Cys Report Krack Attack Threat Briefing
•Download as PPTX, PDF•
0 likes•356 views
Review of the WPA2 Krack Attack. The full research paper that the presentation is based on can be downloaded from here: https://www.krackattacks.com/. You can find my podcast on the iTunes Store CYSReport https://cysreport.com, and my blog is https://debinfosec.com.
Report
Share
Report
Share
Recommended
Wireless security using wpa2
This document discusses wireless security using WPA2. It begins by describing the types of wireless security including open networks, WEP, WPA, and WPA2. It then provides an overview of WPA2, including how it uses AES for encryption and integrity checking. The document compares WEP, WPA, and WPA2 and describes WPA2 authentication in personal and enterprise modes. It details how WPA2 generates keys through a 4-way handshake and uses AES in counter mode for encryption and CBC-MAC for integrity. The document concludes by discussing benefits and vulnerabilities of WPA2 as well as procedures to improve wireless security.
Mdk3 tool in kali linux
This document provides an overview of the MDK3 tool in Kali Linux. It can be used to perform wireless attacks such as SSID flooding, authentication flooding, and de-authentication flooding against IEEE 802.11 networks. The document explains how to put the wireless adapter into monitor mode and run the different attacks, such as using SSID flooding to broadcast hundreds of fake access points, authentication flooding to cause access point freezing, and de-authentication flooding by targeting specific devices. It stresses the importance of having permission before attacking networks and provides syntax examples for executing the attacks.
Aircrack
This document provides an overview of AirCrack-ng, a suite of tools for assessing WiFi network security. It discusses the tools in the AirCrack-ng suite like aircrack-ng for cracking WEP and WPA/WPA2 keys. It also describes commands used like airmon-ng to put interfaces in monitor mode and airodump-ng to capture handshakes. The document explains how to use captured handshakes and wordlists with aircrack-ng to crack network passwords if the password is in the wordlist. It also discusses how to perform WiFi deauthentication attacks to capture new handshakes by forcing clients to reconnect.
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
The document provides instructions on techniques for cracking wireless network security, including both WEP and WPA encryption. It discusses using tools like aircrack-ng to capture packets, perform injection attacks like deauthentication, ARP replay, and fragmentation. Both simple techniques without injection, like capturing packets over time, and more advanced techniques using packet injection methods are covered. The goal is to obtain enough encrypted packets or keystream fragments to crack the network encryption key.
Pentesting Wireless Networks and Wireless Network Security
Regardless of residential or corporate environments, wireless networking has been trending, bringing WLAN equipment revenue up to $5.2 billion in 2015. Unlike wired networks, wireless networks go beyond the walls, and could transmit your corporate or personal data in a way anyone else can eavesdrop. With the quick adaptation of wireless networking, control of smart devices, including smart home devices and smart cars that might be at hands of a blackhat hacker. Looking from a different angle, every time you connect to an untrusted wireless network, a malicious attacker might be listening to your communication.
This session will technically discuss security risks associated with wireless networks, with near real-life demonstrations. Different network security mechanisms and their weaknesses will be discussed. Towards the end of the session, we will be discussing best practices that should be followed to secure wireless networks and your data over wireless networks.
Demonstrations will include following.
* Wireless network discovery and probing
* Wireless network attacks (WEP/WPA/WPS)
* Using OpenWrt open source firmware in wireless security
* Rough wireless access points (MitM/Traffic Logging)
WPA3 - What is it good for?
Presented at NZISIG on Tuesday 26th February 2019.
"WPA3: What is it good for? (With a little bit of Bluetooth and a soupçon of GPS)"
I offered this talk to Purplecon but they didn't want it so you're getting it instead. Since it's been a few months I've added some other stuff on the end.
Overview of existing issues in WAP, WPA, WPA2 and WPS
Skateboarding dog story
WPA3 improvements:
- Password protection
- Preshared keys (Simultaneous Authentication of Equals - SAE)
- CNSA
- Opportunistic Wireless Encryption (OWE)
- Wifi Easy Connect
Bluetooth
- Direction finding
- End to end security
GPS
- 6th April could get interesting.
Leveraging Honest Users: Stealth Command-and-Control of Botnets
The document proposes a new stealth command-and-control technique for botnets that leverages browsers and honest users. It would work by having the botmaster deploy a malicious website that visitors spread commands to bots from as they browse the site. This avoids direct communication between the botmaster and bots, makes bot detection difficult, and scales well based on number of website visitors. The document also discusses how bots could send stolen data back through spam emails encrypted with the botmaster's public key.
