Chuck
Principal Security Engineer
Blog

Password-Encrypted Content: Safely Transfer Dangerous Content onto Your BreakingPoint Test Chassis

August 29, 2017 by Chuck McAuley

A very common practice between malware researchers is to encrypt viruses with common passwords. This enables researchers at different locations to share samples while avoiding antivirus engines cleaning out or modifying the sample in transit. It's a simple, quick effective hack. And now we've added support to BreakingPoint for testers and researchers to do the same actions on our platform.

When you want to test a network-based antivirus solution (SMTP gateways, inline cloud-based solutions, networked sandboxes, etc.), you will want to use the latest samples possible for accuracy and timeliness. One solution is using our monthly malware builds, which harvest some of the most damaging and headline-grabbing malware samples from the last month for testing. But there will also be times when you want to test something you've found in your network, possibly targeting only your organization. In this case, you'll want to use either our customer-supplied malware strike capability, or create your own custom application flows for transmission. It's this last solution that we've now extended to include support for password encrypted samples.

If you want to send a malicious attachment using a custom HTTP, SMTP, IMAP, or other application flow, you can now use the encrypted ZIP feature to safely upload and use malicious content in SuperFlows. Simply use a ZIP compression tool to add the password "infectedati123" to the file before copying and uploading to the chassis. In the flow options, be sure to set Enable ZIP Password Decryption to true.

1

HTTP 200 OK response options demonstrating the encrypted ZIP feature

Now, dangerous content can be transferred in a safe manner onto your chassis before testing. The file is unzipped only at test execution direct to memory for transmission during a test. It is never written to the disk drive of a BreakingPoint chassis. This is just one new feature all of our subscribers to ATI receive with the bi-weekly updates.

Leverage Subscription Service to Stay Ahead of Attacks

The Ixia BreakingPoint Application and Threat Intelligence (ATI) Subscription provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.