+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: What are some ways to evade IDSes? (/Thread-What-are-some-ways-to-evade-IDSes)
Pages:
1
2
What are some ways to evade IDSes? - Alan Turing - 03-09-2014
I'm already familiar with Polymorphic Shellcode, XOR Values, Obfuscation, sending bits of the payload out of order so IDSes can't reconstruct them, fragmenting packets, slowing packets down for volumetric IDSes, and delaying packets over a long period of time.
No unicode conversion or instruction reversals either.
But what other methods are there? I don't care how advanced, would give me something nice to read up on.
RE: What are some ways to evade IDSes? - Reiko - 03-09-2014
Depends what IDS you're looking at, what it does, how it works.
Are you talking about a HIDS/HIPS or a NIDS/NIPS?
RE: What are some ways to evade IDSes? - Alan Turing - 03-09-2014
(03-09-2014, 12:25 AM)Starfall Wrote: Depends what IDS you're looking at, what it does, how it works.
Are you talking about a HIDS/HIPS or a NIDS/NIPS?
Any Heuristic IDS, I don't care about Anomaly at the moment.
(03-09-2014, 12:25 AM)Starfall Wrote: Depends what IDS you're looking at, what it does, how it works.
Are you talking about a HIDS/HIPS or a NIDS/NIPS?
I also assumed IDSes all worked the same way, run off rules and what not. So I can't really see how they'd be different?
RE: What are some ways to evade IDSes? - w00t - 03-09-2014
Hardware IDS and network IDS obviously see data in very different states, especially if it is encrypted.
The only way I've ever needed to use was doing various maths on ASCII characters to get what I needed.
RE: What are some ways to evade IDSes? - Alan Turing - 03-09-2014
(03-09-2014, 12:39 AM)w00t Wrote: Hardware IDS and network IDS obviously see data in very different states, especially if it is encrypted.
The only way I've ever needed to use was doing various maths on ASCII characters to get what I needed.
I'd just like to know some new ways on circumventing network IDSes, Heuristic.
Unless, the ones I listed are the only ways, at the moment.
RE: What are some ways to evade IDSes? - Reiko - 03-09-2014
Perhaps alphanumeric shellcode?
RE: What are some ways to evade IDSes? - Alan Turing - 03-09-2014
(03-09-2014, 12:44 AM)Starfall Wrote: Perhaps alphanumeric shellcode?
Sorry, forgot to list that as well.
If there are any sort of shellcode variants besides unicode and polymorphic, that'd be pretty cool.
Any other methods are fine as well.
RE: What are some ways to evade IDSes? - w00t - 03-09-2014
Metamorphic? Morphed? I can think of lots of ways to alter shellcode, but the IDS' first scan isn't heuristics on the input, it's merely rejecting anything with non-printables where they shouldn't be.
RE: What are some ways to evade IDSes? - Alan Turing - 03-09-2014
(03-09-2014, 12:55 AM)w00t Wrote: Metamorphic? Morphed? I can think of lots of ways to alter shellcode, but the IDS' first scan isn't heuristics on the input, it's merely rejecting anything with non-printables where they shouldn't be.
Metamorphic is polymorphic. I'm not looking for anything that mutates and changes while abiding by syntax laws.
What are the other ways to alter?
RE: What are some ways to evade IDSes? - Silky - 03-09-2014
I like the the reverse https tunnel... works like a charm!