Hands-on Modern Access Control Bypassing

Back to the list of Speakers and Sessions

This workshop will teach you how to attack applications secured by Firewalls, IDS/IPS, Antivirus, WAF. The presenter will describe the newest bypassing techniques and provide a systematic and practical approach on how to bypass modern access control mechanisms. This workshop contains lot of demos.

Everyone is now using Firewalls, IDS/IPS, Load Balancers with multiple features such as algorithms, signatures etc.

Since the beginning, filter obfuscation and evading technique have been there. These mechanisms provide multiple layers of defense, so bypassing them is an important aspect of pentesting. This workshop describes different techniques to bypass these mechanisms. We will see them in action with multiple demos. Just bring your laptop to learn these attacks practically.

This workshop will cover -

  • Detecting Honeypots
  • Bypassing DMZ
  • Bypass different types of Network Access Control (NAC) implementations
  • Firewalls -
    • Mapping beyond firewalls
    • Firewall identification
    • Evading firewalls
  • Intrusion Detection System / Intrusion Prevention System (IDS/IPS)
    • IDS/IPS identification
    • Evading IDS/IPS
  • Antivirus
    • Bypassing Antivirus using different frameworks
    • Evading detection and blocks from the different endpoint protection mechanisms that you may encounter during your testing
    • Generating compiled python executables from the raw shellcode from the Veil framework
  • Detection of Web Application Firewalls and Load Balancers
  • Bypassing Web Application Firewalls (WAF) - Tricks to Penetrate Firewalls