SlideShare uma empresa Scribd logo

Bypassing cisco’s sourcefire amp endpoint solution – full demo

Transferir como DOCX, PDF
Rajivarnan R
Rajivarnan R

Bypassing cisco’s sourcefire amp endpoint solution

Software
1 de 13
Bypassing Cisco’s Sourcefire AMP endpoint solution – Full demo & comparison with RSA NWE This article will demonstrate one of the key differences between NG AV endpoint protection and EDR solutions such as RSA NetWitness for Endpoints. In this article, we will demonstrate how Cisco’s endpoint protection solutions Sourcefire AMP is easily bypassed by performing a buffer overflow and in-memory post exploitation activities. This test was performed on a fully patched Windows 10 machine with an active MS Defender, MS Firewall, Cisco AMP & RSA NWE agent installed. The setup used for this test was the following: Windows 10 client protection verification
Vulnerable application is installed and running Cisco SourceFire AMP does not find any issues on the clean machine
AMP tracking information does not highlight any suspicious activities RSA NWE does not find any suspicious activities on the clean machine
Attacker – KALI setting up exploit & payload module
Running remote buffer overflow exploit No alerting from either Cisco AMP or MS Defender…
Attacker runs additional post exploitation activities such as a keylogger Attacker searches and downloads password.txt & creates a screenshot
Attacker performs a ARP network scan Attacker start an interactive SHELL and runs WHOAMI & IPCONFIG commands
Still no alerting from either Cisco AMP or MS Defender… Cisco AMP does not detect or notifies on exploit and post exploit activities….
Now let’s look at RSA NWE
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demo

Recomendados

Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseNode Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs Security
Jason Ross
 
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatBasic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Vladyslav Radetsky
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Vladyslav Radetsky
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015
Adam Baldwin
 
Node.JS security
Node.JS securityNode.JS security
Node.JS security
Deepu S Nath
 
C# Exception best practices
C# Exception best practicesC# Exception best practices
C# Exception best practices
Antti Törrönen
 
C# exceptions handling best practices
C# exceptions handling best practicesC# exceptions handling best practices
C# exceptions handling best practices
Kwork Innovaatiot
 

Recomendados

Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseNode Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs Security
Jason Ross
 
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatBasic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Vladyslav Radetsky
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Vladyslav Radetsky
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015
Adam Baldwin
 
Node.JS security
Node.JS securityNode.JS security
Node.JS security
Deepu S Nath
 
C# Exception best practices
C# Exception best practicesC# Exception best practices
C# Exception best practices
Antti Törrönen
 
C# exceptions handling best practices
C# exceptions handling best practicesC# exceptions handling best practices
C# exceptions handling best practices
Kwork Innovaatiot
 
Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?
Franziska Buehler
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
Anant Shrivastava
 
Deploying cisco asa firewall features
Deploying cisco asa firewall featuresDeploying cisco asa firewall features
Deploying cisco asa firewall features
bestip
 
XSS - Presented at EPiServer Meetup in Oslo 25th May 2011
XSS - Presented at EPiServer Meetup in Oslo 25th May 2011XSS - Presented at EPiServer Meetup in Oslo 25th May 2011
XSS - Presented at EPiServer Meetup in Oslo 25th May 2011
Johannes Østensjø
 
Csrf protector
Csrf protectorCsrf protector
Csrf protector
Minhaz A V
 
RBAC in Swift
RBAC in SwiftRBAC in Swift
RBAC in Swift
HisashiOsanai
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav
 
OWASP CSRF Protector
OWASP CSRF ProtectorOWASP CSRF Protector
OWASP CSRF Protector
Minhaz A V
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
Exceptions
ExceptionsExceptions
Exceptions
sanjana mun
 
CCNA Security
CCNA SecurityCCNA Security
CCNA Security
sepand kabiry
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
Puppet
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
Tom Eston
 
Migrating to WP Engine
Migrating to WP EngineMigrating to WP Engine
Migrating to WP Engine
mesmonde
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
Mehmet Ince
 
300-208 Dumps
300-208 Dumps300-208 Dumps
300-208 Dumps
mason210
 
Securing you SQL Server
Securing you SQL ServerSecuring you SQL Server
Securing you SQL Server
Gabriel Villa
 
PuppetCamp Verona 2013 - Razor, Puppet & VMware
PuppetCamp Verona 2013 - Razor, Puppet & VMwarePuppetCamp Verona 2013 - Razor, Puppet & VMware
PuppetCamp Verona 2013 - Razor, Puppet & VMware
gguglie
 
PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...
PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...
PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...
Jonas Rosland
 
Guida / Tutorial: Come aprire il tuo e-commerce su stylenda.com
Guida / Tutorial: Come aprire il tuo e-commerce su stylenda.comGuida / Tutorial: Come aprire il tuo e-commerce su stylenda.com
Guida / Tutorial: Come aprire il tuo e-commerce su stylenda.com
Stylenda
 
نادي اطفال غنوش
نادي اطفال غنوشنادي اطفال غنوش
نادي اطفال غنوش
barrani
 

Mais conteúdo relacionado

Mais procurados

Deploying cisco asa firewall features
Deploying cisco asa firewall featuresDeploying cisco asa firewall features
Deploying cisco asa firewall features
bestip
 
XSS - Presented at EPiServer Meetup in Oslo 25th May 2011
XSS - Presented at EPiServer Meetup in Oslo 25th May 2011XSS - Presented at EPiServer Meetup in Oslo 25th May 2011
XSS - Presented at EPiServer Meetup in Oslo 25th May 2011
Johannes Østensjø
 
PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...
PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...
PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...
Jonas Rosland
 

Mais procurados (20)

Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
Deploying cisco asa firewall features
Deploying cisco asa firewall featuresDeploying cisco asa firewall features
Deploying cisco asa firewall features
 
XSS - Presented at EPiServer Meetup in Oslo 25th May 2011
XSS - Presented at EPiServer Meetup in Oslo 25th May 2011XSS - Presented at EPiServer Meetup in Oslo 25th May 2011
XSS - Presented at EPiServer Meetup in Oslo 25th May 2011
 
Csrf protector
Csrf protectorCsrf protector
Csrf protector
 
RBAC in Swift
RBAC in SwiftRBAC in Swift
RBAC in Swift
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
 
OWASP CSRF Protector
OWASP CSRF ProtectorOWASP CSRF Protector
OWASP CSRF Protector
 
Mod security
Mod securityMod security
Mod security
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
 
Exceptions
ExceptionsExceptions
Exceptions
 
CCNA Security
CCNA SecurityCCNA Security
CCNA Security
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
Migrating to WP Engine
Migrating to WP EngineMigrating to WP Engine
Migrating to WP Engine
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
 
300-208 Dumps
300-208 Dumps300-208 Dumps
300-208 Dumps
 
Securing you SQL Server
Securing you SQL ServerSecuring you SQL Server
Securing you SQL Server
 
PuppetCamp Verona 2013 - Razor, Puppet & VMware
PuppetCamp Verona 2013 - Razor, Puppet & VMwarePuppetCamp Verona 2013 - Razor, Puppet & VMware
PuppetCamp Verona 2013 - Razor, Puppet & VMware
 
PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...
PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...
PuppetCamp Amsterdam 2013 - Automated OS and App deployment using Puppet and ...
 

Destaque

نادي اطفال غنوش
نادي اطفال غنوشنادي اطفال غنوش
نادي اطفال غنوش
barrani
 
Governor’s ball project FINAL
Governor’s ball project FINALGovernor’s ball project FINAL
Governor’s ball project FINAL
Kyle Robinson
 
Quick Leasing Presentation
Quick Leasing PresentationQuick Leasing Presentation
Quick Leasing Presentation
Dennis Peterson
 
resume 5 2015docx
resume 5 2015docxresume 5 2015docx
resume 5 2015docx
Lucy Duarte
 
DeterminingWhichZincCompoundWillResultinLargestBrassYieldWhenUsedtoPlateCoppe...
DeterminingWhichZincCompoundWillResultinLargestBrassYieldWhenUsedtoPlateCoppe...DeterminingWhichZincCompoundWillResultinLargestBrassYieldWhenUsedtoPlateCoppe...
DeterminingWhichZincCompoundWillResultinLargestBrassYieldWhenUsedtoPlateCoppe...
Alexander Kaunzinger
 
2015 Man Excels - Business Intro
2015 Man Excels - Business Intro2015 Man Excels - Business Intro
2015 Man Excels - Business Intro
Tanisha Oberoi
 
Leftventricularassistdevice 150525194214-lva1-app6891
Leftventricularassistdevice 150525194214-lva1-app6891Leftventricularassistdevice 150525194214-lva1-app6891
Leftventricularassistdevice 150525194214-lva1-app6891
allisonhall07
 

