I need 2 simple examples to test my HIPS log

Discussion in 'other firewalls' started by act8192, Jan 8, 2011.

Thread Status:
Not open for further replies.
  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    I have a firewall that says it has HIPS. HIPS is currently enabled (SSM is off). The HIPS logs are unreadable to date, apparently because there's no issues here.
    Can someone tell me how I can test and look at the effect, without doing any damage to Windows,
    1. Code injection
    2. Buffer overflow
    I just want to play a bit to see how/if the HIPS in my firewall responds to some very simple, but harmless, examples. Perhaps I will see something in the log to give me a warm and fuzzy feeling that HIPS might be working as designed.
    I'll probably need step-by-step instructions to whatever script someone proposes to try.
     
  2. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi, hope you find something of interest in these.

    Re BO's

    Re Code injection

    Look for DiamondCS APM (Advanced Process Manipulation) if you can't find it let me know as i have it ;)

    If you want to stress etc test your HIPS further, you might like to try some of the ones in here http://www.matousec.com/projects/security-software-testing-suite
     
  4. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    CloneRanger,
    What a wonderful set of interesting references you gave me!
    Lots of reading later, I decided I'm too scared to do any of it. Just not sufficiently qualified at this point to clearly see what will happen and how to recover. When I learn more ...
    Regardless, thank you very, very much for this eye-opener, to which I shall refer in the near future again :)
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ act8192

    Hi, glad you liked them :)

    Yes if you're not sure it's better to be cautious ;)

    Regards
     
Loading...
Thread Status:
Not open for further replies.