SlideShare una empresa de Scribd logo
1 de 48
Advanced Wireless
Reconnaissance and Testing
#NSConclave2020
Rohit Jadav
[~]$ whoami
Rohit Jadav - Manager Professional Services
● 5+ yrs experience in
Information security
domain
● Vast experience in VAPT
on various business and
banking applications,
corporate networks.
● Performed PCI-DSS
wireless assessment for
an international client
@54ucyv1p3r
Rohit Jadav
Overview
Wireless computing devices are everywhere and new products
seem to appear daily, which poses significant security risks to an
organization. As a result, network and information security staff
must understand the risks inherent in wireless computing.
This workshop is designed to understand the basic wireless
networking concepts.
Hands-on activities are presented from the auditors perspective to
help learners understand a wireless auditing methodology.
Workshop Objectives
After the completion of the workshop the learners should be able to:
➔ Understand the operation of 802.11 and other wireless
technologies.
➔ Perform passive 802.11b/g/n/a/ac scanning (2.4 and 5GHz bands)
➔ Perform packet capture and analysis of 802.11 traffic
➔ Perform PCI-DSS compliance audit:
◆ Perform wardriving / warwalking
◆ RF signal capture and strength analysis
◆ Identify and analysing a frequency from the spectrum
◆ Isolate rogue frequency
Introduction to
Wireless
Technologies
Wireless Technology - Communication
The wireless
communication refers to
the transfer of
information using
electromagnetic (EM) or
acoustic waves over the
atmosphere rather than
using any propagation
medium that employs
wires.
Wireless Technology - Types
NFC5
Bluetooth6
Ultra Wideband
Radios7
Zigbee Radios8
Cellular Systems 1
Wi-Fi 2
WIMAX 3
GPS / Satellite
Systems 4
Wireless LANs
Wireless LANs
● Are high frequency radio waves instead of cables for
connecting the devices in LAN.
● Very flexible within the reception area.
● Ad-hoc networks without previous planning possible.
● No wiring difficulties.
● More robust against disasters.
Local Wireless Networks
Personal Wireless Networks
Wireless Distribution Networks
Wireless LANs - Basics - Wi-Fi
Wi-Fi is a generic term that refers to the IEEE 802.11
communications standard for Wireless Local Area Networks
Wi-Fi works on physical as well as data link layer.
Wi-Fi uses radio technologies:
IEEE 802.11b
IEEE 802.11a
IEEE 802.11 g ….n
Wireless LANs - Basics - Wi-Fi
Access Point (AP): It is a Wireless LAN transerver or “base
station” that can connect one or many wireless devices to the
internet via wired network.
Service Set Identifier (SSID): The SSID identifies a specific
wireless LAN.
Basic Service Set – (BSS): A set of stations controlled by a
single coordination function. Can be classified as either an
Independent BSS (IBSS) or an Extended Service Set (ESS).
Wireless LANs - Basics - Bluetooth
Bluetooth is a short range and low power wireless technology
developed for exchanging data over short distance, creating
Personal Area Network (PANs)
● Operates on 2.4 GHz band
● Effective range 10 mtrs
● Supports data rate of 1 MB/s
● Uses radio technology called Frequency-Hopping Spread
Spectrum
Wireless LANs - Basics - WiMax
WiMax (Worldwide Interoperability for Microwave Access) is
an IEEE 802.16 broadband standard.
● It is a wide area wireless network standard
● Operates in 2.5 to 3.5 GHz
● Providing high-speed mobile data and
telecommunications services
● Highly scalable and distributed architecture
On what does the
wireless technologies
actually work on??
World of Wireless
1. Analog video - Amplitude modulated from 50MHz to 800MHz
2. Digital video - complex modulation from 200MHz to 800MHz
1. Voice - analog or digital modulation from 800MHz to 900MHz
2. 3G, 4G or LTE - 1700 MHz to 1900 MHz and others
3. Bluetooth - digital modulation at 2400MHz
1. Many types of signals - voice, audio, video, data
2. Many modulation types - analog and digital
3. Many, many frequencies - 3400MHz, 5900MHz, 10.7GHz
1. Wi-Fi - digital modulation at 2400MHz or 5000 to 5800MHz.
2. Bluetooth - digital modulation at 2400MHz
1. AM Radio - AM modulation from 0.6MHz to 1.6MHz
2. FM Radio - FM modulation from 88MHz to 108MHz
Television
Cellular Phones
Satellite Signals
Wi-Fi
Bluetooth
AM/FM
ISM UNII Bands
INDUSTRIAL, SCIENTIFIC AND MEDICAL (ISM)
BANDS
They are defined by ITU Telecommunication
Standardization Sector (ITU-T). The IEEE 802.11 standard
and the subsequent 802.11b and 802.11g amendments all
define communications in the frequency range between 2.4
GHz and 2.4835 GHz.
UNLICENSED NATIONAL INFORMATION
INFRASTRUCTURE BANDS (UNII)
The IEEE 802.11a amendment assigns data transmissions
within the frequency space of the 5 GHz UNII bands. The
802.11a amendment uses three groupings, or bands, of
UNII frequencies. All three bands are 100 MHz wide
Wireless
Networks
802.11 and other
ISM/UNII band
ISM Bands
● 900 MHz ISM
band
● 26 MHz Wide
● Allocated to the
Global System
for Mobile
Communications
(GSM)
● 2.4 GHz ISM
band is currently
the most
common band
used band
● 83.5 MHz wide
and spans from
2.4000 GHz to
2.4835 GHz.
● 5.8 GHz ISM band
is 150 MHz wide
● Spans from 5.725
