So you want to be a wireless hacker

•

0 recomendaciones•1,093 vistas

Short presentation I did at BrainTank 2012 in Providence RI. The focus was on issues surrounding wireless security at the small business level and how there is not enough being done to address it.

Tecnología

So you want to be a wireless hacker…
Casey Dunham
Gnosis Consulting

BrainTank 2012
Providence RI

Background

• B.S. Computer Science – Univ. Southern Maine
• Active
– DC207 (dc207.org) Portland, ME DEF CON Group
– PWM TOOOL (toool.us)
– Have you been by the Lockpick Village?
• Gnosis – Security Consulting for Small Biz

Issues

Broken encryption
Confusing Administration Interfaces
Rogue Access Points
Man In the Middle Attacks
Lack of visibility (who / what / when)
WPS (WiFi Protected Setup)

Pineapple

Nothing to see here.
Just a plastic pineapple.

http://hakshop.myshopify.com/products/wifi-pineapple

Why YOU should care
“… FBI special agents drove past the home
and noted the existence of two WiFi networks
reachable from the property. One used WEP
encryption, the other had the more robust
WPA2, but the key point from the FBI's
perspective was that neither network was
unsecured. A search thus seemed much
more likely to find its proper target.”

http://arstechnica.com/tech-policy/2012/06/swat-team-throws-flashbangs-raids-wrong-home-due-to-open-wifi-network/

“…they used
sophisticated electronic equipment
to break through networks”

http://www.seattlepi.com/local/article/Feds-Wi-Fi-hacking-burglars-targeted-dozens-of-2178421.php

sophisticated electronic equipment

http://www.backtrack-linux.org/

Alfa-AWUS036NHR

Aircrack-ng

 Set of tools for auditing wireless
 packet sniffer
 WEP and WPA/WPA2-PSK cracker / analyzer
 Can also use airbase-ng to attack clients
 Included with BackTrack Linux
 Works out of the box with Alfa cards

Making it Better (sort of)

Disable remote management
Only allow management via HTTPS
Disable WPS
Use WPA2 + AES + Really Good Key!

Don’t Use WiFi

Which one is stronger?

A. P4ssw0rd
B. MH0hzFt4ZMgRgCbt2ibq
C. dinosaursarereallyveryexcitingcreatures
D. r;IX&15z[&Kf+0aM4fi

Questions / Feedback?

@CaseyDunham

casey@dc207.org

Resources

http://www.backtrack-linux.org
http://www.securitytube.net/
 BackTrack 5 Wireless Penetration Testing Beginner's Guide
 http://www.aircrack-ng.org/
 http://hak5.org/
 https://www.cloudcracker.com/

Más contenido relacionado

La actualidad más candente

Straight to the point, with the multitude of leaks, the latest new age hacking weapons have brought an onslaught of new attack vectors! This is one of the presentations you don’t want to miss! Wayne will be demonstrating highly modified custom mobile deployable network hacking cyber weapons, such as Network BlackBoxs, Evil WiFi Honeypots, custom USB delivered payloads and finally how we can take these weapons to the sky autonomously using various custom build drones.

Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke

EC-Council

IoT security is a nightmare. But what is the real risk?

Zoltan Balazs

Cyber espionage - Tinker, taylor, soldier, spy

b coatesworth

ISACA Ethical Hacking Presentation 10/2011

Xavier Mertens

Harbin clinic iot-mobile-no-vid

Ernest Staats

BugBounty Roadmap with Mohammed Adam

Mohammed Adam

Let's Hack a House

Synack

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015

Sina Manavi

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...

Zoltan Balazs

Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.

Hacking Mobile Apps

Sophos Benelux

The revelations of the Snowden Leaks and other events in modern internet times have resulted in a need for developers and security professionals working on start-up companies to rethink not just security policies and procedures but overall architecture more broadly. Cryptographic systems in communications systems have seen the largest architectural changes. However, changes are also required in data storage architecture and even networking architecture. This talk will discuss means and methodologies for building secure, robust, and resilient start-up computing architectures. Common attacks that impact startups, data compromises, and DDoS attacks will be discussed. The impact of the required adaptations in infrastructure and software design on existing common business models, like AdRev, will be touched on.

