NGFW Resiliency Test Cases Now Available

In accordance with the industry standard for vulnerability disclosures, NSS Labs is now publishing information previously withheld from the 2018 Next Generation Firewall Group Test reports.

Test ID

NGFW Resiliency Testcases

es-null-001

Base exploit

res-null-001-q

Base exploit; Alternate ports

res-nullch-001

Base exploit; chunked

res-nullcg-001

Base exploit; chunked and gzip compressed

res-wsp-001

Both spaces and linefeeds replaced with 31 of each

res-wspch-001

Both spaces and linefeeds replaced with 31 of each; chunked

res-wspcg-001

Both spaces and linefeeds replaced with 31 of each; chunked and gzip compressed

res-ren-001

Procedures and variables renamed

res-rench-001

Procedures and variables renamed; chunked

res-rencg-001

Procedures and variables renamed; chunked and gzip compressed

res-mth-001

Numeric values/equations modified and/or inserted; hexadecimal values replaced with decimal values

res-mthch-001

Numeric values/equations modified and/or inserted; hexadecimal values replaced with decimal values; chunked

res-mthcg-001

Numeric values/equations modified and/or inserted; hexadecimal values replaced with decimal values; chunked and gzip compressed

res-chr-001

Change all chr() to chrw() and vice versa where possible

res-chrch-001

Change all chr() to chrw() and vice versa where possible; chunked

res-chrcg-001

Change all chr() to chrw() and vice versa where possible; chunked and gzip compressed

res-chr-002

Change chr() and chrw() to chrb()

res-chrch-002

Change chr() and chrw() to chrb(); chunked

res-chrcg-002

Change chr() and chrw() to chrb(); chunked and gzip compressed

res-chr-003

Some script commands/strings converted to series of chr()/Clng/&H using online vbscript obfuscator

res-chrch-003

Some script commands/strings converted to series of chr()/Clng/&H using online vbscript obfuscator; chunked

res-chrcg-003

Some script commands/strings converted to series of chr()/Clng/&H using online vbscript obfuscator; chunked and gzip compressed

res-pay-001

Nishang bind shell obfuscated with Unicorn

res-paych-001

Nishang bind shell obfuscated with Unicorn; chunked

res-paycg-001

Nishang bind shell obfuscated with Unicorn; chunked and gzip compressed

res-pay-002

Native Unicorn generated bind shell

res-paych-002

Native Unicorn generated bind shell; chunked

res-paycg-002

Native Unicorn generated bind shell; chunked and gzip compressed

res-pay-003

Nishang bind shell obfuscated with PowerSploit's Out-EncodedCommand

res-paych-003

Nishang bind shell obfuscated with PowerSploit's Out-EncodedCommand; chunked

res-paycg-003

Nishang bind shell obfuscated with PowerSploit's Out-EncodedCommand; chunked and gzip compressed

res-pay-004

Veil Ordnance bind shell shellcode dropped into PowerSploit's Invoke-Shellcode; then obfuscated with PowerSploit's Out-EncodedCommand

res-paych-004

Veil Ordnance bind shell shellcode dropped into PowerSploit's Invoke-Shellcode; then obfuscated with PowerSploit's Out-EncodedCommand; chunked

res-paycg-004

Veil Ordnance bind shell shellcode dropped into PowerSploit's Invoke-Shellcode; then obfuscated with PowerSploit's Out-EncodedCommand; chunked and gzip compressed

res-pay-005

Use wscript to call original payload (PoshRat method)

res-paych-005

Use wscript to call original payload (PoshRat method); chunked

res-paycg-005

Use wscript to call original payload (PoshRat method); chunked and gzip compressed

res-ord-001

Remove runmumaa and add to setnotsafemode function; move setnotsafemode function to bottom of script

res-ordch-001

Remove runmumaa and add to setnotsafemode function; move setnotsafemode function to bottom of script; chunked

res-ordcg-001

Remove runmumaa and add to setnotsafemode function; move setnotsafemode function to bottom of script; chunked and gzip compressed

res-spl-001

Some strings split with "+" and "&"; some lines split with "_"

res-splch-001

Some strings split with "+" and "&"; some lines split with "_"; chunked

res-splcg-001

Some strings split with "+" and "&"; some lines split with "_"; chunked and gzip compressed

res-mrg-001

combine both myarray declaration and powershell command into single lines

res-mrgch-001

combine both myarray declaration and powershell command into single lines; chunked