GHz to 5.875 GHz.
● The 5.8 GHz ISM
band is a preferred
spectrum for long
distance wireless
bridging.
Industrial Band Scientific Band Medical Band
UNII Bands
● Operates
between
5.15–5.25 GHz
● 100 MHz wide
● Operates
between
5.25–5.35 GHz
● 100 MHz wide
● Operates
between
5.725–5.825 GHz
● 100 MHz wide
UNII-1 Band UNII-2 Band UNII-3 Band
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
Hands on - Identify
the wireless
devices
Warwalking / Wardriving
Requirements:
● Wi-Fi card (Alfa card)
● Kali Linux
● Kismet
● Aircrack-ng Wi-Fi network
security assessment suite
Wardriving / Warwalking
Tasks:
● Hands-on of the assessment
tools
● Identify the wireless access
points
● Observing the wireless
properties
● Identifying clients properties
● Handshake capturing
What did we learn?
● Detect Wireless devices in the vicinity
● Identifying the clients connected to the access points
● Wireless access points properties (signal strength, channel details, etc)
Packet capture
and analysis
Packet capturing (using Kismet and Wireshark)
Requirements:
● Kismet
● Aircrack-ng suite
Tasks:
● Capture and analyse 802.11
traffic
● Identify the handshake
What did we learn?
● Capturing the 802.11 traffic
● Analysis of the 802.11 traffic
● Hand-on of the traffic analysis tools
RF Wireless
Spectrum
Capture and Analysis
Sound waves Visible Light Harmful Radiation
VHF = VERY HIGH FREQUENCY
UHF = ULTRA HIGH FREQUENCY
SHF = SUPER HIGH FREQUENCY
EHF = EXTRA HIGH FREQUENCY
ISM Bands
2.4 GHz
ISM Band 4G Cellular
Electromagnetic Spectrum
How am I supposed to
scan this spectrum ??
WooHoo!
Hands-on with the RF
Explorer
Scanning the RF spectrum
Requirements:
● RF Explorer
● RF Explorer client installed on
the machine
Tasks:
● Analyse spectrum
● Identify the frequencies
● Identify between a rogue and
authentic radio frequencies
● Isolating a rogue frequency
RF Jargons
● Attenuation –a loss in force or intensity –As radio waves travel in
media such as coaxial cable attenuation occurs.
● Noise Floor –The measure of the signal created from the sum of all the
noise sources and unwanted signals appearing at the receiver. This can
be adjacent signals, weak signals in the background that don’t go away,
electrical noise from electromechanical devices etc.
● Receiver Sensitivity –The minimum received power needed to
successfully decode a radio signal with an acceptable BER. This is
usually expressed in a negative number depending on the data rate.
● SNR–Signal to Noise Ratio –The ratio of the transmitted power from the
AP to the ambient (noise floor) energy present.
Antennas
Nagoya Telescopic NA-773
● This is a telescopic, high
quality 2dBi antenna ideally
suited for 144MHz and
430MHz bands.
● Use this antenna in all
ranges of frequencies
between 15-1000MHz.
Antennas
Whip dipole antennas
● These are quality 2dBi
antennas designed for
narrow band application
● RF Explorer 6G, includes a
2dBi antenna tuned for
2450MHz
Antennas
Rubber duck 5.8GHz antenna
● This is a quality antenna with
good coverage in the range
of 5.4-5.9GHz
● Offers reasonable coverage
in the 2.4 Ghz band too, so
can be used as dual band
antenna for WiFi
Frequency Settings
● dBm –decibels milliwatt --abbreviation for the power ratio in decibels
(dB)
● Center Freq: Center frequency in MHz
● Freq Span: Frequency span (or range) to display on screen in MHz
● Start Freq: Lower frequency range to display on screen in MHz
● Stop Freq: Higher frequency range to display on screen in MHz
Calculator
● Max: Peak values are used from the last sweep Iterations. This is the
standard mode.
● Max Hold: Capture all activity in the band including the Max signal
envelope mode with vector graphics and real-time activity with vertical
bars.
● Average: Arithmetic media average is calculated over the last sweep
Iterations. This is the best possible choice to remove unwanted white
noise from screen, particularly useful in constant wave (CW) and
channel signals display.
● Normal: No calculation is done, just raw data as result of the realtime
sweep.
What did we learn?
● Operating the RF Explorer
● Analyzing the RF spectrum
● Scanning ISM UNII bands
● Identifying and isolating rogue frequency
What PIC-DSS has to say?
PCI DSS wireless requirements can be broken down into the following two
primary categories:
1. All organizations should have these controls in place to protect their
wired networks from attacks via rogue or unknown wireless access
points (APs) and clients.
2. All organizations that transmit payment card information over wireless
technology should have these controls in place to protect those
systems.
What PIC-DSS has to say?
What PIC-DSS has to say?
Revisiting the workshop objectives
1. Understand the operation of 802.11 and other wireless
technologies.
2. Perform passive 802.11b/g/n/a/ac scanning (2.4 and 5GHz bands)
3. Perform packet capture and analysis of 802.11 traffic
4. Perform PCI-DSS compliance audit:
a. Perform wardriving / warwalking
b. RF signal capture and strength analysis
c. Identify and analysing a frequency from the spectrum
d. Isolate rogue frequency
You can proudly
say….
Advanced Wireless Reconnaissance And Testing - Rohit Jadav

