思博伦环形标志
网络安全

CyberThreat Assessments with Real World Hacker Behavior - Evasion Techniques

作者:

By disguising the exploits at the point of delivery, malicious attackers can avoid detection, making security platforms and policies ineffective. Stay one step ahead of hackers with CyberFlood and CyberThreat Assessment.

Malicious attackers are not necessarily all experts in malware manipulation, PowerShell, or other tools trying to constantly come up with new and innovative ways of exploiting vulnerabilities in enterprise infrastructures and applications. A very powerful means of maneuvering around security controls is quickly leveraging existing exploits while disguising them, therefore rendering security platforms and policies ineffective. Why reinvent the wheel when there is a wide range of evasion techniques that would allow malicious attackers to create variations of existing attacks quickly and without much effort?

The overarching approach for these malicious actors is to disguise the exploits at the point of delivery to avoid getting detected and prevented by the enterprise security controls. Hindering a security platform’s ability to recognize and enforce mitigating policies to the attacks, encryption or evasion techniques can be applied to existing exploits, attacks and other malicious traffic.

An attacker can use encryption methods or any number of well-known evasion techniques to avoid getting detected by the platform that is assumed to have the protection policy. A few categories of evasion techniques are listed below:

  • Encryption

  • FTP Obfuscation

  • HTML Obfuscation

  • HTTP Obfuscation

  • SMTP Obfuscation

  • TLS Obfuscation

  • IP Fragmentation

  • TCP Segmentation

  • URL Obfuscation

  • Javascript Obfuscation

  • Binary Obfuscation

  • Timing (delay)

Each of these categories may include a number of techniques. For example, a number of methods can be considered as part of URL Obfuscation category:

  1. Escape encoding

  2. Microsoft encoding

  3. Premature URL encoding

  4. Long URLs

  5. Fake parameters

  6. Tab separation

  7. Casing

  8. Windows delimiter

  9. Path character transformation and expansions

Failure to recognize any of the specific evasion techniques would make the entire class of attacks exploitable against devices that were presumed to provide protection. Furthermore, it is possible to combine relevant evasion techniques across or within each category, which is a very simple thing to do with significant rewards for malicious attackers. For example, a known Chrome Cross Site Scripting attack can be disguised with time delay and URL obfuscation (escape encoding). While this exploit may be mitigated without the evasion applied, with the combined evasion it may get past security counter measures.

CyberFlood CyberThreat Assessment (CF CTA) Evasion Techniques

CyberFlood is emulation-based solution that proactively provides in-depth assessment of network performance, scalability, and cyber security. Its CyberThreat Assessment (CTA) includes real-world attacks, malware, applications, and evasion techniques as well as industry security frameworks and sensitive data exfiltration scenarios with complete logical network topology in lab and sandbox settings. It includes continuously updated threat intelligence feeds to generate realistic traffic for latest attacks & exploits. It provides near zero-day malware threats as well as real world application traffic (business and non-business types), allowing thorough assessment of organization’s security postures.

CyberFlood emulates a wide range of hyper realistic hacker behavior, including encrypted attacks and evasion techniques. Configured exploits and attacks in CyberFlood can be augmented with various evasion techniques at the global level or on per attack vector basis. Evasions will challenge systems under test through added pressure for validation compared to undisguised attacks and content.

Evasion techniques are a powerful tools hackers use to break through security barriers. By adding assessment strategies inclusive of using the same evasion techniques as hackers, you can stay one step ahead of the bad guys.

Learn how Spirent CyberFlood CyberThreat Assessment can help in assessing the strength of your organization’s pre-production security posture.

喜欢我们的内容吗?

在这里订阅我们的博客

博客订阅

标签网络安全
Reza Saadat
Reza Saadat

高级技术营销工程师,应用与安全部

Reza Saadat是思博伦应用与安全部的高级技术营销工程师,在计算机和数据通信技术方面拥有超过25年经验。在思博伦,Reza与产品管理、工程和销售团队合作,为网络设备制造商、企业和运营商推出最新的尖端应用和安全测试解决方案。他全面深入的行业、市场及软件开发知识以及协作设计与开发能力促成了众多硬件和软件解决方案的诞生——这些解决方案已在IBM、思科等各大公司得到了成功发布。