Recommended
Wireless security using wpa2
This document discusses wireless security using WPA2. It begins by describing the types of wireless security including open networks, WEP, WPA, and WPA2. It then provides an overview of WPA2, including how it uses AES for encryption and integrity checking. The document compares WEP, WPA, and WPA2 and describes WPA2 authentication in personal and enterprise modes. It details how WPA2 generates keys through a 4-way handshake and uses AES in counter mode for encryption and CBC-MAC for integrity. The document concludes by discussing benefits and vulnerabilities of WPA2 as well as procedures to improve wireless security.
Mdk3 tool in kali linux
This document provides an overview of the MDK3 tool in Kali Linux. It can be used to perform wireless attacks such as SSID flooding, authentication flooding, and de-authentication flooding against IEEE 802.11 networks. The document explains how to put the wireless adapter into monitor mode and run the different attacks, such as using SSID flooding to broadcast hundreds of fake access points, authentication flooding to cause access point freezing, and de-authentication flooding by targeting specific devices. It stresses the importance of having permission before attacking networks and provides syntax examples for executing the attacks.
Aircrack
This document provides an overview of AirCrack-ng, a suite of tools for assessing WiFi network security. It discusses the tools in the AirCrack-ng suite like aircrack-ng for cracking WEP and WPA/WPA2 keys. It also describes commands used like airmon-ng to put interfaces in monitor mode and airodump-ng to capture handshakes. The document explains how to use captured handshakes and wordlists with aircrack-ng to crack network passwords if the password is in the wordlist. It also discusses how to perform WiFi deauthentication attacks to capture new handshakes by forcing clients to reconnect.
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
The document provides instructions on techniques for cracking wireless network security, including both WEP and WPA encryption. It discusses using tools like aircrack-ng to capture packets, perform injection attacks like deauthentication, ARP replay, and fragmentation. Both simple techniques without injection, like capturing packets over time, and more advanced techniques using packet injection methods are covered. The goal is to obtain enough encrypted packets or keystream fragments to crack the network encryption key.
Pentesting Wireless Networks and Wireless Network Security
Regardless of residential or corporate environments, wireless networking has been trending, bringing WLAN equipment revenue up to $5.2 billion in 2015. Unlike wired networks, wireless networks go beyond the walls, and could transmit your corporate or personal data in a way anyone else can eavesdrop. With the quick adaptation of wireless networking, control of smart devices, including smart home devices and smart cars that might be at hands of a blackhat hacker. Looking from a different angle, every time you connect to an untrusted wireless network, a malicious attacker might be listening to your communication.
This session will technically discuss security risks associated with wireless networks, with near real-life demonstrations. Different network security mechanisms and their weaknesses will be discussed. Towards the end of the session, we will be discussing best practices that should be followed to secure wireless networks and your data over wireless networks.
Demonstrations will include following.
* Wireless network discovery and probing
* Wireless network attacks (WEP/WPA/WPS)
* Using OpenWrt open source firmware in wireless security
* Rough wireless access points (MitM/Traffic Logging)
WPA3 - What is it good for?
Presented at NZISIG on Tuesday 26th February 2019.
"WPA3: What is it good for? (With a little bit of Bluetooth and a soupçon of GPS)"
I offered this talk to Purplecon but they didn't want it so you're getting it instead. Since it's been a few months I've added some other stuff on the end.
Overview of existing issues in WAP, WPA, WPA2 and WPS
Skateboarding dog story
WPA3 improvements:
- Password protection
- Preshared keys (Simultaneous Authentication of Equals - SAE)
- CNSA
- Opportunistic Wireless Encryption (OWE)
- Wifi Easy Connect
Bluetooth
- Direction finding
- End to end security
GPS
- 6th April could get interesting.
Leveraging Honest Users: Stealth Command-and-Control of Botnets
The document proposes a new stealth command-and-control technique for botnets that leverages browsers and honest users. It would work by having the botmaster deploy a malicious website that visitors spread commands to bots from as they browse the site. This avoids direct communication between the botmaster and bots, makes bot detection difficult, and scales well based on number of website visitors. The document also discusses how bots could send stolen data back through spam emails encrypted with the botmaster's public key.
KRACK attack
KRACK attack is one of the most famous one in WiFi security and privacy. In this presentation a detailed description of the attack is considered and countermeasures are offered.