Más contenido relacionado

La actualidad más candente

Module 2-lte architecture and protocol
Module 2-lte architecture and protocolModule 2-lte architecture and protocol
Module 2-lte architecture and protocolravikbdayal
 
An Overview of LoRA, Sigfox, and IEEE 802.11ah
An Overview of LoRA, Sigfox, and IEEE 802.11ahAn Overview of LoRA, Sigfox, and IEEE 802.11ah
An Overview of LoRA, Sigfox, and IEEE 802.11ahFaheem Zafari
 
Wireless Mobile Networks--> Wireless Body Area and Wireless Personal Area Net...
Wireless Mobile Networks--> Wireless Body Area and Wireless Personal Area Net...Wireless Mobile Networks--> Wireless Body Area and Wireless Personal Area Net...
Wireless Mobile Networks--> Wireless Body Area and Wireless Personal Area Net...YOGEESH M
 
Wi-Fi For Beginners - Module 3 - Access Points (APs)
Wi-Fi For Beginners - Module 3 - Access Points (APs)Wi-Fi For Beginners - Module 3 - Access Points (APs)
Wi-Fi For Beginners - Module 3 - Access Points (APs)Nigel Bowden
 
Telecommunications: Introduction to Wireless Networks
Telecommunications: Introduction to Wireless NetworksTelecommunications: Introduction to Wireless Networks
Telecommunications: Introduction to Wireless NetworksNapier University
 
DASH7: Context aware sensor and actuator data propagation system using sub-1 Ghz
DASH7: Context aware sensor and actuator data propagation system using sub-1 GhzDASH7: Context aware sensor and actuator data propagation system using sub-1 Ghz
DASH7: Context aware sensor and actuator data propagation system using sub-1 GhzMaarten Weyn
 
Brief LoRaWAN Overview
Brief LoRaWAN OverviewBrief LoRaWAN Overview
Brief LoRaWAN OverviewAlper Yegin
 
WirelessHart location determination application
WirelessHart location determination applicationWirelessHart location determination application
WirelessHart location determination applicationVaibhav Ukarande
 
Use of Licence Exempt Frequency Bands: Draft Report
Use of Licence Exempt Frequency Bands: Draft ReportUse of Licence Exempt Frequency Bands: Draft Report
Use of Licence Exempt Frequency Bands: Draft ReporttechUK
 
The increasing need for low power, long range communication and localization ...
The increasing need for low power, long range communication and localization ...The increasing need for low power, long range communication and localization ...
The increasing need for low power, long range communication and localization ...Maarten Weyn
 
