Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

APTs Way - Evading Your EBNIDS

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore advanced techniques for evading Emulation Based Network Intrusion Detection Systems (EBNIDS) in this Black Hat conference talk by Ali Abbasi and Jos Wetzels. Delve into the limitations of signature-based intrusion detection systems against sophisticated attackers and learn how EBNIDSes aim to address these shortcomings. Discover novel evasion methods targeting the pre-processing, emulation, and heuristic detection stages of EBNIDSes. Examine intrinsic and implementation limitations, including context-keyed payload encoding, random decryption algorithms, and fragmentation techniques. Gain insights into kernel32.dll resolution heuristic evasion, stack constructing shellcode, and anti-disassembly methods. Witness demonstrations of heuristics evasion and emulator detection, and understand the challenges posed by unsupported instructions in the context of advanced persistent threats (APTs) and government-sponsored attackers.

Syllabus

Intro
Signature Based IDS
Limitations of Signature based NIDS Anachers change a byte of the payload and evade detection
Emulation-Based NIDS, a Giant Leap
How Emulation Based NIDS Works?
Pre-Processing
Basic Heuristics Detection
Additional Heuristics
Syscall Process Memory Scanning
Evasions
Intrinsic Limitations
Unavailable Context Data
Context Keyed Payload Encoding
Execution Threshold Random Decryption Algorithm (RDA)
Fragmentation
Implementation Limitations
Kernel32.dll Resolution Heuristic Evasion
Evading Kernel32.dll Heuristic using SEH Chain
Kernel32.dll Heuristic Evasion using Stack Frame Walking
Stack Constructing Shellcode GetPC+PRT evasion
Egg Hunt (Using API)
Heuristics Evasion Demo
Timing
Emulator Detection Demo
Anti-Disassembly
Unsupported Instructions
Question?

Taught by

Black Hat

Reviews

Start your review of APTs Way - Evading Your EBNIDS

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.