Overview
Explore the world of network protocol vulnerabilities in this 45-minute Black Hat conference talk. Delve into the complexities of network protocol normalization and reassembly, which form the foundation of traffic inspection in Next-Generation Firewalls (NGFW) and Intrusion Prevention Systems (IPS). Learn about evasion techniques, their detection, and the reasons behind evasive vulnerabilities. Discover the innovative "Mong Bath" approach for testing and recording successful attacks. Gain insights into key findings, challenges, and recommended policies for enhancing network security. Witness a live demo and discuss future updates in the field of automatic discovery of evasion vulnerabilities using targeted protocol fuzzing.
Syllabus
Introduction
Title
What is an evasion
Why do we do this
How do you detect evasive attacks
Why do we have evasive vulnerabilities
Why we have evasive vulnerabilities
Evasion Aware
Test Traffic Inspection
How to Test
Mong Bath
Recording Successful Attacks
Results
Pulse Elimination
Challenges
Key Findings
Availability
Demo
Recommended Policies
Multiple Firewalls
Future Updates
Taught by
Black Hat