Events

A Chiron Workshop at the IPv6 Security Summit of Troopers 15

This is a guest post from Antonios Atlasis.

Last year, during the IPv6 Security Summit of Troopers 14 I had the pleasure to present publicly, for first time, my IPv6 Penetration Testing / Security Assessment framework called Chiron, while later, it was also presented at Brucon 14 as part of the 5×5 project. This year, I am returning back to the place where it all started, to the beautiful city of Heidelberg to give another workshop about Chiron at the IPv6 Security Summit of Troopers 15. But, is it just another workshop with the known Chiron features or has something changed?
I would say a lot :). The most significant enhancements are described below.

Continue reading “A Chiron Workshop at the IPv6 Security Summit of Troopers 15”

Continue reading
Breaking

A “Please, Don’t Waste my Time” Approach and the Sourcefire/Snort Evasion

This is a guest post from Antonios Atlasis.

Yesterday we (Rafael Schaefer, Enno and me) had the pleasure to deliver together our talk at BlackHat Europe 2014 named Evasion of High-End IDPS Devices at the IPv6 Era (by the way, latest slides can be found here and the white paper here). In this talk we summarised all the IDPS evasion techniques that we have found so far. At previous blogposts I had the chance to describe how to evade Suricata and TippingPoint. In this post I am going to describe some other techniques that can be used to evade Snort, and its companion commercial version, Sourcefire. The tool used to evade these IDPS is –  what else – Chiron.

The versions that we used for our tests are the latest available ones at the time of this writing, that is:

  • Sourcefire, Model 3D7020 (63) Version 5.2.0.3 (Build 48), VDB version 216.
  • Snort 2.9.6.2 GRE (build 77), Registered User’s Release Rules.

Continue reading “A “Please, Don’t Waste my Time” Approach and the Sourcefire/Snort Evasion”

Continue reading
Breaking

Chiron – An All-In-One IPv6 Penetration Testing Framework

This is a guest post from Antonios Atlasis.

Last week I had the pleasure to give you my impressions regarding my experience about hacking for b33r at Ghent, that is, my participation at BruCON 2014 hacking conference. As I said among else, the reason that I was there was to present Chiron, my IPv6 penetration testing/security assessment framework, which was supported by the Brucon 5×5 program. The first version of Chiron had been presented at Troopers 14, during the IPv6 Security Summit.

Continue reading “Chiron – An All-In-One IPv6 Penetration Testing Framework”

Continue reading