Wireless Is Simple!
Wireless Is Simple!Wireless Is Simple!
Wireless Is Simple!Encom
 
EC 8004 wireless networks -Two marks with answers
EC 8004   wireless networks -Two marks with answersEC 8004   wireless networks -Two marks with answers
EC 8004 wireless networks -Two marks with answersKannanKrishnana
 
Bluetooth - Comprehensive Presentation
Bluetooth - Comprehensive PresentationBluetooth - Comprehensive Presentation
Bluetooth - Comprehensive PresentationMuhammed Afsal Villan
 
Rf technologies for Wireless Sensor Networks
Rf technologies for Wireless Sensor NetworksRf technologies for Wireless Sensor Networks
Rf technologies for Wireless Sensor NetworksInduo AB
 
High performance browser networking ch5,6
High performance browser networking ch5,6High performance browser networking ch5,6
High performance browser networking ch5,6Seung-Bum Lee
 
Communication & information security final
Communication & information security finalCommunication & information security final
Communication & information security finalneerajchor
 

La actualidad más candente (20)

Module 2-lte architecture and protocol
Module 2-lte architecture and protocolModule 2-lte architecture and protocol
Module 2-lte architecture and protocol
 
An Overview of LoRA, Sigfox, and IEEE 802.11ah
An Overview of LoRA, Sigfox, and IEEE 802.11ahAn Overview of LoRA, Sigfox, and IEEE 802.11ah
An Overview of LoRA, Sigfox, and IEEE 802.11ah
 
LoRa Alliance
LoRa AllianceLoRa Alliance
LoRa Alliance
 
Final presentation
Final presentationFinal presentation
Final presentation
 
Wireless LAN
Wireless LANWireless LAN
Wireless LAN
 
Wireless Mobile Networks--> Wireless Body Area and Wireless Personal Area Net...
Wireless Mobile Networks--> Wireless Body Area and Wireless Personal Area Net...Wireless Mobile Networks--> Wireless Body Area and Wireless Personal Area Net...
Wireless Mobile Networks--> Wireless Body Area and Wireless Personal Area Net...
 
Zigbee 802-15-4
Zigbee 802-15-4Zigbee 802-15-4
Zigbee 802-15-4
 
Wi-Fi For Beginners - Module 3 - Access Points (APs)
Wi-Fi For Beginners - Module 3 - Access Points (APs)Wi-Fi For Beginners - Module 3 - Access Points (APs)
Wi-Fi For Beginners - Module 3 - Access Points (APs)
 
Telecommunications: Introduction to Wireless Networks
Telecommunications: Introduction to Wireless NetworksTelecommunications: Introduction to Wireless Networks
Telecommunications: Introduction to Wireless Networks
 
DASH7: Context aware sensor and actuator data propagation system using sub-1 Ghz
DASH7: Context aware sensor and actuator data propagation system using sub-1 GhzDASH7: Context aware sensor and actuator data propagation system using sub-1 Ghz
DASH7: Context aware sensor and actuator data propagation system using sub-1 Ghz
 
Brief LoRaWAN Overview
Brief LoRaWAN OverviewBrief LoRaWAN Overview
Brief LoRaWAN Overview
 
WirelessHart location determination application
WirelessHart location determination applicationWirelessHart location determination application
WirelessHart location determination application
 
Use of Licence Exempt Frequency Bands: Draft Report
Use of Licence Exempt Frequency Bands: Draft ReportUse of Licence Exempt Frequency Bands: Draft Report
Use of Licence Exempt Frequency Bands: Draft Report
 
The increasing need for low power, long range communication and localization ...
The increasing need for low power, long range communication and localization ...The increasing need for low power, long range communication and localization ...
The increasing need for low power, long range communication and localization ...
 
Wireless Is Simple!
Wireless Is Simple!Wireless Is Simple!
Wireless Is Simple!
 
