Passive IPS Reconnaissance and Enumeration - False Positive Abuse

Explore passive IPS reconnaissance and enumeration techniques through false positive abuse in this 49-minute conference talk from the 44CON Information Security Conference. Delve into the world of Network Intrusion Prevention Systems (NIPS) and their vulnerability to false positives. Learn how attackers can exploit these false positives to gather valuable information about network defenses. Discover methods for enumerating IPS systems using simple, effective means, such as crafted emails or fake URL parameters. Understand how this information can be used to plan attacks utilizing IPS evasion techniques. Examine examples using popular open-source security applications and learn how these methodologies can be applied to commercial security products. Gain insights into identifying and assessing potential "reaction leakages" from detection systems, empowering you to better understand and defend against these vulnerabilities in your own network infrastructure.

Passive IPS Reconnaissance and Enumeration - false positive (ab)use - Arron Finnon