In this section, we are going to discuss the topic of evasion. This comes from the often-referred-to concept of Never Get Caught! While this does make for good theatre, the reality is that this is rarely asked for in a penetration test. Furthermore, it is highly dependent on how the administrator has configured their environment. There is no guarantee that we will get through, but we can lab it up and at least find some things that might work if it is a part of our scope of work.
What we want to focus on is the fact that all of these tools have to have some form of threshold, and will be sending an alert when they reach this threshold. This is where we can find ways to evade detection. If we revisit our Snort sensor and clear all of the existing alerts, we can attempt a few different things to see when we get detected and when we do not get detected.