Malicious attackers are not necessarily all experts in malware manipulation, PowerShell, or other tools trying to constantly come up with new and innovative ways of exploiting enterprise infrastructures. One of the most effective ways, from their point of view, is just using brute force or quickly leveraging existing exploits while disguising them, therefore rendering security platforms and policies ineffective. Why reinvent the wheel when there is a wide range of evasion techniques that would allow malicious attackers to reuse existing attacks quickly and without much effort? The overarching approach for these malicious actors is to disguise the exploits at the point of delivery to avoid getting detected and prevented by the enterprise security solution. To hinder security platform’s ability to recognize and enforce mitigating policies to the attacks, encryption or evasion techniques can be applied to existing exploits, attacks and other malicious traffic.
An attacker can use encryption methods or any number of well-known evasion techniques to avoid getting detected by the platform that is assumed to have the protection policy. A few categories of evasion techniques are listed below:
Each of these categories may include several techniques. For example, various methods can be considered as part of URL Obfuscation category:
Premature URL encoding
Path character transformation and expansions
Failure to recognize any of the specific evasion techniques would make the entire class of attacks exploitable against devices that were presumed to provide protection. Furthermore, it is possible to combine evasion techniques across or within each category, which is a very simple thing to do with significant rewards for malicious attackers. For example, a known Chrome Cross Site Scripting attack can be disguised with time delay and URL obfuscation (escape encoding). While this exploit may be mitigated without the evasion applied, with the combined evasion it may get past security counter measures.
CyberFlood Data Breach Assessment (CF DBA) Evasion Techniques
CyberFlood Data Breach Assessment (CF DBA) is emulation-based solution that proactively provides in-depth, continuous and automated assessment of an enterprise’s security posture. It expands on proven CyberFlood capabilities with continuously updated threat intelligence feeds to generate realistic traffic for latest attacks & exploits. It provides near zero-day malware threats as well as real world application traffic (business and non-business types), allowing thorough assessment of enterprise security postures. CF DBA emulates a wide range of hyper realistic hacker behavior, including encrypted attacks and evasion techniques. Configured exploits and attacks in CF DBA can be augmented with various evasion techniques at the global level or on per attack vector basis. Evasions will challenge systems under test through added pressure for validation compared to undisguised attacks and content.
Evasion techniques are a powerful set of methodologies hackers use to break through security barriers. By adding assessment strategies inclusive of using the same evasion techniques as hackers, you can stay one step ahead of the bad guys.
Learn more about howcan help in validating enterprise network infrastructure security postures.