nerdexam
GIAC

GCIA · Question #26

GCIA Question #26: Real Exam Question with Answer & Explanation

The correct answer is D. Polymorphic shell code attack. A polymorphic shellcode attack uses malware that re-encrypts or mutates its own binary code on each iteration, generating a new signature each time so that static IDS signature databases cannot match and detect it.

Question

John works as a professional Ethical Hacker. He has been assigned a project for testing the performing attacks on the server is made easy and he can observe the flaws in the We-are- secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

Options

  • AInsertion attack
  • BSession splicing attack
  • CEvasion attack
  • DPolymorphic shell code attack

Explanation

A polymorphic shellcode attack uses malware that re-encrypts or mutates its own binary code on each iteration, generating a new signature each time so that static IDS signature databases cannot match and detect it.

Common mistakes.

  • A. An insertion attack crafts packets the IDS accepts into its reassembly buffer but the target host discards, causing the IDS to reconstruct a benign stream while the host processes a different, malicious one.
  • B. A session splicing attack breaks a malicious payload into abnormally small packet fragments so the IDS cannot reconstruct the full attack signature from any single fragment.
  • C. An evasion attack sends packets the target host accepts and acts upon but the IDS drops or ignores, causing the IDS to have an incomplete view of the data stream while the host executes the attack.

Concept tested. Polymorphic shellcode IDS evasion via signature mutation

Reference. https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/ids-evasion-techniques/

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIA Practice