Completed
Intrinsic Limitations
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
APTs Way - Evading Your EBNIDS
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Signature Based IDS
- 3 Limitations of Signature based NIDS Anachers change a byte of the payload and evade detection
- 4 Emulation-Based NIDS, a Giant Leap
- 5 How Emulation Based NIDS Works?
- 6 Pre-Processing
- 7 Basic Heuristics Detection
- 8 Additional Heuristics
- 9 Syscall Process Memory Scanning
- 10 Evasions
- 11 Intrinsic Limitations
- 12 Unavailable Context Data
- 13 Context Keyed Payload Encoding
- 14 Execution Threshold Random Decryption Algorithm (RDA)
- 15 Fragmentation
- 16 Implementation Limitations
- 17 Kernel32.dll Resolution Heuristic Evasion
- 18 Evading Kernel32.dll Heuristic using SEH Chain
- 19 Kernel32.dll Heuristic Evasion using Stack Frame Walking
- 20 Stack Constructing Shellcode GetPC+PRT evasion
- 21 Egg Hunt (Using API)
- 22 Heuristics Evasion Demo
- 23 Timing
- 24 Emulator Detection Demo
- 25 Anti-Disassembly
- 26 Unsupported Instructions
- 27 Question?