EC 8004 wireless networks -Two marks with answers
EC 8004   wireless networks -Two marks with answersEC 8004   wireless networks -Two marks with answers
EC 8004 wireless networks -Two marks with answers
 
Bluetooth - Comprehensive Presentation
Bluetooth - Comprehensive PresentationBluetooth - Comprehensive Presentation
Bluetooth - Comprehensive Presentation
 
Rf technologies for Wireless Sensor Networks
Rf technologies for Wireless Sensor NetworksRf technologies for Wireless Sensor Networks
Rf technologies for Wireless Sensor Networks
 
High performance browser networking ch5,6
High performance browser networking ch5,6High performance browser networking ch5,6
High performance browser networking ch5,6
 
Communication & information security final
Communication & information security finalCommunication & information security final
Communication & information security final
 

Similar a Advanced Wireless Reconnaissance And Testing - Rohit Jadav

Wirless Parsonal Area Networks.ppt
Wirless Parsonal Area Networks.pptWirless Parsonal Area Networks.ppt
Wirless Parsonal Area Networks.pptMunazza63
 
Measuring of non ionising radiation due to wi fi, dect, 4g (lte) or radar- sc...
Measuring of non ionising radiation due to wi fi, dect, 4g (lte) or radar- sc...Measuring of non ionising radiation due to wi fi, dect, 4g (lte) or radar- sc...
Measuring of non ionising radiation due to wi fi, dect, 4g (lte) or radar- sc...Leishman Associates
 
Meixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent AdvancesMeixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent Advancesmelvincabatuan
 
Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)Darpan Patel
 
8. Wireless (1).ppt
8. Wireless (1).ppt8. Wireless (1).ppt
8. Wireless (1).pptSAMBIT34
 
Electricot
ElectricotElectricot
Electricothobbis
 
Mobile wireless-networks
Mobile wireless-networksMobile wireless-networks
Mobile wireless-networksPeter R. Egli
 
Subsampling Multi-standard receiver design, Part-1
Subsampling Multi-standard receiver design, Part-1Subsampling Multi-standard receiver design, Part-1
Subsampling Multi-standard receiver design, Part-1Ahmed Sakr
 
Wireless Networks.pptx
Wireless Networks.pptxWireless Networks.pptx
Wireless Networks.pptxMinecraftJava
 
Wimax Vs. Long Term Evolution
Wimax Vs. Long Term EvolutionWimax Vs. Long Term Evolution
Wimax Vs. Long Term EvolutionChristina Padilla
 
Evaluating the Effect of Channel Bonding on Throughput in 802.11n
Evaluating the Effect of Channel Bonding on Throughput in 802.11nEvaluating the Effect of Channel Bonding on Throughput in 802.11n
Evaluating the Effect of Channel Bonding on Throughput in 802.11nVaideesh Ravi Shankar
 
EC8004-Wireless Networks-unitwise notes.pdf
EC8004-Wireless Networks-unitwise notes.pdfEC8004-Wireless Networks-unitwise notes.pdf
EC8004-Wireless Networks-unitwise notes.pdfdhananjeyanrece
 
Ccna Wireless Study Guide
Ccna Wireless Study GuideCcna Wireless Study Guide
Ccna Wireless Study GuideCCNAResources
 
Wireless LAN and bluetooth technology
Wireless LAN and bluetooth technologyWireless LAN and bluetooth technology
Wireless LAN and bluetooth technologyRAVIKIRAN ANANDE
 
Ccna Wireless Study Guide
Ccna  Wireless Study GuideCcna  Wireless Study Guide
Ccna Wireless Study GuideCCNAResources
 
Mobile-Wireless-Networks.pdf
Mobile-Wireless-Networks.pdfMobile-Wireless-Networks.pdf
Mobile-Wireless-Networks.pdfvaibhav457294
 

Similar a Advanced Wireless Reconnaissance And Testing - Rohit Jadav (20)

Kablosuz İletişim ve Güvenlik
Kablosuz İletişim ve Güvenlik Kablosuz İletişim ve Güvenlik
Kablosuz İletişim ve Güvenlik
 
Wirless Parsonal Area Networks.ppt
Wirless Parsonal Area Networks.pptWirless Parsonal Area Networks.ppt
Wirless Parsonal Area Networks.ppt
 
Measuring of non ionising radiation due to wi fi, dect, 4g (lte) or radar- sc...
Measuring of non ionising radiation due to wi fi, dect, 4g (lte) or radar- sc...Measuring of non ionising radiation due to wi fi, dect, 4g (lte) or radar- sc...
Measuring of non ionising radiation due to wi fi, dect, 4g (lte) or radar- sc...
 
Meixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent AdvancesMeixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent Advances
 
Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)
 
8. Wireless (1).ppt
8. Wireless (1).ppt8. Wireless (1).ppt
8. Wireless (1).ppt
 
Electricot
ElectricotElectricot
Electricot
 
Mobile wireless-networks
Mobile wireless-networksMobile wireless-networks
Mobile wireless-networks
 
Subsampling Multi-standard receiver design, Part-1
Subsampling Multi-standard receiver design, Part-1Subsampling Multi-standard receiver design, Part-1
Subsampling Multi-standard receiver design, Part-1
 
Wireless Networks.pptx
Wireless Networks.pptxWireless Networks.pptx
Wireless Networks.pptx
 
Wimax Vs. Long Term Evolution
Wimax Vs. Long Term EvolutionWimax Vs. Long Term Evolution
Wimax Vs. Long Term Evolution
 
Ultra wide band
Ultra wide bandUltra wide band
Ultra wide band
 
Wireless LANs and Mobile Networks
Wireless LANs and Mobile NetworksWireless LANs and Mobile Networks
Wireless LANs and Mobile Networks
 
Evaluating the Effect of Channel Bonding on Throughput in 802.11n
Evaluating the Effect of Channel Bonding on Throughput in 802.11nEvaluating the Effect of Channel Bonding on Throughput in 802.11n
Evaluating the Effect of Channel Bonding on Throughput in 802.11n
 
EC8004-Wireless Networks-unitwise notes.pdf
EC8004-Wireless Networks-unitwise notes.pdfEC8004-Wireless Networks-unitwise notes.pdf
EC8004-Wireless Networks-unitwise notes.pdf
 
Ccna Wireless Study Guide
Ccna Wireless Study GuideCcna Wireless Study Guide
Ccna Wireless Study Guide
 
Wi max overview
Wi max overviewWi max overview
Wi max overview
 
Wireless LAN and bluetooth technology
Wireless LAN and bluetooth technologyWireless LAN and bluetooth technology
Wireless LAN and bluetooth technology
 
Ccna Wireless Study Guide
Ccna  Wireless Study GuideCcna  Wireless Study Guide
Ccna Wireless Study Guide
 
Mobile-Wireless-Networks.pdf
Mobile-Wireless-Networks.pdfMobile-Wireless-Networks.pdf
Mobile-Wireless-Networks.pdf
 

Más de NSConclave

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native LibraryNSConclave
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension DevelopmentNSConclave
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression InjectionNSConclave
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)NSConclave
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js DeserializationNSConclave
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain PolicyNSConclave
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP InjectionNSConclave
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization AttacksNSConclave
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql InjectionNSConclave
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing AdvancedNSConclave
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing BasicsNSConclave
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahNSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 

Más de NSConclave (20)

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the Extension
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native Library
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension Development
 
Log Analysis
Log AnalysisLog Analysis
Log Analysis
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression Injection
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js Deserialization
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain Policy
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP Injection
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization Attacks
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql Injection
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing Advanced
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
 
Markdown
MarkdownMarkdown
Markdown
 
Docker 101
Docker 101Docker 101
Docker 101
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 

Último

Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 

Último (20)

Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 

Advanced Wireless Reconnaissance And Testing - Rohit Jadav

  • 1. Advanced Wireless Reconnaissance and Testing #NSConclave2020 Rohit Jadav
  • 2. [~]$ whoami Rohit Jadav - Manager Professional Services ● 5+ yrs experience in Information security domain ● Vast experience in VAPT on various business and banking applications, corporate networks. ● Performed PCI-DSS wireless assessment for an international client @54ucyv1p3r Rohit Jadav
  • 3. Overview Wireless computing devices are everywhere and new products seem to appear daily, which poses significant security risks to an organization. As a result, network and information security staff must understand the risks inherent in wireless computing. This workshop is designed to understand the basic wireless networking concepts. Hands-on activities are presented from the auditors perspective to help learners understand a wireless auditing methodology.
  • 4. Workshop Objectives After the completion of the workshop the learners should be able to: ➔ Understand the operation of 802.11 and other wireless technologies. ➔ Perform passive 802.11b/g/n/a/ac scanning (2.4 and 5GHz bands) ➔ Perform packet capture and analysis of 802.11 traffic ➔ Perform PCI-DSS compliance audit: ◆ Perform wardriving / warwalking ◆ RF signal capture and strength analysis ◆ Identify and analysing a frequency from the spectrum ◆ Isolate rogue frequency
  • 6. Wireless Technology - Communication The wireless communication refers to the transfer of information using electromagnetic (EM) or acoustic waves over the atmosphere rather than using any propagation medium that employs wires.
  • 7. Wireless Technology - Types NFC5 Bluetooth6 Ultra Wideband Radios7 Zigbee Radios8 Cellular Systems 1 Wi-Fi 2 WIMAX 3 GPS / Satellite Systems 4
  • 9. Wireless LANs ● Are high frequency radio waves instead of cables for connecting the devices in LAN. ● Very flexible within the reception area. ● Ad-hoc networks without previous planning possible. ● No wiring difficulties. ● More robust against disasters.
  • 10. Local Wireless Networks Personal Wireless Networks Wireless Distribution Networks
  • 11. Wireless LANs - Basics - Wi-Fi Wi-Fi is a generic term that refers to the IEEE 802.11 communications standard for Wireless Local Area Networks Wi-Fi works on physical as well as data link layer. Wi-Fi uses radio technologies: IEEE 802.11b IEEE 802.11a IEEE 802.11 g ….n
  • 12. Wireless LANs - Basics - Wi-Fi Access Point (AP): It is a Wireless LAN transerver or “base station” that can connect one or many wireless devices to the internet via wired network. Service Set Identifier (SSID): The SSID identifies a specific wireless LAN. Basic Service Set – (BSS): A set of stations controlled by a single coordination function. Can be classified as either an Independent BSS (IBSS) or an Extended Service Set (ESS).
  • 13. Wireless LANs - Basics - Bluetooth Bluetooth is a short range and low power wireless technology developed for exchanging data over short distance, creating Personal Area Network (PANs) ● Operates on 2.4 GHz band ● Effective range 10 mtrs ● Supports data rate of 1 MB/s ● Uses radio technology called Frequency-Hopping Spread Spectrum
  • 14. Wireless LANs - Basics - WiMax WiMax (Worldwide Interoperability for Microwave Access) is an IEEE 802.16 broadband standard. ● It is a wide area wireless network standard ● Operates in 2.5 to 3.5 GHz ● Providing high-speed mobile data and telecommunications services ● Highly scalable and distributed architecture
  • 15. On what does the wireless technologies actually work on??
  • 17. 1. Analog video - Amplitude modulated from 50MHz to 800MHz 2. Digital video - complex modulation from 200MHz to 800MHz 1. Voice - analog or digital modulation from 800MHz to 900MHz 2. 3G, 4G or LTE - 1700 MHz to 1900 MHz and others 3. Bluetooth - digital modulation at 2400MHz 1. Many types of signals - voice, audio, video, data 2. Many modulation types - analog and digital 3. Many, many frequencies - 3400MHz, 5900MHz, 10.7GHz 1. Wi-Fi - digital modulation at 2400MHz or 5000 to 5800MHz. 2. Bluetooth - digital modulation at 2400MHz 1. AM Radio - AM modulation from 0.6MHz to 1.6MHz 2. FM Radio - FM modulation from 88MHz to 108MHz Television Cellular Phones Satellite Signals Wi-Fi Bluetooth AM/FM
  • 18. ISM UNII Bands INDUSTRIAL, SCIENTIFIC AND MEDICAL (ISM) BANDS They are defined by ITU Telecommunication Standardization Sector (ITU-T). The IEEE 802.11 standard and the subsequent 802.11b and 802.11g amendments all define communications in the frequency range between 2.4 GHz and 2.4835 GHz. UNLICENSED NATIONAL INFORMATION INFRASTRUCTURE BANDS (UNII) The IEEE 802.11a amendment assigns data transmissions within the frequency space of the 5 GHz UNII bands. The 802.11a amendment uses three groupings, or bands, of UNII frequencies. All three bands are 100 MHz wide Wireless Networks
  • 20. ISM Bands ● 900 MHz ISM band ● 26 MHz Wide ● Allocated to the Global System for Mobile Communications (GSM) ● 2.4 GHz ISM band is currently the most common band used band ● 83.5 MHz wide and spans from 2.4000 GHz to 2.4835 GHz. ● 5.8 GHz ISM band is 150 MHz wide ● Spans from 5.725 GHz to 5.875 GHz. ● The 5.8 GHz ISM band is a preferred spectrum for long distance wireless bridging. Industrial Band Scientific Band Medical Band
