4. Wifi Availability
Does WPA2 really matter?
Session hijacking, complete compromise
•
• Banking / Retail cc
Credit: www.immunityinc.com/images/silica/new_wifimonitor_edited.png
5. Wifi Attacker’s Toolset 2013
Getting in – is anything new?
• Evil Twin == ARPSpoof, DHCP spoofing
• Aircrack-ng handshake collector, WPS PIN defaults and Reaver
brute forcing
• Cloud based cracking, ocl-Hashcat-plus
• 55 is the new 15!
•
Performance improvements by orders of magnitude
• Certificate forging, SSLStrip, HTML Injection and Sidejacking
• Cookie theft and replay
• System Compromise and DNS Hijacking
6. Connecting to Public Wifi
Confident connections
• VPN (and/or SSH)
• Pay attention to your browser!