nmap -sV --script=honeypot-detection target Confirmed: it’s a (SSH).

Setting: A red-team engagement for a financial firm. Goal: reach the internal database server without triggering alerts.

Alex, ethical hacker. 1. Firewall Evasion – The First Glance Alex scans the external perimeter. A classic nmap -sS triggers port 80 (HTTP) and 443 (HTTPS) only. Firewall is stateful—drops unsolicited SYN packets to other ports.

Alex uses fragmentation and decoy scans :

The IDS sees base64 data but doesn't decode context. Alex finds an open SMB share named HR_Confidential . Too easy. A glance at file metadata shows creation time = 2 AM (odd). Also, the server responds with Server: Honeyd 1.5c (a telltale).

POST /upload HTTP/1.1 Content-Type: multipart/form-data; boundary=xxx --xxx Content-Disposition: form-data; name="data" $(echo 'cat /etc/shadow' | base64)

Alex notices port 443 allows ICMP tunneling (misconfigured firewall rule allowing ICMP echo replies). Uses ptunnel to encapsulate TCP over ICMP. Firewall sees ping packets – no alert. 2. IDS/IPS Evasion – The Web App Gateway Inside the DMZ, an IDS sniffs traffic. Alex’s ICMP tunnel reaches a vulnerable web server. A simple curl request for /cgi-bin/test.cgi?cmd=ls triggers a signature (known attack pattern).

But the firewall logs spikes. Alex pivots: .

Sign up

Signup

Уже зарегистрированы?
Quick sign-up through social networks.
Sign in

Sign in.
Allowed.

Not registered yet?
 
Log in through social networks
Forgot your password?

Ethical Hacking: Evading Ids, Firewalls, And Honeypots [author] Videos !!top!! -

nmap -sV --script=honeypot-detection target Confirmed: it’s a (SSH).

Setting: A red-team engagement for a financial firm. Goal: reach the internal database server without triggering alerts.

Alex, ethical hacker. 1. Firewall Evasion – The First Glance Alex scans the external perimeter. A classic nmap -sS triggers port 80 (HTTP) and 443 (HTTPS) only. Firewall is stateful—drops unsolicited SYN packets to other ports. Alex, ethical hacker

Alex uses fragmentation and decoy scans :

The IDS sees base64 data but doesn't decode context. Alex finds an open SMB share named HR_Confidential . Too easy. A glance at file metadata shows creation time = 2 AM (odd). Also, the server responds with Server: Honeyd 1.5c (a telltale). A classic nmap -sS triggers port 80 (HTTP)

POST /upload HTTP/1.1 Content-Type: multipart/form-data; boundary=xxx --xxx Content-Disposition: form-data; name="data" $(echo 'cat /etc/shadow' | base64)

Alex notices port 443 allows ICMP tunneling (misconfigured firewall rule allowing ICMP echo replies). Uses ptunnel to encapsulate TCP over ICMP. Firewall sees ping packets – no alert. 2. IDS/IPS Evasion – The Web App Gateway Inside the DMZ, an IDS sniffs traffic. Alex’s ICMP tunnel reaches a vulnerable web server. A simple curl request for /cgi-bin/test.cgi?cmd=ls triggers a signature (known attack pattern). Alex pivots: .

But the firewall logs spikes. Alex pivots: .