Bypass (also “evasion” or “control circumvention”) refers to techniques used to evade security controls and detection systems, allowing attackers to avoid implemented defenses and access protected systems. These techniques can include exploitation of vulnerabilities, use of alternative access methods, modification of configurations, or exploitation of gaps in security controls, being fundamental for organizations to implement defense in depth strategies, continuous monitoring, and regular security assessments to identify and address potential bypass vectors before attackers can exploit them.

What is Bypass?

Bypass is the process of evading or overcoming security controls, detection systems, or protection measures implemented in systems or networks.

Bypass Types

Firewall Bypass

• Port knocking: Port sequences
• Tunneling: Covert tunnels
• Protocol tunneling: Use of allowed protocols
• Fragmentation: Packet fragmentation

IDS/IPS Bypass

• Traffic fragmentation: Traffic fragmentation
• Timing attacks: Time-based attacks
• Encryption: Payload encryption
• Protocol confusion: Protocol confusion

Antivirus Bypass

• Packing: Malware packing
• Obfuscation: Code obfuscation
• Polymorphism: Polymorphic code
• Encryption: Payload encryption

Authentication Bypass

• Credential stuffing: Use of known credentials
• Brute force: Brute force attacks
• Session hijacking: Session hijacking
• Token manipulation: Token manipulation

Common Techniques

Detection Evasion

• Signature evasion: Signature evasion
• Behavioral evasion: Behavioral evasion
• Heuristic evasion: Heuristic evasion
• Sandbox evasion: Sandbox evasion

Control Evasion

• Access control bypass: Access control bypass
• Input validation bypass: Validation bypass
• Authentication bypass: Authentication bypass
• Authorization bypass: Authorization bypass

Monitoring Evasion

• Log evasion: Log evasion
• Network evasion: Network monitoring evasion
• Process evasion: Process monitoring evasion
• File evasion: File monitoring evasion

Tools

Network

• Nmap: Port scanning
• Metasploit: Exploitation framework
• Burp Suite: Web application testing
• OWASP ZAP: Security proxy

Malware

• Packing tools: Packing tools
• Obfuscation tools: Obfuscation tools
• Encryption tools: Encryption tools
• Polymorphic engines: Polymorphic engines

Evasion

• Traffic generators: Traffic generators
• Protocol analyzers: Protocol analyzers
• Fragmentation tools: Fragmentation tools
• Timing tools: Timing tools

Detection

Techniques

• Behavioral analysis: Behavioral analysis
• Heuristic detection: Heuristic detection
• Machine learning: Machine learning
• Threat hunting: Threat hunting

Tools

• SIEM: Security event management systems
• EDR: Endpoint detection systems
• Network monitoring: Network monitoring
• Forensics: Forensic analysis

Analysis

• Correlation: Event correlation
• Timeline analysis: Timeline analysis
• Pattern recognition: Pattern recognition
• Anomaly detection: Anomaly detection

Prevention

Controls

• Defense in depth: Defense in depth
• Zero trust: Zero trust model
• Segmentation: Network segmentation
• Monitoring: Continuous monitoring

Techniques

• Input validation: Input validation
• Output encoding: Output encoding
• Access control: Access control
• Authentication: Robust authentication

Monitoring

• Real-time monitoring: Real-time monitoring
• Behavioral analysis: Behavioral analysis
• Threat intelligence: Threat intelligence
• Incident response: Incident response

Related Concepts

• Attack Vectors - Related concept
• Security Breaches - Related concept
• Ethical Hacking - Related concept
• Penetration Testing - Related concept
• Firewall - Related concept
• Antivirus - Related concept
• EDR - Related concept
• SIEM - Related concept
• SOAR - Related concept
• Incident Response - Related concept
• CISO - Related concept

References

• OWASP Top 10
• NIST SP 800-53
• CIS Controls
• SANS Evasion Techniques