Week 13 Takeaways

Reading Summary: Evasion

Organizations mostly use firewalls and Intrusion Prevention System (IPS) to protect its network infrastructure. IPS is as an evasion technique used to detect any security attacks. However, ISPs can be manipulated by changing the header, payload and traffic flow. This will then allow traffic to pass thru and allow the attacker shell access to the target system protected by the ISP. There are various ways and techniques that can be used when it comes to IPS evasion, such as obfuscation, encryption and tunneling, fragmentation, and protocol violations. However, there are multiple open source tools used to conduct research regarding evasion, such as Snort, Wireshark, HxD, Evader, etc.

Question for the class:

In your personal experience, how successful are evasion tools used to detect any malware or evasion techniques used to attack and take control of the machine?

In the news: New Moker RAT Bypasses Detection

The latest remote access Trojan can effectively mitigate security measures on machines and grant the attacker full access to the system. This is known as a RAT (aka Moker) which researches found out that it communicated with a server in Motenegro. This malware can bypass antivirus, sandboxing and virtual machines. Once embedded, the RAT can take full control of the device to take screenshoots, record web traffic, sniff keystrokes, and exfiltrate files.

For more information regarding this article, please click here.