Leveraging Passive Fingerprinting for Link Scanners Evasion

Thu, 22 Jul 2021 @ 17:20:00

Link scanners are a critical component in many essential security products, checking whether a URL is malicious or not. It is embedded within email security products, sandbox solutions and as a standalone direct link scanner. In this talk we will survey new and old tactics for client fingerprinting - ranging from HTTP header anomalies to low level TCP quirks. Then, we will witness how it can be used to passively circumvent link scanners including real-life examples.