How Active Intrusion Detection Can Seek and Block Attacks

  /     /     /  
Publicated : 22/11/2024   Category : security


How Active Intrusion Detection Can Seek and Block Attacks


Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.



Penetration testers as well as bad-guy hackers typically rely on several common attack tools to break into business networks. 
Enterprises defending their networks can flip the equation on attackers by using active intrusion detection strategies to create situations where attackers overly reliant on these tools inadvertently expose themselves to detection and other complications, says John Ventura, practice manager for applied research at Optiv. Its a trap that even pen testers can fall into while running their tools, he says.
Ventura will this detail a more active approach to intrusion prevention - where defenders can use basic network software applications to look for threats and stop attacks - later this month in his Black Hat USA talk entitled
Theyre Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention

The field of intrusion detection and prevention systems has been relatively stagnant for the past 15 to 20 years, Ventura says. Passive intrusion detection systems can be computationally intensive and their responses rarely go far.
If your company is using intrusion detection and prevention systems, and dealing with those alerts responsibly, you are doing great relative to the rest of the industry, he notes.
Ventura at Black Hat will take hacking tools popular among attackers and pen testers such as Metasploit, and show how design flaws in those tools can be exploited for intrusion prevention.
There are common hacking tools that a lot of people use, and if you target those tools, you can make it harder to break into computers, he explains.
Ventura plans to demonstrate methodologies for finding and disrupting common attacks; organizations can integrate these into their IDS/IPS products to make the software better. Software written over the course of this research can be used on lightweight hardware to defend against real-world attacks. Its an effective swap for more expensive magic box solutions.
One of the examples he plans to discuss involves man-in-the-middle (MitM) attacks. The goal is to target the communications channel while its being established, he says. The attacker introduces his or her software onto a compromised host, and that software initiates communication with the attackers computer. The goal is to disrupt that handshake, Ventura says. Attackers need to maintain control over the target machine once they break in, but its hard to communicate during a MitM attack.
It is really hard to get two computers to talk to each other in a secure fashion if they have never communicated before, Ventura continues. Even with a head start, theyll still have vulnerabilities that pop up from time to time.
Though they have decades of experience, developers and researchers working on these problems still find themselves facing serious vulnerabilities in their tools, he notes.
Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the
conference schedule
 and
to register.
 
Ventura will demonstrate IDS/IPS software that uses the Metasploit Frameworks Meterpreter control channel to take control over a machine that has been compromised and breaks its communication channel, replacing it with one of the users choosing. Traffic still goes to where you might expect it; however, the attacker has a broken TCP connection, so the person running the software has control over a machine that the initial attacker compromised, he explains.
The topic is relevant to both offensive and defensive security professionals. Blue team defenders can become more proactive by manipulating their network traffic to detect and complicate common attacks, targeting attackers, and exploiting vulnerabilities in their software.
Red teamers who break into computers need to understand how their tools work, says Ventura. Those who dont understand the functionality of their tools may heighten the risk for detection and exploitation.
Related Content:
New SQL Injection Tool Makes Attacks Possible from a Smartphone
Microsoft Patches Critical Zero-Day Flaw in Windows Security Protocol
Desperately Seeking Security: 6 Skills Most in Demand
How Code Vulnerabilities Can Lead to Bad Accidents

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How Active Intrusion Detection Can Seek and Block Attacks