  • 21. UNII Bands ● Operates between 5.15–5.25 GHz ● 100 MHz wide ● Operates between 5.25–5.35 GHz ● 100 MHz wide ● Operates between 5.725–5.825 GHz ● 100 MHz wide UNII-1 Band UNII-2 Band UNII-3 Band
  • 24. Hands on - Identify the wireless devices Warwalking / Wardriving
  • 25. Requirements: ● Wi-Fi card (Alfa card) ● Kali Linux ● Kismet ● Aircrack-ng Wi-Fi network security assessment suite Wardriving / Warwalking Tasks: ● Hands-on of the assessment tools ● Identify the wireless access points ● Observing the wireless properties ● Identifying clients properties ● Handshake capturing
  • 26. What did we learn? ● Detect Wireless devices in the vicinity ● Identifying the clients connected to the access points ● Wireless access points properties (signal strength, channel details, etc)
  • 28. Packet capturing (using Kismet and Wireshark) Requirements: ● Kismet ● Aircrack-ng suite Tasks: ● Capture and analyse 802.11 traffic ● Identify the handshake
  • 29. What did we learn? ● Capturing the 802.11 traffic ● Analysis of the 802.11 traffic ● Hand-on of the traffic analysis tools
  • 31. Sound waves Visible Light Harmful Radiation VHF = VERY HIGH FREQUENCY UHF = ULTRA HIGH FREQUENCY SHF = SUPER HIGH FREQUENCY EHF = EXTRA HIGH FREQUENCY ISM Bands 2.4 GHz ISM Band 4G Cellular Electromagnetic Spectrum
  • 32. How am I supposed to scan this spectrum ??
  • 34. Hands-on with the RF Explorer
  • 35. Scanning the RF spectrum Requirements: ● RF Explorer ● RF Explorer client installed on the machine Tasks: ● Analyse spectrum ● Identify the frequencies ● Identify between a rogue and authentic radio frequencies ● Isolating a rogue frequency
  • 36. RF Jargons ● Attenuation –a loss in force or intensity –As radio waves travel in media such as coaxial cable attenuation occurs. ● Noise Floor –The measure of the signal created from the sum of all the noise sources and unwanted signals appearing at the receiver. This can be adjacent signals, weak signals in the background that don’t go away, electrical noise from electromechanical devices etc. ● Receiver Sensitivity –The minimum received power needed to successfully decode a radio signal with an acceptable BER. This is usually expressed in a negative number depending on the data rate. ● SNR–Signal to Noise Ratio –The ratio of the transmitted power from the AP to the ambient (noise floor) energy present.
  • 37. Antennas Nagoya Telescopic NA-773 ● This is a telescopic, high quality 2dBi antenna ideally suited for 144MHz and 430MHz bands. ● Use this antenna in all ranges of frequencies between 15-1000MHz.
  • 38. Antennas Whip dipole antennas ● These are quality 2dBi antennas designed for narrow band application ● RF Explorer 6G, includes a 2dBi antenna tuned for 2450MHz
  • 39. Antennas Rubber duck 5.8GHz antenna ● This is a quality antenna with good coverage in the range of 5.4-5.9GHz ● Offers reasonable coverage in the 2.4 Ghz band too, so can be used as dual band antenna for WiFi
  • 40. Frequency Settings ● dBm –decibels milliwatt --abbreviation for the power ratio in decibels (dB) ● Center Freq: Center frequency in MHz ● Freq Span: Frequency span (or range) to display on screen in MHz ● Start Freq: Lower frequency range to display on screen in MHz ● Stop Freq: Higher frequency range to display on screen in MHz
  • 41. Calculator ● Max: Peak values are used from the last sweep Iterations. This is the standard mode. ● Max Hold: Capture all activity in the band including the Max signal envelope mode with vector graphics and real-time activity with vertical bars. ● Average: Arithmetic media average is calculated over the last sweep Iterations. This is the best possible choice to remove unwanted white noise from screen, particularly useful in constant wave (CW) and channel signals display. ● Normal: No calculation is done, just raw data as result of the realtime sweep.
  • 42. What did we learn? ● Operating the RF Explorer ● Analyzing the RF spectrum ● Scanning ISM UNII bands ● Identifying and isolating rogue frequency
  • 43. What PIC-DSS has to say? PCI DSS wireless requirements can be broken down into the following two primary categories: 1. All organizations should have these controls in place to protect their wired networks from attacks via rogue or unknown wireless access points (APs) and clients. 2. All organizations that transmit payment card information over wireless technology should have these controls in place to protect those systems.
  • 44. What PIC-DSS has to say?
  • 45. What PIC-DSS has to say?
  • 46. Revisiting the workshop objectives 1. Understand the operation of 802.11 and other wireless technologies. 2. Perform passive 802.11b/g/n/a/ac scanning (2.4 and 5GHz bands) 3. Perform packet capture and analysis of 802.11 traffic 4. Perform PCI-DSS compliance audit: a. Perform wardriving / warwalking b. RF signal capture and strength analysis c. Identify and analysing a frequency from the spectrum d. Isolate rogue frequency