APTs Way - Evading Your EBNIDS

APTs Way - Evading Your EBNIDS

Black Hat via YouTube Direct link

Unsupported Instructions

26 of 27

26 of 27

Unsupported Instructions

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

APTs Way - Evading Your EBNIDS

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Signature Based IDS
  3. 3 Limitations of Signature based NIDS Anachers change a byte of the payload and evade detection
  4. 4 Emulation-Based NIDS, a Giant Leap
  5. 5 How Emulation Based NIDS Works?
  6. 6 Pre-Processing
  7. 7 Basic Heuristics Detection
  8. 8 Additional Heuristics
  9. 9 Syscall Process Memory Scanning
  10. 10 Evasions
  11. 11 Intrinsic Limitations
  12. 12 Unavailable Context Data
  13. 13 Context Keyed Payload Encoding
  14. 14 Execution Threshold Random Decryption Algorithm (RDA)
  15. 15 Fragmentation
  16. 16 Implementation Limitations
  17. 17 Kernel32.dll Resolution Heuristic Evasion
  18. 18 Evading Kernel32.dll Heuristic using SEH Chain
  19. 19 Kernel32.dll Heuristic Evasion using Stack Frame Walking
  20. 20 Stack Constructing Shellcode GetPC+PRT evasion
  21. 21 Egg Hunt (Using API)
  22. 22 Heuristics Evasion Demo
  23. 23 Timing
  24. 24 Emulator Detection Demo
  25. 25 Anti-Disassembly
  26. 26 Unsupported Instructions
  27. 27 Question?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.