Destaque (13)

Guida / Tutorial: Come aprire il tuo e-commerce su stylenda.com
Guida / Tutorial: Come aprire il tuo e-commerce su stylenda.comGuida / Tutorial: Come aprire il tuo e-commerce su stylenda.com
Guida / Tutorial: Come aprire il tuo e-commerce su stylenda.com
 
نادي اطفال غنوش
نادي اطفال غنوشنادي اطفال غنوش
نادي اطفال غنوش
 
Governor’s ball project FINAL
Governor’s ball project FINALGovernor’s ball project FINAL
Governor’s ball project FINAL
 
Quick Leasing Presentation
Quick Leasing PresentationQuick Leasing Presentation
Quick Leasing Presentation
 
Let's be friends
Let's be friendsLet's be friends
Let's be friends
 
resume 5 2015docx
resume 5 2015docxresume 5 2015docx
resume 5 2015docx
 
Presentation2 160129194510
Presentation2 160129194510Presentation2 160129194510
Presentation2 160129194510
 
DeterminingWhichZincCompoundWillResultinLargestBrassYieldWhenUsedtoPlateCoppe...
DeterminingWhichZincCompoundWillResultinLargestBrassYieldWhenUsedtoPlateCoppe...DeterminingWhichZincCompoundWillResultinLargestBrassYieldWhenUsedtoPlateCoppe...
DeterminingWhichZincCompoundWillResultinLargestBrassYieldWhenUsedtoPlateCoppe...
 
Aenlle Resume 2016
Aenlle Resume 2016Aenlle Resume 2016
Aenlle Resume 2016
 
Impresjonismen
ImpresjonismenImpresjonismen
Impresjonismen
 
Uttrykkshistorie
UttrykkshistorieUttrykkshistorie
Uttrykkshistorie
 
2015 Man Excels - Business Intro
2015 Man Excels - Business Intro2015 Man Excels - Business Intro
2015 Man Excels - Business Intro
 
Leftventricularassistdevice 150525194214-lva1-app6891
Leftventricularassistdevice 150525194214-lva1-app6891Leftventricularassistdevice 150525194214-lva1-app6891
Leftventricularassistdevice 150525194214-lva1-app6891
 

Semelhante a Bypassing cisco’s sourcefire amp endpoint solution – full demo

System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
Sonatype
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
ThreatReel Podcast
 

Semelhante a Bypassing cisco’s sourcefire amp endpoint solution – full demo (20)

DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide
 
Os Selbak
Os SelbakOs Selbak
Os Selbak
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Sec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brownSec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brown
 
Eset vs Symantec
Eset vs SymantecEset vs Symantec
Eset vs Symantec
 
Infrastrucutre As Code
Infrastrucutre As Code Infrastrucutre As Code
Infrastrucutre As Code
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
Jatinder Singh
Jatinder SinghJatinder Singh
Jatinder Singh
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
 

Último

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 

Último (20)

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 

Bypassing cisco’s sourcefire amp endpoint solution – full demo

  • 1. Bypassing Cisco’s Sourcefire AMP endpoint solution – Full demo & comparison with RSA NWE This article will demonstrate one of the key differences between NG AV endpoint protection and EDR solutions such as RSA NetWitness for Endpoints. In this article, we will demonstrate how Cisco’s endpoint protection solutions Sourcefire AMP is easily bypassed by performing a buffer overflow and in-memory post exploitation activities. This test was performed on a fully patched Windows 10 machine with an active MS Defender, MS Firewall, Cisco AMP & RSA NWE agent installed. The setup used for this test was the following: Windows 10 client protection verification
  • 2. Vulnerable application is installed and running Cisco SourceFire AMP does not find any issues on the clean machine
  • 3. AMP tracking information does not highlight any suspicious activities RSA NWE does not find any suspicious activities on the clean machine
  • 4. Attacker – KALI setting up exploit & payload module
  • 5. Running remote buffer overflow exploit No alerting from either Cisco AMP or MS Defender…
  • 6. Attacker runs additional post exploitation activities such as a keylogger Attacker searches and downloads password.txt & creates a screenshot
  • 7. Attacker performs a ARP network scan Attacker start an interactive SHELL and runs WHOAMI & IPCONFIG commands
  • 8. Still no alerting from either Cisco AMP or MS Defender… Cisco AMP does not detect or notifies on exploit and post exploit activities….
  • 9. Now let’s look at RSA NWE