In accordance with the industry standard for vulnerability disclosures, NSS Labs is now publishing information previously withheld from the 2018 Next Generation Firewall Group Test reports.
| Test ID | NGFW Resiliency Testcases |
| es-null-001 | Base exploit |
| res-null-001-q | Base exploit; Alternate ports |
| res-nullch-001 | Base exploit; chunked |
| res-nullcg-001 | Base exploit; chunked and gzip compressed |
| res-wsp-001 | Both spaces and linefeeds replaced with 31 of each |
| res-wspch-001 | Both spaces and linefeeds replaced with 31 of each; chunked |
| res-wspcg-001 | Both spaces and linefeeds replaced with 31 of each; chunked and gzip compressed |
| res-ren-001 | Procedures and variables renamed |
| res-rench-001 | Procedures and variables renamed; chunked |
| res-rencg-001 | Procedures and variables renamed; chunked and gzip compressed |
| res-mth-001 | Numeric values/equations modified and/or inserted; hexadecimal values replaced with decimal values |
| res-mthch-001 | Numeric values/equations modified and/or inserted; hexadecimal values replaced with decimal values; chunked |
| res-mthcg-001 | Numeric values/equations modified and/or inserted; hexadecimal values replaced with decimal values; chunked and gzip compressed |
| res-chr-001 | Change all chr() to chrw() and vice versa where possible |
| res-chrch-001 | Change all chr() to chrw() and vice versa where possible; chunked |
| res-chrcg-001 | Change all chr() to chrw() and vice versa where possible; chunked and gzip compressed |
| res-chr-002 | Change chr() and chrw() to chrb() |
| res-chrch-002 | Change chr() and chrw() to chrb(); chunked |
| res-chrcg-002 | Change chr() and chrw() to chrb(); chunked and gzip compressed |
| res-chr-003 | Some script commands/strings converted to series of chr()/Clng/&H using online vbscript obfuscator |
| res-chrch-003 | Some script commands/strings converted to series of chr()/Clng/&H using online vbscript obfuscator; chunked |
| res-chrcg-003 | Some script commands/strings converted to series of chr()/Clng/&H using online vbscript obfuscator; chunked and gzip compressed |
| res-pay-001 | Nishang bind shell obfuscated with Unicorn |
| res-paych-001 | Nishang bind shell obfuscated with Unicorn; chunked |
| res-paycg-001 | Nishang bind shell obfuscated with Unicorn; chunked and gzip compressed |
| res-pay-002 | Native Unicorn generated bind shell |
| res-paych-002 | Native Unicorn generated bind shell; chunked |
| res-paycg-002 | Native Unicorn generated bind shell; chunked and gzip compressed |
| res-pay-003 | Nishang bind shell obfuscated with PowerSploit’s Out-EncodedCommand |
| res-paych-003 | Nishang bind shell obfuscated with PowerSploit’s Out-EncodedCommand; chunked |
| res-paycg-003 | Nishang bind shell obfuscated with PowerSploit’s Out-EncodedCommand; chunked and gzip compressed |
| res-pay-004 | Veil Ordnance bind shell shellcode dropped into PowerSploit’s Invoke-Shellcode; then obfuscated with PowerSploit’s Out-EncodedCommand |
| res-paych-004 | Veil Ordnance bind shell shellcode dropped into PowerSploit’s Invoke-Shellcode; then obfuscated with PowerSploit’s Out-EncodedCommand; chunked |
| res-paycg-004 | Veil Ordnance bind shell shellcode dropped into PowerSploit’s Invoke-Shellcode; then obfuscated with PowerSploit’s Out-EncodedCommand; chunked and gzip compressed |
| res-pay-005 | Use wscript to call original payload (PoshRat method) |
| res-paych-005 | Use wscript to call original payload (PoshRat method); chunked |
| res-paycg-005 | Use wscript to call original payload (PoshRat method); chunked and gzip compressed |
| res-ord-001 | Remove runmumaa and add to setnotsafemode function; move setnotsafemode function to bottom of script |
| res-ordch-001 | Remove runmumaa and add to setnotsafemode function; move setnotsafemode function to bottom of script; chunked |
| res-ordcg-001 | Remove runmumaa and add to setnotsafemode function; move setnotsafemode function to bottom of script; chunked and gzip compressed |
| res-spl-001 | Some strings split with “+” and “&”; some lines split with “_” |
| res-splch-001 | Some strings split with “+” and “&”; some lines split with “_”; chunked |
| res-splcg-001 | Some strings split with “+” and “&”; some lines split with “_”; chunked and gzip compressed |
| res-mrg-001 | combine both myarray declaration and powershell command into single lines |
| res-mrgch-001 | combine both myarray declaration and powershell command into single lines; chunked |
| res-mrgcg-001 | combine both myarray declaration and powershell command into single lines; chunked and gzip compressed |
| res-renchr-001 | Combination of techniques used in res-ren-001 and res-chr-003 |
| res-renchrch-001 | Combination of techniques used in res-ren-001 and res-chr-003; chunked |
