Spirent circle logo

CyberThreat Assessments with Real World Hacker Behavior - Evasion Techniques


By disguising the exploits at the point of delivery, malicious attackers can avoid detection, making security platforms and policies ineffective. Stay one step ahead of hackers with CyberFlood and CyberThreat Assessment.

Malicious attackers are not necessarily all experts in malware manipulation, PowerShell, or other tools trying to constantly come up with new and innovative ways of exploiting vulnerabilities in enterprise infrastructures and applications. A very powerful means of maneuvering around security controls is quickly leveraging existing exploits while disguising them, therefore rendering security platforms and policies ineffective. Why reinvent the wheel when there is a wide range of evasion techniques that would allow malicious attackers to create variations of existing attacks quickly and without much effort?

The overarching approach for these malicious actors is to disguise the exploits at the point of delivery to avoid getting detected and prevented by the enterprise security controls. Hindering a security platform’s ability to recognize and enforce mitigating policies to the attacks, encryption or evasion techniques can be applied to existing exploits, attacks and other malicious traffic.

An attacker can use encryption methods or any number of well-known evasion techniques to avoid getting detected by the platform that is assumed to have the protection policy. A few categories of evasion techniques are listed below:

  • Encryption

  • FTP Obfuscation

  • HTML Obfuscation

  • HTTP Obfuscation

  • SMTP Obfuscation

  • TLS Obfuscation

  • IP Fragmentation

  • TCP Segmentation

  • URL Obfuscation

  • Javascript Obfuscation

  • Binary Obfuscation

  • Timing (delay)

Each of these categories may include a number of techniques. For example, a number of methods can be considered as part of URL Obfuscation category:

  1. Escape encoding

  2. Microsoft encoding

  3. Premature URL encoding

  4. Long URLs

  5. Fake parameters

  6. Tab separation

  7. Casing

  8. Windows delimiter

  9. Path character transformation and expansions

Failure to recognize any of the specific evasion techniques would make the entire class of attacks exploitable against devices that were presumed to provide protection. Furthermore, it is possible to combine relevant evasion techniques across or within each category, which is a very simple thing to do with significant rewards for malicious attackers. For example, a known Chrome Cross Site Scripting attack can be disguised with time delay and URL obfuscation (escape encoding). While this exploit may be mitigated without the evasion applied, with the combined evasion it may get past security counter measures.

CyberFlood CyberThreat Assessment (CF CTA) Evasion Techniques

CyberFlood is emulation-based solution that proactively provides in-depth assessment of network performance, scalability, and cyber security. Its CyberThreat Assessment (CTA) includes real-world attacks, malware, applications, and evasion techniques as well as industry security frameworks and sensitive data exfiltration scenarios with complete logical network topology in lab and sandbox settings. It includes continuously updated threat intelligence feeds to generate realistic traffic for latest attacks & exploits. It provides near zero-day malware threats as well as real world application traffic (business and non-business types), allowing thorough assessment of organization’s security postures.

CyberFlood emulates a wide range of hyper realistic hacker behavior, including encrypted attacks and evasion techniques. Configured exploits and attacks in CyberFlood can be augmented with various evasion techniques at the global level or on per attack vector basis. Evasions will challenge systems under test through added pressure for validation compared to undisguised attacks and content.

Evasion techniques are a powerful tools hackers use to break through security barriers. By adding assessment strategies inclusive of using the same evasion techniques as hackers, you can stay one step ahead of the bad guys.

Learn how Spirent CyberFlood CyberThreat Assessment can help in assessing the strength of your organization’s pre-production security posture.

Like our content?

Subscribe to our blogs here.

Blog Newsletter Subscription

Reza Saadat
Reza Saadat

Senior Technical Marketing Engineer, Application and Security Group

Reza Saadat is a Senior Technical Marketing Engineer at Spirent in the Applications and Security group, with over 25 years of experience in computers and data communication technologies. At Spirent, Reza works with the Product Management, Engineering and Sales teams to bring to market new, cutting-edge applications and security testing solutions for network equipment manufacturers, enterprises, and service providers. His in-depth industry, market and software development knowledge as well as collaborative design and development skills have resulted in the creation of numerous  hardware and software solutions, which have been successfully released at companies such as IBM Corp, Cisco Systems and many more.