SlideShare una empresa de Scribd logo

State of wifi_2016

Descargar como ODP, PDF
A
antitree

2600 Presentation on wireless security in 2016. Originally presented at Rochester 2600.

Tecnología
1 de 17
8/6/16 The State of WiFi Security Another presentation in the “Why specifically does it suck” seminar series
8/6/16 ● Open ● WEP ● WPA ● WPA2 ● WPA2 Enterprise ● …?
8/6/16 WEP is dead lets not talk about it
8/6/16 WPA vs WPA2 ● Auth: TKIP (RC4) ● Cipher: RC4 ● Enterprise: EAP, TKIP, RC4 ● CCMP (AES+MAC) ● AES (optionally RC4) ● EAP, CCMP, AES
8/6/16 WPA and Rainbows ● Can you make WPA rainbow tables? – Yes but you’d be an idiot ● Why? – Glad you asked! – WPA[1,2] takes a string as the password and salts it with the SSID – “password” + “Linksys” == “passwordLinksys” – Actually this is how you make the pair-wise master key pwmk = PBKDF2(HMAC-SHA1, “password”, “Linksys”, 4096 rounds, 256 bit) – Therefore, only pre-compute words for common SSIDs
8/6/16 Latest Rage ● Shared Wifi: “We are all secure because we have WPA2 and a strong password” – WRONG
8/6/16 Demo? ● Play along at home: http://www.lovemytool.com/files/test.pcap ● Precompute WPA key – https://www.wireshark.org/tools/wpa-psk.html ● Open wireshark preferences ● Got to IEEE 802.11 and add key ● … ● Magic
8/6/16 Old Rage ● “Well I use HTTPS and that’s just passive interception” – Mostly true ● We still have ARP and DHCP and DNS servers that are skiddy hackable ● Can’t trust any shared networks
8/6/16 Example: Interlock ● Interlock-Members: Password changes every 2 years at most, everyone knows the password – Passive interception and decryption – Let me save you some time ● Interlock-Guest: open wifi, no security
8/6/16 Enterprise Environments ● WPA2 Personal: Everyone gets the same key ● WPA2 Enterprise: Everyone makes their own key based on their authentication (credentials, certificate, etc) ● No more wireshark decrypt
8/6/16 Attacking WPA2 Enterprise ● Setup Rogue AP ● Have the client connect to it ● Receive the EAP protected credentials ● Use `asleap` to crack protected credentials
8/6/16 Fuck Defending Enterprise
8/6/16 Defending Home/Hackerspace ● No one wants to maintain a RADIUS server just to do authentication over wifi – Ok except for Pee ● A RADIUS service is a target ● What if you don’t care about authentication but just care about making a single session key?
8/6/16 Setup ● Setup FreeRADIUS server to authenticate your wireless network ● Add the following lines – DEFAULT Auth-Type := Accept – log_auth = yes – log_auth_badpass = yes – log_auth_goodpass = yes ● Bonus: This will collect all usernames and passwords that people enter. – “Please log in with your Gmail or Yahoo passwords”
8/6/16 Conclusion ● This is super hacky but effective ● WPA crypto primitives are getting old: – SHA1 – PBKDF2 with only 4096 bit – No PFS ● WPA is old: 2004 ● There are no plans AFAIK to change them ● WPA3: SHA256, PSK, DH temporal key exchange
8/6/16 The Bill Slide ● No, your WiFi isn’t secure enough ● WPA2 Enterprise + EAP + Any username is more secure ● Google “radius docker wpa” done. ● Tell management that wifi sucks because it doesn’t have Diffie-Hellman. Seriously.
8/6/16

Recomendados

Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0
OpenFest team
 
It's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure BastionIt's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure Bastion
Wim Matthyssen
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
UTD Computer Security Group
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
Simon Vass
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy Tales
OVHcloud
 
Ignite - selfhosting WordPress - tips and tricks
Ignite - selfhosting WordPress - tips and tricksIgnite - selfhosting WordPress - tips and tricks
Ignite - selfhosting WordPress - tips and tricks
evilzenscientist
 
Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014
Miguel Zuniga
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 

Recomendados

Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0
OpenFest team
 
It's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure BastionIt's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure Bastion
Wim Matthyssen
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
UTD Computer Security Group
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
Simon Vass
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy Tales
OVHcloud
 
Ignite - selfhosting WordPress - tips and tricks
Ignite - selfhosting WordPress - tips and tricksIgnite - selfhosting WordPress - tips and tricks
Ignite - selfhosting WordPress - tips and tricks
evilzenscientist
 
Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014
Miguel Zuniga
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure Security
UTD Computer Security Group
 
Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web Hosting
OVHcloud
 
Information Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsInformation Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple Steps
Dave sirof
 
[Greach 2016] Down The RabbitMQ Hole
[Greach 2016] Down The RabbitMQ Hole[Greach 2016] Down The RabbitMQ Hole
[Greach 2016] Down The RabbitMQ Hole
Alonso Torres
 