| res-renchrcg-001 | Combination of techniques used in res-ren-001 and res-chr-003; chunked and gzip compressed |
| res-renchrwsp-001 | Combination of techniques used in res-ren-001; res-chr-003; and res-wsp-001 |
| res-renchrwspch-001 | Combination of techniques used in res-ren-001; res-chr-003; and res-wsp-001; chunked |
| res-renchrwspcg-001 | Combination of techniques used in res-ren-001; res-chr-003; and res-wsp-001; chunked and gzip compressed |
| res-renchrwsppay-001 | Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; and res-pay-004 |
| res-renchrwsppaych-001 | Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; and res-pay-004; chunked |
| res-renchrwsppaycg-001 | Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; and res-pay-004; chunked and gzip compressed |
| res-renpay-001 | Combination of techniques used in res-ren-001 and res-pay-004 |
| res-renpaych-001 | Combination of techniques used in res-ren-001 and res-pay-004; chunked |
| res-renpaycg-001 | Combination of techniques used in res-ren-001 and res-pay-004; chunked and gzip compressed |
| res-renchrwsppaymth-001 | Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; and res-mth-001 |
| res-renchrwsppaymthch-001 | Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; and res-mth-001; chunked |
| res-renchrwsppaymthcg-001 | Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; and res-mth-001; chunked and gzip compressed |
| res-renchrwsppaymthspl-001 | Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; res-mth-001; res-spl-001 |
| res-renchrwsppaymthsplch-001 | Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; res-mth-001; res-spl-001; chunked |
| res-renchrwsppaymthsplcg-001 | Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; res-mth-001; res-spl-001; chunked and gzip compressed |
| res-mthmrg-001 | Combination of techniques used in res-mth-001 and res-mrg-001 |
| res-mthmrgch-001 | Combination of techniques used in res-mth-001 and res-mrg-001; chunked |
| res-mthmrgcg-001 | Combination of techniques used in res-mth-001 and res-mrg-001; chunked and gzip compressed |
| res-mthmrgord-001 | Combination of techniques used in res-mth-001; res-mrg-001; and res-ord-001 |
| res-mthmrgordch-001 | Combination of techniques used in res-mth-001; res-mrg-001; and res-ord-001; chunked |
| res-mthmrgordcg-001 | Combination of techniques used in res-mth-001; res-mrg-001; and res-ord-001; chunked and gzip compressed |
| res-mthmrgordpay-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; and res-pay-005 |
| res-mthmrgordpaych-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; and res-pay-005; chunked |
| res-mthmrgordpaycg-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; and res-pay-005; chunked and gzip compressed |
| res-mthmrgordpayspl-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-spl-001 |
| res-mthmrgordpaysplch-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-spl-001; chunked |
| res-mthmrgordpaysplcg-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-spl-001; chunked and gzip compressed |
| res-mthmrgordpaysplchr-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003 |
| res-mthmrgordpaysplchrch-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; chunked |
| res-mthmrgordpaysplchrcg-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; chunked and gzip compressed |
| res-mthmrgordpaysplchr-002 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; plus removal of all CLng’s |
| res-mthmrgordpaysplchrch-002 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; plus removal of all CLng’s; chunked |
| res-mthmrgordpaysplchrcg-002 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; plus removal of all CLng’s; chunked and gzip compressed |
| res-mthmrgordpaychr-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-chr-003 |
| res-mthmrgordpaychrch-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-chr-003; chunked |
| res-mthmrgordpaychrcg-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-chr-003; chunked and gzip compressed |
| res-mthmrgordpaysplchrwsp-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng’s |
| res-mthmrgordpaysplchrwspch-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng’s; chunked |
| res-mthmrgordpaysplchrwspcg-001 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng’s; chunked and gzip compressed |
| res-mthmrgordpaysplchrwsp-002 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-001; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng’s |
| res-mthmrgordpaysplchrwspch-002 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-001; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng’s; chunked |
| res-mthmrgordpaysplchrwspcg-002 | Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-001; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng’s; chunked and gzip compressed |