"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...

HackIT Ukraine

The EU Data Protection Regulation and what it means for your organization

Sophos Benelux

Ethical hacking : Beginner to advanced

Kavin K

Create WiFi Hotspot on Windows 7

Jack Smith

The Internet of Things: We've Got to Chat

Duo Security

Implementing security for your library | PLAN Tech Day Conference

Brian Pichman

An Introduction To IT Security And Privacy - Servers And More

Blake Carver

An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library. There's a focus on practical ways to secure yourself, browsers and other things. Also some dicussion on privacy

An Introduction To IT Security And Privacy In Libraries & Anywhere

Blake Carver

Exploit kits are a critical piece of the malware delivery infrastructure, delivering banking trojans, click fraud engines and ransomware. This small talk will be designed to aid collaboration on a means to tackle these threats with a long-term goal of eventual prosecution of the actors and partners behind exploit kits and their associated malware campaigns. We will discuss the latest research into the backend infrastructure and surveillance techniques of the Nuclear, RIG and Angler exploit kits, to enable all participants to learn what others are doing to stay ahead of them.

Tracking Exploit Kits - Virus Bulletin 2016

John Bambenek

An Introduction To IT Security And Privacy In Libraries

Blake Carver

La actualidad más candente (20)

Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke

IoT security is a nightmare. But what is the real risk?

Cyber espionage - Tinker, taylor, soldier, spy

ISACA Ethical Hacking Presentation 10/2011

Harbin clinic iot-mobile-no-vid

BugBounty Roadmap with Mohammed Adam

Let's Hack a House

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...

Hacking Mobile Apps

"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...

The EU Data Protection Regulation and what it means for your organization

Ethical hacking : Beginner to advanced

Create WiFi Hotspot on Windows 7

The Internet of Things: We've Got to Chat

Implementing security for your library | PLAN Tech Day Conference

An Introduction To IT Security And Privacy - Servers And More

An Introduction To IT Security And Privacy In Libraries & Anywhere

Tracking Exploit Kits - Virus Bulletin 2016

An Introduction To IT Security And Privacy In Libraries

Similar a So you want to be a wireless hacker

Understanding WiFi Security Vulnerabilities and Solutions

AirTight Networks

Advanced Wi-Fi pentesting

Yunfei Yang

Understanding WiFi Security Vulnerabilities and Solutions

hemantchaskar

Wi-Fi Denver OWASP Presentation Feb. 15, 2017

keyalea

Wireless hacking tools.jpeg

Tushant sharma

Viable means using which Wireless Network Security can be Jeopardized

IRJET Journal

Auditing a Wireless Network and Planning for a Secure WLAN Implementation

CARMEN ALCIVAR

CEH Domain 6.pdf

infosec train

Domain 6 of CEH: Wireless Network Hacking

ShivamSharma909

BYOD and Your Business

cherienetclarity

Wifi cracking Step by Step Using CMD and Kali Linux 2018

Mohammad Fareed

DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer

Felipe Prado

PACE-IT, Security+3.4: Summary of Wireless Attacks

Pace IT at Edmonds Community College

The introduction of Wi-Fi has created a plethora of chances for thieves. Wireless security is the deterrence of unauthorized users from accessing and stealing data from your wireless network. To be more specific, wireless security protects a Wi-Fi network from unwanted access. Only a minor flaw in your home Wi-Fi network can provide criminal access to nearly all devices that use that Wi-Fi. Access might cause issues with bank accounts, credit card information, kid safety, and a variety of other concerns. Within this article are pertinent recommendations to assist you in protecting your home Wi-Fi network from illegal access.

Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf

SeanHussey8

Wi-fi Hacking

Paul Gillingwater, MBA

WiFi security

Ihor Uzhvenko

Csi Netsec 2006 Poor Mans Guide Merdinger

shawn_merdinger

Pentesting

Henrik Jacobsen

IJCER (www.ijceronline.com) International Journal of computational Engineerin...

ijceronline

Defending Against the Dark Arts of LOLBINS

Brent Muir

Similar a So you want to be a wireless hacker (20)

Understanding WiFi Security Vulnerabilities and Solutions

Advanced Wi-Fi pentesting

Understanding WiFi Security Vulnerabilities and Solutions

Wi-Fi Denver OWASP Presentation Feb. 15, 2017

Wireless hacking tools.jpeg

Viable means using which Wireless Network Security can be Jeopardized

Auditing a Wireless Network and Planning for a Secure WLAN Implementation

CEH Domain 6.pdf

Domain 6 of CEH: Wireless Network Hacking

BYOD and Your Business

Wifi cracking Step by Step Using CMD and Kali Linux 2018

DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer

PACE-IT, Security+3.4: Summary of Wireless Attacks

Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf

Wi-fi Hacking

WiFi security

Csi Netsec 2006 Poor Mans Guide Merdinger

Pentesting

IJCER (www.ijceronline.com) International Journal of computational Engineerin...

Defending Against the Dark Arts of LOLBINS

Último

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

So you want to be a wireless hacker

1. So you want to be a wireless hacker… Casey Dunham Gnosis Consulting BrainTank 2012 Providence RI

2. Background • B.S. Computer Science – Univ. Southern Maine • Active – DC207 (dc207.org) Portland, ME DEF CON Group – PWM TOOOL (toool.us) – Have you been by the Lockpick Village? • Gnosis – Security Consulting for Small Biz

3. WiFi Everywhere

5. Issues Broken encryption Confusing Administration Interfaces Rogue Access Points Man In the Middle Attacks Lack of visibility (who / what / when) WPS (WiFi Protected Setup)

6. WHERE’S THE EASY BUTTON?

7. Firesheep

8. Pineapple Nothing to see here. Just a plastic pineapple. http://hakshop.myshopify.com/products/wifi-pineapple

9. Why YOU should care “… FBI special agents drove past the home and noted the existence of two WiFi networks reachable from the property. One used WEP encryption, the other had the more robust WPA2, but the key point from the FBI's perspective was that neither network was unsecured. A search thus seemed much more likely to find its proper target.” http://arstechnica.com/tech-policy/2012/06/swat-team-throws-flashbangs-raids-wrong-home-due-to-open-wifi-network/

10. “…they used sophisticated electronic equipment to break through networks” http://www.seattlepi.com/local/article/Feds-Wi-Fi-hacking-burglars-targeted-dozens-of-2178421.php

11. sophisticated electronic equipment http://www.backtrack-linux.org/ Alfa-AWUS036NHR

12. Aircrack-ng  Set of tools for auditing wireless  packet sniffer  WEP and WPA/WPA2-PSK cracker / analyzer  Can also use airbase-ng to attack clients  Included with BackTrack Linux  Works out of the box with Alfa cards

13. Antennae

14. Making it Better (sort of) Disable remote management Only allow management via HTTPS Disable WPS Use WPA2 + AES + Really Good Key! Don’t Use WiFi

15. Which one is stronger? A. P4ssw0rd B. MH0hzFt4ZMgRgCbt2ibq C. dinosaursarereallyveryexcitingcreatures D. r;IX&15z[&Kf+0aM4fi

16. Questions / Feedback? @CaseyDunham casey@dc207.org

17. Resources http://www.backtrack-linux.org http://www.securitytube.net/  BackTrack 5 Wireless Penetration Testing Beginner's Guide  http://www.aircrack-ng.org/  http://hak5.org/  https://www.cloudcracker.com/

18. DEMO

So you want to be a wireless hacker

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a So you want to be a wireless hacker

Similar a So you want to be a wireless hacker (20)

Último

Último (20)

So you want to be a wireless hacker