TS Episode24

From Security Weekly Wiki
Jump to navigationJump to search

Recorded March 29, 2018

Host

  • Beau Bullock, @dafthack, Penetration Tester at Black Hills Information Security
  • Mike Felch, @ustayready, Senior Pentester & Red Teamer at Undisclosed
  • Evading Network-Based Detection Mechanisms

    In this episode of Tradecraft Security Weekly hosts Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss methods for evading network-based detection mechanisms. Many commercial IDS/IPS devices do a pretty decent job of detecting standard pentesting tools like Nmap when no evasion options are used. Additionally, companies are doing a better job at detecting and blocking IP addresses performing password attacks. Proxycannon is a tool that allows pentesters to spin up multiple servers to proxy attempts through to bypass some of these detection mechanisms.

    Links: Nmap Evasion Options - https://nmap.org/book/man-bypass-firewalls-ids.html ProxyCannon - https://www.shellntel.com/blog/2016/1/14/update-to-proxycannon