Tuesday, August 07, 2007
Defon 15 presentation now online
"Beyond Vulnerability Scanning - Extrusion and Exploitability Scanning" is now online at http://www.eescan.net/downloads/DC15.pdf.
Many thanks to all who attended. Please feel free to send any feedback to:
Many thanks to all who attended. Please feel free to send any feedback to:
Matt Richard - Extrusion and Exploitability Scanningor
mrichard@verisign.com
matt.richard@gmail.com
Fred Doyle - Risk Metrics
fdoyle@verisign.com
Labels: eescan
Thursday, July 26, 2007
New Twists for HTML Obfuscation in EEscan
Update 8/7/2007 - Please see www.eescan.net for additional details.
I've just finished coding up some new HTML obfuscation modules for eescan. The exploitability tests in eescan will use these obfuscators to probe for
Here are some of the obfuscators that work right now:
Initial testing of the Ajax modules is yielding great results against network based IDS/IPS, so-so results against proxies and good results against desktop AV/IPS suites.
I've just finished coding up some new HTML obfuscation modules for eescan. The exploitability tests in eescan will use these obfuscators to probe for
Here are some of the obfuscators that work right now:
- gzip
- deflate
- chunked
- MPack XOR javascript encoder
- MPack cryptor 4-pass javascript encoder
- AJAX
- SSL
- HTTP over port 443
- SSL over port 80
- arbitrary combinations like AJAX->Mpack->gzip->chunked->SSL->port 80
Initial testing of the Ajax modules is yielding great results against network based IDS/IPS, so-so results against proxies and good results against desktop AV/IPS suites.
Labels: eescan
Subscribe to Posts [Atom]