It seems that for a bit of time now, HIPS products are taking off and being installed in organizations. HIPS is still a relatively young technology with the way technology goes. There are some mature products out on the market, and the features and abilities are ever changing. Lately we here at the BL have been working on HIPS evasion techniques, lots of interesting things to think of, and lots of interesting techniques to try out. Since most HIPS are utilizing hooking techniques, it's fun to see exactly where they hook and what they leave out. Hidden or little utilizes APIS, and/or calls can be fun vectors to look at.
We'll be posting more here when we finalize our research. Perhaps a neat evasion tool, hrmm, I'll have to check with the ninja monkies on that one..
[commonly hooked dll]
ntdll.dll
kernel32.dll
core.dll
ADVAPI32.dll
RPCRT4.dll
NETAPI32.dll
msvcrt.dll
PSAPI.dll
SHLWAPI.dll
GDI32.dll
USER32.dll
MSVCR71.dll
WININET.dll
CRYPT32.dll
MSASN1.dll
OLEAUT32.dll
ol32.dll
msi.dll
urlmon.dll
SHELL32.dll
------ and the list goes on!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment