SlideShare ist ein Scribd-Unternehmen logo

DevLink - WiFu: You think your wireless is secure?

Als PPTX, PDF herunterladen
Rob Gillen
Rob Gillen

The document discusses attacks on WiFi networks and provides an overview of wireless security testing tools and techniques. It notes that most attacks described would be illegal without permission and assumes no responsibility. It then covers wireless packet frames, packet sniffing filters, packet injection, wireless channels, hidden SSIDs, MAC filters, WEP cracking, WPA/WPA2 cracking using dictionaries, wireless security testing tools like Pineapple and Reaver, and recommendations for more secure wireless practices.

Technologie
1 von 36
You think your Wifi is Safe? Rob Gillen @argodev
Don’t Be Stupid The following presentation describes real attacks on real systems. Please note that most of the attacks described would be considered ILLEGAL if attempted on systems that you do not have explicit permission to test and attack. I assume no responsibility for any actions you perform based on the content of this presentation or subsequent conversations. Please remember this basic guideline: With knowledge comes responsibility.
Disclaimer The content of this presentation represents my personal views and thoughts at the present time. This content is not endorsed by, or representative in any way of my employer nor is it intended to be a view into my work or a reflection on the type of work that I or my group performs. It is simply a hobby and personal interest and should be considered as such.
Credits • Almost nothing in this presentation is original to me. • BackTrack 5 Wireless Penetration Testing Beginner's Guide (PACKT Publishing) • HAK5, Darren Kitchen, et. al. • The guy sitting at Starbucks last night • The Internet (et. al.)
Overview • Pre-Requisite Knowledge • Various Security Approaches • Tools and Attacks
Required Gear • Network Adapter that supports “Monitor” mode. – Equivalent to promiscuous mode on a normal NIC • Windows, MAC, or Linux – Linux tools tend to be more readily available • Comfort at the command line
Today’s Lab • Host Machine: – Laptop, Windows 7, hard-wired to AP – presentation, AP configuration • Attacker: – VM, BackTrack 5 SR1, Alfa AWUS036H • Victim: – VM, Mint 13, Netgear USB WiFi Nic • Access Point: – Linksys WRT310Nv1
Wireless Packet Frames • Management Frames • Control Frames – Authentication – Request to Send – De-authentication (RTS) – Association Request – Clear to Send (CTS) – Association Response – Acknowledgment (AWK) – Re-association • Data Frames Request – Re-association Response – Disassociation – Beacon – Probe Request – Probe Response
Packet Sniffing • Filters: – wlan.fc.type • == 0 (mgmt frames) • == 1 (control frames) • == 2 (data frames) – wlan.fc.subtype • == 4 (probe requests) • == 5 (probe response) • == 8 (beacons) • (wlan.fc.type == 0) && (wlan.fc.subtype == 8)
Packet Sniffing • Determine the channel of the network we are interested in – required for sniffing data packets – airodump-ng • iwconfig mon0 channel 1
Packet Injection • aireplay-ng – Inject packets onto a specific wireless network without specific association to that network – Can target specific channels, mask MAC addresses, etc. – Does not require association
Wireless Channels • 802.11 a,b,g,n slice up their spectrum into channels • Channels are padded by whitespace • 802.11b on 2.4GHz uses 22MHz wide channels • 5 MHz unused spectrum buffers each channel
Channels and Overlap • Channel 1: Centered at 2.412 GHz begins at 2.400 and ends at 2.422 GHz • Channel 2: Centered at 2.417 begins 5MHz past Channel 1’s beginning • Channel 3: Centered at 2.422 GHz begins 5MHz past Channel 2’s beginning • Channels 1, 6, 11, and 14 are discrete Image Source: Wikipedia http://en.wikipedia.org/wiki/File:2.4_GHz_Wi-Fi_channels_(802.11b,g_WLAN).svg
Regulatory Issues • Available Channels – US: 1-11 – Everywhere Else: 1-13 – Japan: 1-14 • Radio Power Levels – iw reg set US (up to 20) – iw reg set BO (up to 30)
De-authentication Packets • Polite way to disconnect a client from the network • Gives everyone a chance to free memory • Hackers best friend Content for this slide taken from WiFi workshop, NoiseBridge, presented by Darren Kitchen http://hak5.org/episodes/hak5-1122
DEMO: HIDDEN SSID
DEMO: Hidden SSID • Show packet capture with the SSID • Hide SSID • Prove it is now hidden • Solve for X – Passive (wait for valid client) – wireshark filter – Use aireplay-ng to send deauth packet to force the discovery • Probe Request/Probe Response packets
DEMO: MAC FILTERS
DEMO: MAC Filters • Enable MAC Filtering on the WAP • Prove that a client cannot connect • Use airodump-ng to show associated clients • Use macchanger to spoof the whitelisted address and connect.
DEMO: WEP ENCRYPTION
DEMO: WEP Encryption • Capture data packets (ARP) from a known/trusted client (airodump-ng) • Replay them/re-inject between 10- 100,000 times (aireplay-ng) • Crack them (aircrack-ng) • Guaranteed crack
DEMO: WPA/2 ENCRYPTION
Image via PacktPub http://www.packtpub.com/article/backtrack-5-attacking-the-client
DEMO: WPA/2 Encryption • Vulnerable to dictionary attacks • Collect authentication handshake • Select dictionary file and run the cracker • Works for WPA, WPA2, AES, TKIP
Tools http://www.metageek.net/products/inssider/
Tools • Jasegar (Pineapple IV) • I can be anything you want me to be http://hakshop.myshopify.com/products/wifi-pineapple
Man-In-The-Middle
Man-In-The-Middle
Man-In-The-Middle
Man-In-The-Middle
Tools • Reaver Pro (WPS Exploit) • 4-10 hours and your network is mine
What is Safe? • Stop using Wi-Fi – Avoid open Wi-Fi networks – Always use SSL – Use 3G (ref: OpenBTS) – Disable Auto-Connect… on *all* devices – Hard/complex network keys – WPA-Enterprise / RADIUS / PEAP / EAP-TTLS – Disable WPS! • BYO-Encryption – Use VPN – SSH Tunnel (change your endpoint) • Encrypted “Public” WiFI
Equipment List • Two Laptops • Any Wireless Access Point • Alfa Card http://www.amazon.com/gp/product/B002BFMZR8 • Yagi Antenna http://www.amazon.com/gp/product/B004L0TKW4 • Reaver Kit http://hakshop.myshopify.com/products/reaver -pro • WiFi Pinapple http://hakshop.myshopify.com/collections/fro ntpage/products/wifi-pineapple
Learning More • http://www.securityfocus.com • http://www.aircrack-ng.org • http://raulsiles.com/resources/wif i.html • http://www.willhackforsushi.com • http://hak5.org – learning – kit
Questions/Contact Rob Gillen rob@gillenfamily.net http://rob.gillenfamily.net @argodev

Empfohlen

Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksNortheast Ohio Information Security Forum
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewallsJoshua Johnston
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
OSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinOSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinEC-Council
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON
 

Empfohlen

Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksNortheast Ohio Information Security Forum
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewallsJoshua Johnston
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
OSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinOSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinEC-Council
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON
 
Hacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleHacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleEC-Council
 
Oleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsOleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsDefcon Moscow
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali LinuxJason Murray
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5Ayush Goyal
 
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismetChris Hammond-Thrasher
 
Tmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hackluTmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hackluSteph Cliche
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON
 
Backtrack
BacktrackBacktrack
BacktrackOne97 Communications Limited
 
44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN44CON
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnieZoltan Balazs
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 
Uncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsUncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsHeadLightSecurity
 
Backtrack
BacktrackBacktrack
Backtrackn|u - The Open Security Community
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devicesYashin Mehaboobe
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016Priyanka Aash
 
Hacking tools
Hacking toolsHacking tools
Hacking toolsBob Resmerita
 

Weitere ähnliche Inhalte

Was ist angesagt?

Hacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleHacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleEC-Council
 
Oleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsOleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsDefcon Moscow
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali LinuxJason Murray
 
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow
 
Tmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hackluTmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hackluSteph Cliche
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON
 
44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN44CON
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnieZoltan Balazs
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 
Uncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsUncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsHeadLightSecurity
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devicesYashin Mehaboobe
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 

Was ist angesagt? (20)

Hacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleHacking Network APIs by Dan Nagle
Hacking Network APIs by Dan Nagle
 
Oleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsOleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threats
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5
 
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
 
Tmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hackluTmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hacklu
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection
 
Backtrack
BacktrackBacktrack
Backtrack
 
44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
 
Uncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsUncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditions
 
Backtrack
BacktrackBacktrack
Backtrack
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration Testing
 
Kali presentation
Kali presentationKali presentation
Kali presentation
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linux
 

Andere mochten auch

What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016Priyanka Aash
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Mandeep Jadon
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networksSahil Rai
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSystem ID Warehouse
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Viren Rao
 
How To Hack Wireless Internet Connections
How To Hack Wireless Internet ConnectionsHow To Hack Wireless Internet Connections
How To Hack Wireless Internet Connectionsguest85e156e
 
Alphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm
 

Andere mochten auch (11)

What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
 
Hacking tools
Hacking toolsHacking tools
Hacking tools
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networks
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning
 
How To Hack Wireless Internet Connections
How To Hack Wireless Internet ConnectionsHow To Hack Wireless Internet Connections
How To Hack Wireless Internet Connections
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Alphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 III
 

Ähnlich wie DevLink - WiFu: You think your wireless is secure?

4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdfssuser88346b
 
You think your WiFi is safe?
You think your WiFi is safe?You think your WiFi is safe?
You think your WiFi is safe?Rob Gillen
 
Wi fi pentesting
Wi fi pentestingWi fi pentesting
Wi fi pentestingMihir Shah
 
Capturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wikiCapturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wikiTakashi Yamanoue
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008ClubHack
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat ManagementTapas Shome
 
After School cyber security class slides - Pat
After School cyber security class slides - PatAfter School cyber security class slides - Pat
After School cyber security class slides - PatDan Winson
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration TestingMohammed Adam
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017keyalea
 
MTech_Thesis_presentation.ppt
MTech_Thesis_presentation.pptMTech_Thesis_presentation.ppt
MTech_Thesis_presentation.pptAhmed638470
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloudshira koper
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptImXaib
 

Ähnlich wie DevLink - WiFu: You think your wireless is secure? (20)

4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf
 
You think your WiFi is safe?
You think your WiFi is safe?You think your WiFi is safe?
You think your WiFi is safe?
 
Wi fi pentesting
Wi fi pentestingWi fi pentesting
Wi fi pentesting
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
Capturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wikiCapturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wiki
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat Management
 
After School cyber security class slides - Pat
After School cyber security class slides - PatAfter School cyber security class slides - Pat
After School cyber security class slides - Pat
 
Myles firewalls
Myles firewallsMyles firewalls
Myles firewalls
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
 
MTech_Thesis_presentation.ppt
MTech_Thesis_presentation.pptMTech_Thesis_presentation.ppt
MTech_Thesis_presentation.ppt
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.ppt
 

Mehr von Rob Gillen

CodeStock14: Hiding in Plain Sight
CodeStock14: Hiding in Plain SightCodeStock14: Hiding in Plain Sight
CodeStock14: Hiding in Plain SightRob Gillen
 
What's in a password
What's in a password What's in a password
What's in a password Rob Gillen
 
How well do you know your runtime
How well do you know your runtimeHow well do you know your runtime
How well do you know your runtimeRob Gillen
 
Software defined radio and the hacker
Software defined radio and the hackerSoftware defined radio and the hacker
Software defined radio and the hackerRob Gillen
 
So whats in a password
So whats in a passwordSo whats in a password
So whats in a passwordRob Gillen
 
Hiding in plain sight
Hiding in plain sightHiding in plain sight
Hiding in plain sightRob Gillen
 
ETCSS: Into the Mind of a Hacker
ETCSS: Into the Mind of a HackerETCSS: Into the Mind of a Hacker
ETCSS: Into the Mind of a HackerRob Gillen
 
Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackAnatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackRob Gillen
 
Intro to GPGPU with CUDA (DevLink)
Intro to GPGPU with CUDA (DevLink)Intro to GPGPU with CUDA (DevLink)
Intro to GPGPU with CUDA (DevLink)Rob Gillen
 
A Comparison of AWS and Azure - Part2
A Comparison of AWS and Azure - Part2A Comparison of AWS and Azure - Part2
A Comparison of AWS and Azure - Part2Rob Gillen
 
A Comparison of AWS and Azure - Part 1
A Comparison of AWS and Azure - Part 1A Comparison of AWS and Azure - Part 1
A Comparison of AWS and Azure - Part 1Rob Gillen
 
Intro to GPGPU Programming with Cuda
Intro to GPGPU Programming with CudaIntro to GPGPU Programming with Cuda
Intro to GPGPU Programming with CudaRob Gillen
 
Scaling Document Clustering in the Cloud
Scaling Document Clustering in the CloudScaling Document Clustering in the Cloud
Scaling Document Clustering in the CloudRob Gillen
 
Hands On with Amazon Web Services (StirTrek)
Hands On with Amazon Web Services (StirTrek)Hands On with Amazon Web Services (StirTrek)
Hands On with Amazon Web Services (StirTrek)Rob Gillen
 
Windows Azure: Lessons From The Field
Windows Azure: Lessons From The FieldWindows Azure: Lessons From The Field
Windows Azure: Lessons From The FieldRob Gillen
 
Amazon Web Services for the .NET Developer
Amazon Web Services for the .NET DeveloperAmazon Web Services for the .NET Developer
Amazon Web Services for the .NET DeveloperRob Gillen
 
05561 Xfer Research 02
05561 Xfer Research 0205561 Xfer Research 02
05561 Xfer Research 02Rob Gillen
 
05561 Xfer Research 01
05561 Xfer Research 0105561 Xfer Research 01
05561 Xfer Research 01Rob Gillen
 
05561 Xfer Consumer 01
05561 Xfer Consumer 0105561 Xfer Consumer 01
05561 Xfer Consumer 01Rob Gillen
 

Mehr von Rob Gillen (20)

CodeStock14: Hiding in Plain Sight
CodeStock14: Hiding in Plain SightCodeStock14: Hiding in Plain Sight
CodeStock14: Hiding in Plain Sight
 
What's in a password
What's in a password What's in a password
What's in a password
 
How well do you know your runtime
How well do you know your runtimeHow well do you know your runtime
How well do you know your runtime
 
Software defined radio and the hacker
Software defined radio and the hackerSoftware defined radio and the hacker
Software defined radio and the hacker
 
So whats in a password
So whats in a passwordSo whats in a password
So whats in a password
 
Hiding in plain sight
Hiding in plain sightHiding in plain sight
Hiding in plain sight
 
ETCSS: Into the Mind of a Hacker
ETCSS: Into the Mind of a HackerETCSS: Into the Mind of a Hacker
ETCSS: Into the Mind of a Hacker
 
Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackAnatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow Attack
 
Intro to GPGPU with CUDA (DevLink)
Intro to GPGPU with CUDA (DevLink)Intro to GPGPU with CUDA (DevLink)
Intro to GPGPU with CUDA (DevLink)
 
AWS vs. Azure
AWS vs. AzureAWS vs. Azure
AWS vs. Azure
 
A Comparison of AWS and Azure - Part2
A Comparison of AWS and Azure - Part2A Comparison of AWS and Azure - Part2
A Comparison of AWS and Azure - Part2
 
A Comparison of AWS and Azure - Part 1
A Comparison of AWS and Azure - Part 1A Comparison of AWS and Azure - Part 1
A Comparison of AWS and Azure - Part 1
 
Intro to GPGPU Programming with Cuda
Intro to GPGPU Programming with CudaIntro to GPGPU Programming with Cuda
Intro to GPGPU Programming with Cuda
 
Scaling Document Clustering in the Cloud
Scaling Document Clustering in the CloudScaling Document Clustering in the Cloud
Scaling Document Clustering in the Cloud
 
Hands On with Amazon Web Services (StirTrek)
Hands On with Amazon Web Services (StirTrek)Hands On with Amazon Web Services (StirTrek)
Hands On with Amazon Web Services (StirTrek)
 
Windows Azure: Lessons From The Field
Windows Azure: Lessons From The FieldWindows Azure: Lessons From The Field
Windows Azure: Lessons From The Field
 
Amazon Web Services for the .NET Developer
Amazon Web Services for the .NET DeveloperAmazon Web Services for the .NET Developer
Amazon Web Services for the .NET Developer
 
05561 Xfer Research 02
05561 Xfer Research 0205561 Xfer Research 02
05561 Xfer Research 02
 
05561 Xfer Research 01
05561 Xfer Research 0105561 Xfer Research 01
05561 Xfer Research 01
 
05561 Xfer Consumer 01
05561 Xfer Consumer 0105561 Xfer Consumer 01
05561 Xfer Consumer 01
 

Kürzlich hochgeladen

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Kürzlich hochgeladen (20)

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

DevLink - WiFu: You think your wireless is secure?

  • 1. You think your Wifi is Safe? Rob Gillen @argodev
  • 2. Don’t Be Stupid The following presentation describes real attacks on real systems. Please note that most of the attacks described would be considered ILLEGAL if attempted on systems that you do not have explicit permission to test and attack. I assume no responsibility for any actions you perform based on the content of this presentation or subsequent conversations. Please remember this basic guideline: With knowledge comes responsibility.
  • 3. Disclaimer The content of this presentation represents my personal views and thoughts at the present time. This content is not endorsed by, or representative in any way of my employer nor is it intended to be a view into my work or a reflection on the type of work that I or my group performs. It is simply a hobby and personal interest and should be considered as such.
  • 4. Credits • Almost nothing in this presentation is original to me. • BackTrack 5 Wireless Penetration Testing Beginner's Guide (PACKT Publishing) • HAK5, Darren Kitchen, et. al. • The guy sitting at Starbucks last night • The Internet (et. al.)
  • 5.
  • 6. Overview • Pre-Requisite Knowledge • Various Security Approaches • Tools and Attacks
  • 7. Required Gear • Network Adapter that supports “Monitor” mode. – Equivalent to promiscuous mode on a normal NIC • Windows, MAC, or Linux – Linux tools tend to be more readily available • Comfort at the command line
  • 8. Today’s Lab • Host Machine: – Laptop, Windows 7, hard-wired to AP – presentation, AP configuration • Attacker: – VM, BackTrack 5 SR1, Alfa AWUS036H • Victim: – VM, Mint 13, Netgear USB WiFi Nic • Access Point: – Linksys WRT310Nv1
  • 9. Wireless Packet Frames • Management Frames • Control Frames – Authentication – Request to Send – De-authentication (RTS) – Association Request – Clear to Send (CTS) – Association Response – Acknowledgment (AWK) – Re-association • Data Frames Request – Re-association Response – Disassociation – Beacon – Probe Request – Probe Response
  • 10. Packet Sniffing • Filters: – wlan.fc.type • == 0 (mgmt frames) • == 1 (control frames) • == 2 (data frames) – wlan.fc.subtype • == 4 (probe requests) • == 5 (probe response) • == 8 (beacons) • (wlan.fc.type == 0) && (wlan.fc.subtype == 8)
  • 11. Packet Sniffing • Determine the channel of the network we are interested in – required for sniffing data packets – airodump-ng • iwconfig mon0 channel 1
  • 12. Packet Injection • aireplay-ng – Inject packets onto a specific wireless network without specific association to that network – Can target specific channels, mask MAC addresses, etc. – Does not require association
  • 13. Wireless Channels • 802.11 a,b,g,n slice up their spectrum into channels • Channels are padded by whitespace • 802.11b on 2.4GHz uses 22MHz wide channels • 5 MHz unused spectrum buffers each channel
  • 14. Channels and Overlap • Channel 1: Centered at 2.412 GHz begins at 2.400 and ends at 2.422 GHz • Channel 2: Centered at 2.417 begins 5MHz past Channel 1’s beginning • Channel 3: Centered at 2.422 GHz begins 5MHz past Channel 2’s beginning • Channels 1, 6, 11, and 14 are discrete Image Source: Wikipedia http://en.wikipedia.org/wiki/File:2.4_GHz_Wi-Fi_channels_(802.11b,g_WLAN).svg
  • 15. Regulatory Issues • Available Channels – US: 1-11 – Everywhere Else: 1-13 – Japan: 1-14 • Radio Power Levels – iw reg set US (up to 20) – iw reg set BO (up to 30)
  • 16. De-authentication Packets • Polite way to disconnect a client from the network • Gives everyone a chance to free memory • Hackers best friend Content for this slide taken from WiFi workshop, NoiseBridge, presented by Darren Kitchen http://hak5.org/episodes/hak5-1122
  • 18. DEMO: Hidden SSID • Show packet capture with the SSID • Hide SSID • Prove it is now hidden • Solve for X – Passive (wait for valid client) – wireshark filter – Use aireplay-ng to send deauth packet to force the discovery • Probe Request/Probe Response packets
  • 20. DEMO: MAC Filters • Enable MAC Filtering on the WAP • Prove that a client cannot connect • Use airodump-ng to show associated clients • Use macchanger to spoof the whitelisted address and connect.
  • 22. DEMO: WEP Encryption • Capture data packets (ARP) from a known/trusted client (airodump-ng) • Replay them/re-inject between 10- 100,000 times (aireplay-ng) • Crack them (aircrack-ng) • Guaranteed crack
  • 25. DEMO: WPA/2 Encryption • Vulnerable to dictionary attacks • Collect authentication handshake • Select dictionary file and run the cracker • Works for WPA, WPA2, AES, TKIP
  • 27. Tools • Jasegar (Pineapple IV) • I can be anything you want me to be http://hakshop.myshopify.com/products/wifi-pineapple
  • 32. Tools • Reaver Pro (WPS Exploit) • 4-10 hours and your network is mine
  • 33. What is Safe? • Stop using Wi-Fi – Avoid open Wi-Fi networks – Always use SSL – Use 3G (ref: OpenBTS) – Disable Auto-Connect… on *all* devices – Hard/complex network keys – WPA-Enterprise / RADIUS / PEAP / EAP-TTLS – Disable WPS! • BYO-Encryption – Use VPN – SSH Tunnel (change your endpoint) • Encrypted “Public” WiFI
  • 34. Equipment List • Two Laptops • Any Wireless Access Point • Alfa Card http://www.amazon.com/gp/product/B002BFMZR8 • Yagi Antenna http://www.amazon.com/gp/product/B004L0TKW4 • Reaver Kit http://hakshop.myshopify.com/products/reaver -pro • WiFi Pinapple http://hakshop.myshopify.com/collections/fro ntpage/products/wifi-pineapple
  • 35. Learning More • http://www.securityfocus.com • http://www.aircrack-ng.org • http://raulsiles.com/resources/wif i.html • http://www.willhackforsushi.com • http://hak5.org – learning – kit