Windows web-hosting
Windows web-hostingWindows web-hosting
Windows web-hosting
Complethost Soluciones Internet
 
Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014
Puppet
 
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesJoomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Nicholas Dionysopoulos
 
WordPress Security - A Top Down Approach
WordPress Security - A Top Down ApproachWordPress Security - A Top Down Approach
WordPress Security - A Top Down Approach
Brecht Ryckaert
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Dhruv Sharma
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linux
James Jara
 
Best forex vps
Best forex vpsBest forex vps
Best forex vps
BestFXVPS
 
Jassa la GeekMeet Bucuresti
Jassa la GeekMeet BucurestiJassa la GeekMeet Bucuresti
Jassa la GeekMeet Bucuresti
alexnovac
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
Vladimír Smitka
 
Get a vpn for business
Get a vpn for businessGet a vpn for business
Get a vpn for business
Amyhm
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Passwordless login with unix auth_socket
Passwordless login with unix auth_socketPasswordless login with unix auth_socket
Passwordless login with unix auth_socket
Otto Kekäläinen
 
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud
 
SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017
Ales Lichtenberg
 
Installing OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
Installing OpenSim (Diva Distro) to Create Your Own Private Sim SandboxInstalling OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
Installing OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
Fleep Tuque
 
Overdracht
OverdrachtOverdracht
Overdracht
Cloudia Clearskies
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_public
antitree
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Init
antitree
 

Más contenido relacionado

La actualidad más candente

Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesJoomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Nicholas Dionysopoulos
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linux
James Jara
 
Jassa la GeekMeet Bucuresti
Jassa la GeekMeet BucurestiJassa la GeekMeet Bucuresti
Jassa la GeekMeet Bucuresti
alexnovac
 
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud
 

La actualidad más candente (20)

Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure Security
 
Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web Hosting
 
Information Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsInformation Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple Steps
 
[Greach 2016] Down The RabbitMQ Hole
[Greach 2016] Down The RabbitMQ Hole[Greach 2016] Down The RabbitMQ Hole
[Greach 2016] Down The RabbitMQ Hole
 
Windows web-hosting
Windows web-hostingWindows web-hosting
Windows web-hosting
 
Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014
 
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesJoomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
 
WordPress Security - A Top Down Approach
WordPress Security - A Top Down ApproachWordPress Security - A Top Down Approach
WordPress Security - A Top Down Approach
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linux
 
Best forex vps
Best forex vpsBest forex vps
Best forex vps
 
Jassa la GeekMeet Bucuresti
Jassa la GeekMeet BucurestiJassa la GeekMeet Bucuresti
Jassa la GeekMeet Bucuresti
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
 
Get a vpn for business
Get a vpn for businessGet a vpn for business
Get a vpn for business
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
 
Passwordless login with unix auth_socket
Passwordless login with unix auth_socketPasswordless login with unix auth_socket
Passwordless login with unix auth_socket
 
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
 
SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017
 
Installing OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
Installing OpenSim (Diva Distro) to Create Your Own Private Sim SandboxInstalling OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
Installing OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
 
Overdracht
OverdrachtOverdracht
Overdracht
 

Destacado

A brief history of teledildonics
A brief history of teledildonicsA brief history of teledildonics
A brief history of teledildonics
Db Cooper
 
Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014
Db Cooper
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
antitree
 
Etherem ~ agvm
Etherem ~ agvmEtherem ~ agvm
Etherem ~ agvm
gha sshee
 

Destacado (20)

Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_public
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Init
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpn
 
Salander v bond 2600
Salander v bond 2600Salander v bond 2600
Salander v bond 2600
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
A brief history of teledildonics
A brief history of teledildonicsA brief history of teledildonics
A brief history of teledildonics
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
 
Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting public
 
How [not] to throw a b sides
How [not] to throw a b sidesHow [not] to throw a b sides
How [not] to throw a b sides
 
Image based automation
Image based automationImage based automation
Image based automation
 
0x20 hack
0x20 hack0x20 hack
0x20 hack
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
 
Dapps for Web Developers Aberdeen Techmeetup
Dapps for Web Developers Aberdeen TechmeetupDapps for Web Developers Aberdeen Techmeetup
Dapps for Web Developers Aberdeen Techmeetup
 
Ethereum @ descon 2016
Ethereum @ descon 2016Ethereum @ descon 2016
Ethereum @ descon 2016
 
日本のIT市場のトピックス
日本のIT市場のトピックス日本のIT市場のトピックス
日本のIT市場のトピックス
 
Etherem ~ agvm
Etherem ~ agvmEtherem ~ agvm
Etherem ~ agvm
 
Vision for a health blockchain
Vision for a health blockchainVision for a health blockchain
Vision for a health blockchain
 

Similar a State of wifi_2016

SSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverSSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS server
hannob
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
Swiss IPv6 Council
 
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linaro
 

Similar a State of wifi_2016 (20)

SSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverSSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS server
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
 
Is Wi-Fi Enterprise so perfect?
Is Wi-Fi Enterprise so perfect?Is Wi-Fi Enterprise so perfect?
Is Wi-Fi Enterprise so perfect?
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick graziani
 