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
Aircrack- ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools
Cracking wep and wpa wireless networks
This document discusses how to crack WEP and WPA wireless networks and how to better secure wireless networks. It provides steps on how to crack WEP networks using Aircrack tools like Airodump and Aircrack by capturing initialization vectors and cracking the WEP key. It also discusses cracking WPA networks is harder and involves capturing data using Airodump and cracking passwords using Aircrack and a dictionary word list. The document concludes by providing tips to secure wireless networks like changing default passwords, disabling SSID broadcast, turning off the network when not in use, using MAC address filtering, and strong encryption like WPA with long random keys.
Wi fi protected-access
WPA (Wi-Fi Protected Access) was introduced by the Wi-Fi Alliance to address vulnerabilities in WEP (Wired Equivalent Privacy) encryption. It uses TKIP (Temporal Key Integrity Protocol) to dynamically generate encryption keys and add integrity checking to messages to prevent attacks. WPA also supports 802.1X/EAP authentication and pre-shared keys for access control. While an improvement over WEP, WPA is still susceptible to denial of service attacks. However, it provides a secure transition method to the more robust WPA2 standard for wireless network security.
Man In The Middle - Hacking Illustrated
See how man-in-the-middle is performed. Step by step instructions and diagrams showing how this attack works
Security standard
This document discusses various wireless network security threats such as war driving, rogue access points, man-in-the-middle attacks, and denial-of-service attacks. It also explains the evolution of wireless security protocols from WEP to WPA and WPA2. WEP was the initial standard but had flaws that allowed the key to be cracked easily. WPA was an interim solution that added features to strengthen WEP, while WPA2 fully implements the ratified IEEE 802.11i standard and is considered the current best practice using AES encryption. The document also warns that the Wi-Fi Protected Setup standard has a security flaw and its use should be disabled.
802.11 Wireless, WEP, WPA lecture
This document discusses the history and evolution of wireless networking standards, including early versions like ALOHAnet, as well as common wireless encryption protocols like WEP, WPA, and WPA2. It explains how each standard works on a technical level and its weaknesses, such as WEP having only 24-bit initialization vectors that could be exhausted in a few hours, making it trivial to crack. Later standards like WPA and WPA2 aimed to fix these issues through techniques like dynamic session keys and stronger encryption algorithms to provide more secure wireless networking.
Detection and analysis_of_syn_flood_ddos
1. The document describes how to simulate a SYN flood DDoS attack using tools like GNS3, Virtual Machine Manager, Hping on the attacker system, and Wireshark on the victim system.
2. In the attack, the attacker generates a large number of TCP packets with different spoofed IP addresses and the SYN flag set, targeting a single victim IP. This overwhelms the victim's network queue.
3. Analyzing the network traffic on the victim using Wireshark shows a huge number of incoming TCP SYN packets but no ACK packets, indicating the attack and the victim system resetting half-open connections as the queue fills.
WEP
Wired Equivalent Privacy (WEP) was the first and most widely used algorithm for securing wireless networks by providing authentication and encryption using a shared key. However, WEP has significant security flaws because it uses a small 24-bit initialization vector (IV) that is not encrypted and can become predictable, compromising the RC4 encryption key. It also does not protect data integrity. As a result, WEP is susceptible to attacks that can recover the WEP key and decrypt wireless transmissions. It is recommended to avoid using WEP and instead use more robust standards like WPA or WPA2.
Wi-Fi security – WEP, WPA and WPA2
The document discusses Wi-Fi encryption protocols, specifically examining the weaknesses of WEP encryption and how tools like Aircrack can crack WEP keys in minutes by exploiting those weaknesses. It then provides an overview of the newer WPA and WPA2 standards introduced in 802.11i to replace WEP, discussing their implementations and some initial minor vulnerabilities.
Final Engagement
This document contains information about a red team attack on a vulnerable network including the network topology, critical vulnerabilities identified, red team activities, blue team alerts and hardening recommendations. The red team was able to gain access to several systems by exploiting open ports, weak passwords, and WordPress vulnerabilities. They also identified credentials in the SQL database and installed a backdoor. The blue team recommends strong password policies, restricting root privileges, removing MySQL access, and automating patching with Ansible to harden the network. Network analysis found normal browsing activity but also suspicious uses like a private server hosting malware and a machine infected with malware.
Pentesting
This document provides an overview of pentesting and related topics presented by Henrik Jacobsen. It begins with introductions and disclaimers, then covers WiFi networking basics. Next it discusses using a WiFi Pineapple for penetration testing and demonstrates rogue networking and WPS hacking. It concludes with an introduction to using Kali Linux for security assessments.
