[ mainpage :: register :: training :: conference :: hitb-labs :: the venue ]
[ capture the flag (CTF) :: wireless village :: lock picking village (LPV) :: open-hack ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]


HITBSecConf2008 - Malaysia (Day 1)

HITBSecConf2008 - Malaysia (Day 2)

Registration for HITBSecConf2009 - Dubai is also now open.

AR (Independent Network Security Researcher, Securebits)

Filed under: Main Page — Administrator @ 10:59 am

Presentation Title: Next Generation Reverse Shell (NGRS)
Presentation Abstract:

The purpose of the Next Generation Reverse Shell [NGRS] is to revolutionize the concept of Reverse Shell to a new mature level. The current existing implementations and tools of Reverse Shell lack things like reliability, stealthiness, flexibility, filtering evasion, or maintainability. On the other hand, NGRS introduces a new original implementation that takes into consideration issues like IDS evasion, flexibility of changing the protocol carrier (e.g. HTTP, SMTP/POP3, or FTP), maintaining the open session, and a reliable way of ensuring the continuity of the established session. When used correctly, NGRS enables both security professionals (e.g. penetration testers and consultants) and hackers alike to have full shell access to internal hosts of corporate and organizations even though the corporate firewall is blocking all incoming (inbound) connections and allowing single outgoing (outbound) connection to port 80 (HTTP), 25(SMTP)/110(POP3), or 21(FTP). NGRS also works perfectly if there is an IDS or application inspection device that allows only standard HTTP, standard SMTP/POP3, or standard FTP. Meaning, the traffic generated by the NGRS application fully complies with the standard implementation of HTTP, SMTP/POP3 or FTP.

Looking into the existing implementations of Reverse Shell, one can find the following weaknesses; first, they implement their own text-based protocol and in many cases, random text is just sent over TCP without having proper organized application-level protocol. Even if the port number used by the Reverse Shell is open on the firewall, an IDS or packet inspector will stop such traffic because it is non-standard. Second, once the reverse shell is established to a particular port, it cannot be changed dynamically by the user controlling the session. If the user wishes to change the port, he has to manually establish the new connection by running a new instance of the reverse shell application on the remote machine with the new intended port. Third, the reverse shell application is not smart enough to maintain a reliable established session for a long period of time or re-establish the session automatically in case sometime goes wrong in the middle of a connection.

So, the very aim of NGRS is to introduce an enhanced technique and an advanced implementation of Reverse Shell; such will bring Reverse Shell technique into an appropriate level in the modern era of network security. The Next Generation Reverse Shell [NGRS] addresses the aforementioned weaknesses as follows:

A. Reliability
B. Stealthiness
C. IDS and Application Inspection Evasion
D. Flexibility
E. Maintainability

About AR

AR is both an independent researcher and an engineer in the field of Network Security. He works for Consolidated Contractors International Company [CCIC] that is based in Greece. His responsibility ranges from design, architecture and deployment of large-scale security solutions to vulnerability assessment and penetration testing.

AR’s main interest is in stretching existing and researching new network attack and defense methodologies and providing working tools and PoCs demonstrating his research. He has spoken before at Ruxcon, an Australian hacker convention. He is also a Certified Ethical Hacker (CEH) and has a university degree in Computer Engineering. His research can be found at (http://www.securebits.org)

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian National Computer Confederation

Multimedia Development Corporation

Platinum Sponsors

Titanium Sponsor (Post Conference Reception)

Gold Sponsors

CTF Sponsor

CTF Prize Sponsor

Open-Hack Sponsor

Metro-e and Official Bandwidth Sponsor

Network Equipment Sponsor

Our Speakers are Supported By

Supporting Media:

Virus Bulletin

InfoSec News

InfoSec News

XAKEP (Russia)

Supporting Organizations

Professional Information Security Association - Hong Kong

Special Interest Group in Security & Information InteGrity Singapore