This talk aims at covering web hacking and stealth issues from an attackers stand point. We will introduce new offensive concepts that demonstrate how attackers (pentesters, blackhats, etc) can become stealthier on the wire, so that defenders understand some kind of limitations of the current situation and tools.

At first, we will look at improving the stealthiness of attacks during the information gathering and recon stage. We will then show how and why attackers might inadvertently leave fingerprints while exploiting a target. Once attackers have successfully ‘rooted the box’, we will look at how they try to hide or clean some of these fingerprints. We will then move to the way attackers try to maintain access, especially through web backdoors and also explain how attackers could be detected. We will also look at some interesting web backdoors so that we will see how they have become stealthier, what their current weaknesses/limitations, and how we could think they might be upgraded / improved.

Before concluding, we will introduce some new attack concepts that allows for manual and automatic attacks against web targets with a kind of embedded stealth protection that might automatically defeat most Network Intrusion Detection Systems (NIDS) and associated sensors. Some of these attack concepts can also be applied to non-web related targets but will be beyond the scope of this presentation.

About Laurent Oudot

Laurent is a French senior IT Security consultant, who founded TEHTRI-Security (link: http://www.tehtri-security.com) in 2010. Last 15 years, he has been hired as a security expert to protect and pentest networks and systems of highly sensitive places like the French Nuclear Warhead Program, the French Ministry of Defense, the United Nations, etc.

He has been doing research on defensive technologies and underground activities with numerous security projects handled, and he was a member of team RstAck and of the Steering Committee of the Honeynet Research Alliance. Laurent has been a frequent presenter or instructor at computer security and academic conferences like Cansecwest, Pacsec, Black Hat USA-Asia-Europe, Defcon, US DoD/DoE, Hope, Honeynet, PH-Neutral, Hack.LU, as well as a contributor to several research papers for SecurityFocus, MISC Magazine, IEEE, etc.