Exam 312-50v12 topic 1 question 218 discussion

Ok D but why not C? it also evade IDS and chatGPT says is more easy to implement

I would go with D because A is more specific with bypassing network traffic...

The most efective "D. Use Hex encoding to represent the SQL query string" Hex encoding is an evasion technique that uses hexadecimal encoding to represent a string. Attackers use hex encoding to obfuscate the SQL query so that it will not be detected in the signatures of security measures, as most IDS do not recognize hex encodings. Attackers exploit such IDS to bypass their SQL injection crafted inputs. Hex encoding provides countless ways for attackers to obfuscate each URL.

D: Module 15, it has its own section.

Might be D because A can't be a good answer. The server IS sending to the bdd so can't be splitted

C. Leverage string concatenation to break identifiable keywords: String concatenation involves splitting SQL keywords and data within the injection payload, making it harder for signature-based IDS systems to match the payload against known SQL injection patterns. This technique can effectively obscure the malicious SQL code, making it less likely to be detected by signature-based detection mechanisms.

D. Hex encoding involves representing characters in hexadecimal format, which can help obfuscate the SQL query string. By encoding the SQL injection payload in hexadecimal, an attacker can evade signature-based detection mechanisms that typically rely on detecting specific SQL injection patterns or keywords. Its not A, because IP fragmentation is more related to evading network-based detection mechanisms, and it may not be as effective against signature-based detection focused on SQL injection patterns.

Options B (case variation) and D (Hex encoding) are the most effective strategies for bypassing IDS signature detection during SQL injection attacks. If I have to choose one I vote D

I think it's A: (Module 15 Page 2334) Evasion Technique: IP Fragmentation An attacker intentionally splits an IP packet to spread the packet across multiple small fragments. Attackers use this technique to evade an IDS or WAF. For an IDS or WAF to detect an attack, it must first reassemble the packet fragments. Usually, it is impossible to find a match between the attack string and a signature as each packet is checked individually. These small fragments can be further modified to complicate reassembly and detection of an attack payload.

D. Use Hex encoding to represent the SQL query string

I think its D