res-mrgcg-001

combine both myarray declaration and powershell command into single lines; chunked and gzip compressed

res-renchr-001

Combination of techniques used in res-ren-001 and res-chr-003

res-renchrch-001

Combination of techniques used in res-ren-001 and res-chr-003; chunked

res-renchrcg-001

Combination of techniques used in res-ren-001 and res-chr-003; chunked and gzip compressed

res-renchrwsp-001

Combination of techniques used in res-ren-001; res-chr-003; and res-wsp-001

res-renchrwspch-001

Combination of techniques used in res-ren-001; res-chr-003; and res-wsp-001; chunked

res-renchrwspcg-001

Combination of techniques used in res-ren-001; res-chr-003; and res-wsp-001; chunked and gzip compressed

res-renchrwsppay-001

Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; and res-pay-004

res-renchrwsppaych-001

Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; and res-pay-004; chunked

res-renchrwsppaycg-001

Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; and res-pay-004; chunked and gzip compressed

res-renpay-001

Combination of techniques used in res-ren-001 and res-pay-004

res-renpaych-001

Combination of techniques used in res-ren-001 and res-pay-004; chunked

res-renpaycg-001

Combination of techniques used in res-ren-001 and res-pay-004; chunked and gzip compressed

res-renchrwsppaymth-001

Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; and res-mth-001

res-renchrwsppaymthch-001

Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; and res-mth-001; chunked

res-renchrwsppaymthcg-001

Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; and res-mth-001; chunked and gzip compressed

res-renchrwsppaymthspl-001

Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; res-mth-001; res-spl-001

res-renchrwsppaymthsplch-001

Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; res-mth-001; res-spl-001; chunked

res-renchrwsppaymthsplcg-001

Combination of techniques used in res-ren-001; res-chr-003; res-wsp-001; res-pay-004; res-mth-001; res-spl-001; chunked and gzip compressed

res-mthmrg-001

Combination of techniques used in res-mth-001 and res-mrg-001

res-mthmrgch-001

Combination of techniques used in res-mth-001 and res-mrg-001; chunked

res-mthmrgcg-001

Combination of techniques used in res-mth-001 and res-mrg-001; chunked and gzip compressed

res-mthmrgord-001

Combination of techniques used in res-mth-001; res-mrg-001; and res-ord-001

res-mthmrgordch-001

Combination of techniques used in res-mth-001; res-mrg-001; and res-ord-001; chunked

res-mthmrgordcg-001

Combination of techniques used in res-mth-001; res-mrg-001; and res-ord-001; chunked and gzip compressed

res-mthmrgordpay-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; and res-pay-005

res-mthmrgordpaych-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; and res-pay-005; chunked

res-mthmrgordpaycg-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; and res-pay-005; chunked and gzip compressed

res-mthmrgordpayspl-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-spl-001

res-mthmrgordpaysplch-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-spl-001; chunked

res-mthmrgordpaysplcg-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-spl-001; chunked and gzip compressed

res-mthmrgordpaysplchr-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003

res-mthmrgordpaysplchrch-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; chunked

res-mthmrgordpaysplchrcg-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; chunked and gzip compressed

res-mthmrgordpaysplchr-002

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; plus removal of all CLng's

res-mthmrgordpaysplchrch-002

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; plus removal of all CLng's; chunked

res-mthmrgordpaysplchrcg-002

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; and res-chr-003; plus removal of all CLng's; chunked and gzip compressed

res-mthmrgordpaychr-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-chr-003

res-mthmrgordpaychrch-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-chr-003; chunked

res-mthmrgordpaychrcg-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; and res-chr-003; chunked and gzip compressed

res-mthmrgordpaysplchrwsp-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng's

res-mthmrgordpaysplchrwspch-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng's; chunked

res-mthmrgordpaysplchrwspcg-001

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-005; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng's; chunked and gzip compressed

res-mthmrgordpaysplchrwsp-002

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-001; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng's

res-mthmrgordpaysplchrwspch-002

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-001; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng's; chunked

res-mthmrgordpaysplchrwspcg-002

Combination of techniques used in res-mth-001; res-mrg-001; res-ord-001; res-pay-001; res-spl-001; res-chr-003; res-wsp-001; plus removal of all CLng's; chunked and gzip compressed

Follow us on Twitter (@NSSLabs) to keep informed as new research is released.

TAGS: Next Generation Firewall, NGFW