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
 
Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
 
Run Your Own 6LoWPAN Based IoT Network
Run Your Own 6LoWPAN Based IoT NetworkRun Your Own 6LoWPAN Based IoT Network
Run Your Own 6LoWPAN Based IoT Network
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
Securing your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataSecuring your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server data
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
 
IPv6 networking training sduffy v3
IPv6 networking training sduffy v3IPv6 networking training sduffy v3
IPv6 networking training sduffy v3
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Wireless LAN Security Fundamentals
Wireless LAN Security FundamentalsWireless LAN Security Fundamentals
Wireless LAN Security Fundamentals
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
What’s new in cas 4.2
What’s new in cas 4.2 What’s new in cas 4.2
What’s new in cas 4.2
 
Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019
 

Más de antitree

Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
antitree
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
antitree
 

Más de antitree (13)

Hardening ssh configurations
Hardening ssh configurationsHardening ssh configurations
Hardening ssh configurations
 
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
 
Tor
TorTor
Tor
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
Lock picking barcamp
Lock picking barcampLock picking barcamp
Lock picking barcamp
 
Lock picking 2600
Lock picking 2600Lock picking 2600
Lock picking 2600
 
Anti tree firesheep
Anti tree firesheepAnti tree firesheep
Anti tree firesheep
 
Hackerspaces
HackerspacesHackerspaces
Hackerspaces
 
Intro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben WoodruffIntro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben Woodruff
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Tor
 
Dll hijacking
Dll hijackingDll hijacking
Dll hijacking
 

Último

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

State of wifi_2016

  • 1. 8/6/16 The State of WiFi Security Another presentation in the “Why specifically does it suck” seminar series
  • 3. 8/6/16 WEP is dead lets not talk about it
  • 4. 8/6/16 WPA vs WPA2 ● Auth: TKIP (RC4) ● Cipher: RC4 ● Enterprise: EAP, TKIP, RC4 ● CCMP (AES+MAC) ● AES (optionally RC4) ● EAP, CCMP, AES
  • 5. 8/6/16 WPA and Rainbows ● Can you make WPA rainbow tables? – Yes but you’d be an idiot ● Why? – Glad you asked! – WPA[1,2] takes a string as the password and salts it with the SSID – “password” + “Linksys” == “passwordLinksys” – Actually this is how you make the pair-wise master key pwmk = PBKDF2(HMAC-SHA1, “password”, “Linksys”, 4096 rounds, 256 bit) – Therefore, only pre-compute words for common SSIDs
  • 6. 8/6/16 Latest Rage ● Shared Wifi: “We are all secure because we have WPA2 and a strong password” – WRONG
  • 7. 8/6/16 Demo? ● Play along at home: http://www.lovemytool.com/files/test.pcap ● Precompute WPA key – https://www.wireshark.org/tools/wpa-psk.html ● Open wireshark preferences ● Got to IEEE 802.11 and add key ● … ● Magic
  • 8. 8/6/16 Old Rage ● “Well I use HTTPS and that’s just passive interception” – Mostly true ● We still have ARP and DHCP and DNS servers that are skiddy hackable ● Can’t trust any shared networks
  • 9. 8/6/16 Example: Interlock ● Interlock-Members: Password changes every 2 years at most, everyone knows the password – Passive interception and decryption – Let me save you some time ● Interlock-Guest: open wifi, no security
  • 10. 8/6/16 Enterprise Environments ● WPA2 Personal: Everyone gets the same key ● WPA2 Enterprise: Everyone makes their own key based on their authentication (credentials, certificate, etc) ● No more wireshark decrypt
  • 11. 8/6/16 Attacking WPA2 Enterprise ● Setup Rogue AP ● Have the client connect to it ● Receive the EAP protected credentials ● Use `asleap` to crack protected credentials
  • 13. 8/6/16 Defending Home/Hackerspace ● No one wants to maintain a RADIUS server just to do authentication over wifi – Ok except for Pee ● A RADIUS service is a target ● What if you don’t care about authentication but just care about making a single session key?
  • 14. 8/6/16 Setup ● Setup FreeRADIUS server to authenticate your wireless network ● Add the following lines – DEFAULT Auth-Type := Accept – log_auth = yes – log_auth_badpass = yes – log_auth_goodpass = yes ● Bonus: This will collect all usernames and passwords that people enter. – “Please log in with your Gmail or Yahoo passwords”
  • 15. 8/6/16 Conclusion ● This is super hacky but effective ● WPA crypto primitives are getting old: – SHA1 – PBKDF2 with only 4096 bit – No PFS ● WPA is old: 2004 ● There are no plans AFAIK to change them ● WPA3: SHA256, PSK, DH temporal key exchange
  • 16. 8/6/16 The Bill Slide ● No, your WiFi isn’t secure enough ● WPA2 Enterprise + EAP + Any username is more secure ● Google “radius docker wpa” done. ● Tell management that wifi sucks because it doesn’t have Diffie-Hellman. Seriously.