Posts Tagged "advanced threat prevention"

Advanced Threat Protection Evasion for Penetration Testers: Part 2

In my last post, “Scratching the Surface of Advanced Threat Protection”, I covered what ATP actually is and how it works. In this post, I am going to provide you with a basic methodology that will assist in evading Advanced Threat Prevention in the event you happen to encounter it during a penetration test. The second part of this methodology will also prove useful for testing these products on their own, prior to network implementation, which will actually be the third part of my ATP series (Testing Advanced Threat Protection Products). A Method To The Madness A good penetration tester knows the importance of performing thorough reconnaissance. The more information you gather about your target of evaluation, the better your chances are of having a successful penetration test. When we learn that Advanced Threat Prevention may be a game changer, there are some additional steps to take to increase your odds. It all boils down to your OSINT skills. Defeating ATP isn’t necessarily any more technical than antivirus evasion. It just requires you to do a little more R&D.  A good friend once told me, “if you fail to plan, you plan to fail” –  Since then I’ve adopted this saying as my…

continue reading

Scratching The Surface of Advanced Threat “Protection”: Part 1

WTF is it? Ahhh… just throw it in the sandbox It has been quite a while since I’ve last posted, but I am going to try and make a go of it and be a little more active on here. The aim of this post is to provide you with an overview of Advanced Threat Protection / Prevention, which seem to be all the rage these days in the security product market. Over the past several months, I’ve had the pleasure of encountering these products on several engagements and even had the opportunity to work with some awesome security engineers who have and were in the process of testing / implementing this technology. This post will serve as an introduction to Advanced Threat Prevention and will be the basis for subsequent posts that will cover: ATP Evasion For Penetration Testers (Part 2), Testing ATP Products (Part 3), ATP Network Implementation and Placement (Part 4). It was quite difficult to come up with a title for this post, because each vendor has their own nomenclature for (essentially) the same technology, but generally “Advanced Threat Protection” or ATP seems to be accepted across the board. However, “Prevention” is more appropriate being that ATP…

continue reading