Last year, during the IPv6 Security Summit of Troopers 14 I had the pleasure to present publicly, for first time, my IPv6 Penetration Testing / Security Assessment framework called Chiron, while later, it was also presented at Brucon 14 as part of the 5×5 project. This year, I am returning back to the place where it all started, to the beautiful city of Heidelberg to give another workshop about Chiron at the IPv6 Security Summit of Troopers 15. But, is it just another workshop with the known Chiron features or has something changed?
I would say a lot :). The most significant enhancements are described below.
Yesterday we (Rafael Schaefer, Enno and me) had the pleasure to deliver together our talk at BlackHat Europe 2014 named Evasion of High-End IDPS Devices at the IPv6 Era (by the way, latest slides can be found here and the white paper here). In this talk we summarised all the IDPS evasion techniques that we have found so far. At previous blogposts I had the chance to describe how to evade Suricata and TippingPoint. In this post I am going to describe some other techniques that can be used to evade Snort, and its companion commercial version, Sourcefire. The tool used to evade these IDPS is – what else – Chiron.
The versions that we used for our tests are the latest available ones at the time of this writing, that is:
Sourcefire, Model 3D7020 (63) Version 22.214.171.124 (Build 48), VDB version 216.
Snort 126.96.36.199 GRE (build 77), Registered User’s Release Rules.
Last week I had the pleasure to give you my impressions regarding my experience about hacking for b33r at Ghent, that is, my participation at BruCON 2014 hacking conference. As I said among else, the reason that I was there was to present Chiron, my IPv6 penetration testing/security assessment framework, which was supported by the Brucon 5×5 program. The first version of Chiron had been presented at Troopers 14, during theIPv6 Security Summit.
This week I had the pleasure to attend BruCON 2014. While participating at the Brucon 5×5 program, I had also the chance to attend this well-known European Con which is held in the beautiful city of Ghent.