Advanced evasion of IDS buffer overflow detection

Presented at DEF CON 8 (2000), July 28, 2000, 6 p.m. (50 minutes)

This is a technical talk which assumes the audience understands x86 or SPARC assembly, and buffer overflow methodologies. It presents various stealth coding techniques that can be applied to preventing detection by most current generation IDSs.

The talk also includes a live demonstration of exploits written to evade IDS detection, source code of the examples included. A paper documenting the techniques, and sample code will be available from http://www.newhackcity.net after the presentation.

Presenters:

• jeru - New Hack City
  jeru is a member of New Hack City, a hacker collective based in San Francisco. He has worked in digital design, and embedded programming. He currently spends his time as part of an IDS development team, providing application level security assessment, and pickin' his fro.

Links:

• https://defcon.org/html/defcon-8/defcon-8-post.html#jeru
• https://infocon.org/cons/DEF CON/DEF CON 8/DEF CON 8 video/DEF CON 8 - Jeru - Advanced Evasion Of IDS Buffer Overflow Detection.mp4
• https://www.youtube.com/watch?v=4SunmBJw0SI

Similar Presentations:

• DEF CON 9 (2001) / Designing small payloads
• REcon Brussels 2018 / Starcraft: Emulating a buffer overflow for fun and profit
• DEF CON 8 (2000) / Advanced Buffer Overflow Techniques