1.
❑ Introduction.
❑ Overview of Defensive Mechanisms
❑ Detecting/Evading
❑ Demo
PLAN

2.
➢ Evasion is the process of avoiding or bypassing an object or a situation.
➢ Evasion is a technique by which an attacker bypasses a security system in the cyber security space.
➢ Some administrators don’t patch up system on time, malconfigure these defensive devices, which gives room to
hackers to do their work.
INTRODUCTION

3.
INTRODUCTION

4.
INTRODUCTION

5.
INTRODUCTION
Sophos XG115w Firewall 17.0.10 MR-10 – Authentication Bypass.
https://www.exploit-db.com/exploits/51006
https://nvd.nist.gov/vuln/detail/CVE-2022-1040
https://www.fortiguard.com/psirt/FG-IR-22-377
Authentication bypass critical vulnerability that can give access
to admin interface.

6.
INTRODUCTION
❖ How to detect the device/type in the network
❖ Identify the vulnerabilities in the device using many of the available vulnerability scanners (Nessus is a good choice)
❖ Identify the techniques that can be use to take advantage of the device.
❖ Always try out your technique in a virtual environment
❖ Make sure you have the necessary authority to carry out the various test, accessing/scanning a network without authority is
punishable by law.

7.
Overview of Defensive Mechanisms

8.
Overview of Defensive Mechanisms

9.
Overview of Defensive Mechanisms
➢ All systems are vulnerable to attacks what we need is just time, resources, and determination.
➢ Human factors are still the weakest link in any defensive system.
➢ Configuration errors are still a reality
➢ Firewall-IPS-IDS-Router can be bypass with some cool techniques discuss next.

10.
-
Detecting/Evading/Exploiting techniques

11.
Footprinting / Enumeration
Tools:
-
Detecting/Evading/Exploiting techniques

12.
Detecting/Evading/Exploiting techniques
o Fragmented packets with NMAP (nmap –f target / nmap –mtu [packet size])
o Bypass using spoofing packets nmap –D RND:10[target]] – nmap –D decoy1, decoy2, decoy3 …..
o Bypass Firewall by MAC address Spoofing – nmap –spoof-mac
o Use Varying Packet size(Some firewalls are configured to detect port scan attempts by inspecting size of packets )
Nmap –data-length option

13.
❖ Bypass using malicious content (e.g using Trojan Horse Construction Kit) send
to user using social engineering.
❖ Tunneling method(HTTP, SSH, ACK)
Detecting/Evading/Exploiting techniques

14.
Detecting/Evading/Exploiting techniques
HTTP Tunneling method firewall allowing traffic via port 80/443/8080

15.
Disclaimer:
The attacks demonstrated here are for educational/awareness purposes only not to be
tested on network you don’t have authority/permission.
Please always try in your own configured lab(VMs) or on cloud(e.g azure)
Demo.

16.
Prerequisite:
❖ VM (Kali/Parrot/ other offensive system )
❖ Windows Server 2016
❖ HTTPort application(other known applications include, Super Network Tunnel,
HTTPTunnel, HTTHOST)
❖ Basic usage of the command line.
Demo.

17.
M E R C I !
T H A N K Y O U !
QUESTIONS ?