Welcome to In Depth Defense. In Depth Defense LLC is a privately owned Information Security Consulting company owned and operated by Mark Baggett. In Depth Defense specializes in Penetration Testing and Incident Response. At this time In Depth Defense is not accepting any new client work, but we are happy to speak to you and point you to other resources in the community.

Mark Baggett has been active in Information Security for 18+ years. I've served in a variety of roles from software developer to CISO. You can find archives of older blog entries below and read my newer posts on http://www.pauldotcom.com, http://isc.sans.edu and http://pen-testing.sans.org

Friday, May 30, 2008


Here are some screen captures of the Meterpreter threads running inside the Symantec SEP 11 HIPS process and inside the McAfee TOPS HIPS process.   I guess DLL injection into the HIPS process isn't a malicious enough behavior.

Both HIPS seems to do a good job of blocking network based exploits, but its still game over if a client runs malicious code or the attacker knows a valid login and password for the box.  MAYBE all is not lost.  The verdict is still out on whether or not the HIPS config can be adjusted to block this type of backdoor.