In this chapter, you learned how to set up firewall rules in pfSense and monitor your traffic so that you can learn what type of activity is loud and which type is not. We also discussed how an IDS works and how we can take advantage of the knowledge to avoid detection when performing our scans, starting social engineering campaigns, or simply assessing a web application.

We discussed traffic patterns and how attempting to match the traffic will assist in avoiding detection; after all, if all of the information looks the same, how anyone can determine what is legitimate and what is not.

Also discussed were various strategies through which detection avoidance may be possible if testing in a strategic and well thought-out manner. In closing, ...