Announcement

Collapse
No announcement yet.

OSFOOLER demo lab at DC CN1

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OSFOOLER demo lab at DC CN1

    OSFOOLER

    Jaime Sánchez aka segofensiva

    Traditional methods to defeat OS Fingerprinting in Linux were written as kernel modules, or at least, as patches to the Linux kernel, like Honeyd, IP Personality, the Stealth Patch, Fingerprint ****er, IPlog... The reason is that if the aim is to change Linux TCP/IP stack behavior, and if we want to achieve it, we need to do it in the kernel layer. Most of these tools are old, doesn’t work with actual kernels of can affect tcp/ip stack performance.

    OSfooler was presented at Blackhat Arsenal 2013. It was built on NFQUEUE, an iptables/ip6tables target which delegate the decision on packets to a userspace. It transparently intercepted all traffic that your box was sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system.

    OSfooler-NG has been complete rewritten from the ground up, being highly portable, more efficient and combining all known techniques to detect and defeat at the same time:
    • Active remote OS fingerprinting: like Nmap or Xprobe
    • Passive remote OS fingeprinting: like p0f or pfsense
    • Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting
    Some additional features are:
    • No need for kernel modification or patches
    • Simple user interface and several logging features
    • Transparent for users, internal process and services
    • Detecting and defeating mode: active, passive & combined
    • Will emulate any OS
    • Capable of handling updated nmap and p0f fingerprint database
    • Undetectable for the attacker
    Target Audience: Defense and Mobile建议使用商业工具来保护您的网络,但有必要进一步确保系统的安全性。
    使用该项技术,您
    可以执行该步骤,以保护您的服务器免受第一阶段的所有指纹识别攻击。
    这是通过拦截您的
    机器正在发送的所有流量来实现的,以便伪装和实时修改发现您的系统的TCP/IP包中的标志。

    这项工具擅长检测和击败:
    • 主动远程操作系统指纹识别:如Nmap或Xprobe
    • 被动远程操作系统指纹识别:如p0f或pfsense
    • 商业引擎,如Sourcefire的FireSiGHT OS指纹识别 其它特性:
    无需内核修改或补丁 具有高度的可移植性
    • 将模拟任何操作系统 能够处理Nmap和p0f指纹数据库(beta阶段)
    • 对用户透明
    • 攻击者无法检测到
    • 适用于您的Linux笔记本电脑,服务器和移动设备 有关该工具的更多详情和见解,请关
    注下方Defcon 21的演示文稿。

    https://www.defcon.org/images/defcon-21/dc-21-presentations/Sanchez/DEFCON-21-Sanchez-Building-an-Android-IDS-Network-level-Updated.pdf

    该工具将在开放源码许可下发布。目标人群:防守和移动

    Jaime Sánchez (aka @segofensiva) has worked for over 20 years as a specialist advisor for large national and international companies, focusing on different aspects of security such as consulting, auditing, training, and ethical hacking techniques. He holds a Computer Engineering degree and an Executive MBA. In addition, he holds several certifications, like CISA, CISM, CISSP, just to name a few, and a NATO SECRET security clearance, as a result of his role as advisory of many law enforcement organizations, banks and large companies in Europe and Spain.

    He has spoken in renowned security conferences nationally and internationally, as in RootedCON, Nuit du Hack, Black Hat, DEF CON, DerbyCON, NocOnName, Deepsec, Shmoocon or Cyber Defence Symposium, among others. As a result of his researches, he has notified security findings and vulnerabilities to top companies and vendors, like Banco Popular, WhatsApp, Snapchat, Microsoft, Apple etc.

    He is a frequent contributor on TV (TVE, Cuatro, LaSexta, Telecinco), press (El Pais, El Mundo, LA Times, NBC News) and radio programs, and writes a blog called ‘SeguridadOfensiva’

    Jaime Sanchez(又名@segofensiva) 从事大型国内和国际公司的专家顾问20多年,专注于安全的各个方面,如咨询、审计、培训和道德黑客技术。
    他拥有计算机工程学位和行政工商管理
    硕士学位。此外,由于他为欧洲和西班牙的许多执法机构、银行和大公司提供咨询服务,他还持有多项证书,如CISA、CISM、CISSP以及NATO SECRET安全许可等。

    Twitter: @segofensiva
    Website: https://www.seguridadofensiva.com
    Tools: https://github.com/segofensiva
    The Dark Tangent: Use PGP for email Key ID: 0x8B0B476D
    Fingerprint: EA2B 63F9 2219 9171 2AB1 0065 FC59 8B0B 476D
Working...
X