 NSP
SmartSuper EliteLegendaryGold
RE: What are some ways to evade IDSes? 03-09-2014, 12:39 AM #4
Hardware IDS and network IDS obviously see data in very different states, especially if it is encrypted.

The only way I've ever needed to use was doing various maths on ASCII characters to get what I needed.

Reply

Alan Turing Offline
do it pussy
Eleven Years of Service
Posts: 391
Threads: 37
Reputation: 0
Currency: 45 NSP
RE: What are some ways to evade IDSes? 03-09-2014, 12:41 AM #5
(03-09-2014, 12:39 AM)w00t Wrote: Hardware IDS and network IDS obviously see data in very different states, especially if it is encrypted.

The only way I've ever needed to use was doing various maths on ASCII characters to get what I needed.

I'd just like to know some new ways on circumventing network IDSes, Heuristic.

Unless, the ones I listed are the only ways, at the moment. Notamused
Unleash the lead from my pistol into my head bumpin' crystal

Reply

Reiko Offline
Probably asleep
 *******
Registered (Diamond)
Eleven Years of Service
Posts: 655
Threads: 15
Reputation: 24
Currency: 119 NSP
WhitehatEliteLegendaryGoldBusinessmanBitcoinHoarderJack-O-LanternAkaneStaffAward Whore
RE: What are some ways to evade IDSes? 03-09-2014, 12:44 AM #6
Perhaps alphanumeric shellcode?
PGP
Sign: F202 79C9 76F7 40BB 54EC 494F 5DEF 1D70 14C1 C4CC
Encrypt: A5B3 1B21 55E1 80AF 4C6E DE83 467B 8EFC 3DEE 681C
Auth: CD55 E8A5 1A08 2933 8BA6 BC88 D81F 1943 739A 3C47

Reply

Alan Turing Offline
do it pussy
Eleven Years of Service
Posts: 391
Threads: 37
Reputation: 0
Currency: 45 NSP
RE: What are some ways to evade IDSes? 03-09-2014, 12:45 AM #7
(03-09-2014, 12:44 AM)Starfall Wrote: Perhaps alphanumeric shellcode?

Sorry, forgot to list that as well.

If there are any sort of shellcode variants besides unicode and polymorphic, that'd be pretty cool.

Any other methods are fine as well.
Unleash the lead from my pistol into my head bumpin' crystal

Reply

w00t Offline
I'm here to make you think differently.
Registered (Legends)
Twelve Years of Service
Posts: 1,244
Threads: 7
Reputation: 0
Currency: 48 NSP
SmartSuper EliteLegendaryGold
RE: What are some ways to evade IDSes? 03-09-2014, 12:55 AM #8
Metamorphic? Morphed? I can think of lots of ways to alter shellcode, but the IDS' first scan isn't heuristics on the input, it's merely rejecting anything with non-printables where they shouldn't be.

Reply

Alan Turing Offline
do it pussy
Eleven Years of Service
Posts: 391
Threads: 37
Reputation: 0
Currency: 45 NSP
RE: What are some ways to evade IDSes? 03-09-2014, 12:58 AM #9
(03-09-2014, 12:55 AM)w00t Wrote: Metamorphic? Morphed? I can think of lots of ways to alter shellcode, but the IDS' first scan isn't heuristics on the input, it's merely rejecting anything with non-printables where they shouldn't be.

Metamorphic is polymorphic. I'm not looking for anything that mutates and changes while abiding by syntax laws.

What are the other ways to alter?
Unleash the lead from my pistol into my head bumpin' crystal

Reply

Silky Offline
Junior Member
Eleven Years of Service
Posts: 47
Threads: 2
Reputation: 0
Currency: 0 NSP
RE: What are some ways to evade IDSes? 03-09-2014, 03:46 AM #10
I like the the reverse https tunnel... works like a charm!

Reply







Users browsing this thread: 2 Guest(s)