Hands-on Modern Access Control Bypassing

This workshop will teach you how to attack applications secured by Firewalls, IDS/IPS, Antivirus, WAF. The presenter will describe the newest bypassing techniques and provide a systematic and practical approach on how to bypass modern access control mechanisms. This workshop contains lot of demos.

Everyone is now using Firewalls, IDS/IPS, Load Balancers with multiple features such as algorithms, signatures etc.

Since the beginning, filter obfuscation and evading technique have been there. These mechanisms provide multiple layers of defense, so bypassing them is an important aspect of pentesting. This workshop describes different techniques to bypass these mechanisms. We will see them in action with multiple demos. Just bring your laptop to learn these attacks practically.

This workshop will cover -

  • Detecting Honeypots
  • Bypassing DMZ
  • Bypass different types of Network Access Control (NAC) implementations
  • Firewalls -
    • Mapping beyond firewalls
    • Firewall identification
    • Evading firewalls
  • Intrusion Detection System / Intrusion Prevention System (IDS/IPS)
    • IDS/IPS identification
    • Evading IDS/IPS
  • Antivirus
    • Bypassing Antivirus using different frameworks
    • Evading detection and blocks from the different endpoint protection mechanisms that you may encounter during your testing
    • Generating compiled python executables from the raw shellcode from the Veil framework
  • Detection of Web Application Firewalls and Load Balancers
  • Bypassing Web Application Firewalls (WAF) - Tricks to Penetrate Firewalls

 


Vikram Salunke Pentester, Vmaskers

Vikram is the founder of Vmaskers, and a professional pentester. He has led 100+ pentests over the past years, compromising highly sensitive and secured enterprise networks. His primary responsibilities in his recent job roles were to look after enterprise network security, manage security automation and build internal tools to fight security attacks.

He has also discovered serious security flaws in many unique product giants all over the world. He has worked in various domains including Pentesting, Reverse Engineering, Fuzzing, Exploitation ,Source Code Auditing and Mobile application security research. He helps the community by uploading regular InfoSec videos on youtube (https://www.youtube.com/VikramSalunke). He has also previously spoken and trained at numerous security conferences all around the world including CHCon, OWASP AppSec Africa, CrikeyCon, CanSecWest, OWASP New Zealand Day, NolaCon, LayerOne, ShakaCon, OWASP AppSec California and will be training in Hack in The Box (HITB), InfoSec in the City, BlackHat USA 2018 etc.