Sun Tzu once said "Know your enemy and know yourself, and in a hundred battles you will never be defeated". Cyberwar is upon us, and APT is too common nowadays and we need to think about new tricks to avoid it, being one step ahead to keep your systems secure.
You can give that step in order defend your servers against the first phase in all APT operations: Fingerprinting. This is done by intercepting all traffic that your box is sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system.
This presentation will discuss the current techniques used for OS fingerprinting and how to frustrate them:
- Active remote OS fingerprinting: like Nmap or Xprobe (with Live Demo: Laptop and Mobile)
- Passive remote OS fingeprinting: like p0f or pfsense (with Live Demo: Mobile)
- Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting (with Live Demo: Laptop)
There will be a many live demos, and will release OSfoller, that have some interesting features:
- No need for kernel modification or patches
- Highly portable and configurable
- Will emulate any OS
- Capable of handling nmap and p0f fingerprint database (beta phase)
- Transparent for the user
- Undetectable for the attacker
- Available for your Linux laptop, server and mobile device
Sorry guys, remote OS fingerprinting is over…