Linux IoT Botnet Wars and the lack of basic security hardening
Eystein Stenberg, CTO of Mender.io , walks through the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. He covers specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware.
Wpa vs Wpa2
WPA and WPA2 are security protocols for wireless networks. WPA2 improved upon WPA by supporting stronger AES encryption instead of TKIP, separating authentication from encryption, and being more secure against attacks. Specifically, WPA2 uses 128-bit AES encryption, whereas WPA only supports the weaker TKIP encryption. Theoretically, WPA2 cannot be hacked while WPA remains vulnerable to certain attacks.
Network Security Applications
A quick presentation with a brief introduction, an example of an authentication application, Kerberos, and a web security standard, SSL/TLS.
Cymmetria Webinar: Deception & Responder
This webinar discusses the Responder.py tool and how to use the Responder Monitor to detect its activity. The Responder Monitor works by issuing fake NBNS queries and detecting if Responder.py responds, indicating a poisoning attempt. If credentials are provided, it checks if they are stolen. Best practices include deploying decoys in each network segment and configuring the Responder Monitor service and endpoints to monitor that segment. SOC integration can detect any use of stolen credentials. A demo then showed the Responder Monitor in use.
The Easy Way to Secure Microservices
Every microservice in production must be secured. In order to ensure this, there is a significant additional effort compared to a monolithic system due to the high number of services. If the operation then still takes place in a public cloud, neither the communication within the infrastructure of the cloud provider nor the connection via the Internet may be unencrypted. In addition, corresponding authorization checks must take place in each individual service.
This session shows how easy and effortless it is to implement security measures with a service mesh tool like Istio. With a few small Istio rules, all communication in the service mesh is secured with mutual TLS (mTLS). Basic checks of service-to-service communication and end-user authorization using JWT can also be delegated to Istio. The extended authorization checks within a Java service are illustrated using the MicroProfile specifications.
'Moon' Security Management System for OPNFV
Orange's Jamil Chawki and Ruan HE provide an overview of the 'Moon' security management system for OPNFV
WPA2
WPA2 is the latest security standard for Wi-Fi networks. It uses AES encryption and 802.1X/EAP authentication to securely transmit data between wireless devices and access points. The four phase process establishes a secure communication context through agreeing on security policies, generating a master key, creating temporary keys, and using the keys to encrypt transmissions. WPA2 provides stronger security than previous standards like WEP and WPA through more robust encryption and authentication methods.
RSA - WLAN Hacking
This document discusses WLAN security threats and countermeasures. It describes vulnerabilities in early security standards like WEP. It then outlines improved security mechanisms in WPA and 802.11i like AES encryption and 802.1x authentication. Finally, it recommends a multi-layered approach using tools like VPN, firewalls, and rogue AP detection to securely manage enterprise WLAN access.
Fundamentals of network hacking
This session covered cyber security and ethical hacking topics such as network hacking, Kali Linux, IPV4 vs IPV6, MAC addresses, wireless hacking techniques like deauthentication attacks, cracking WEP and WPA encryption, and post-connection attacks including ARP spoofing and MITM attacks. The presenter emphasized the importance of securing networks by using strong passwords, disabling WPS, and enabling HTTPS to prevent hacking attempts.
Comprehensive Guide On Network Security
Welcome to the world of 'network security' which is an unavoidable term in cyber security. This white paper of Network security encompasses the most significant and predominantly used networking security concepts which are highly important for maintaining your network environment secure.
More Related Content
What's hot
KRACK attack
KRACK attack is one of the most famous one in WiFi security and privacy. In this presentation a detailed description of the attack is considered and countermeasures are offered.
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
Aircrack- ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools
Cracking wep and wpa wireless networks
This document discusses how to crack WEP and WPA wireless networks and how to better secure wireless networks. It provides steps on how to crack WEP networks using Aircrack tools like Airodump and Aircrack by capturing initialization vectors and cracking the WEP key. It also discusses cracking WPA networks is harder and involves capturing data using Airodump and cracking passwords using Aircrack and a dictionary word list. The document concludes by providing tips to secure wireless networks like changing default passwords, disabling SSID broadcast, turning off the network when not in use, using MAC address filtering, and strong encryption like WPA with long random keys.
Wi fi protected-access
WPA (Wi-Fi Protected Access) was introduced by the Wi-Fi Alliance to address vulnerabilities in WEP (Wired Equivalent Privacy) encryption. It uses TKIP (Temporal Key Integrity Protocol) to dynamically generate encryption keys and add integrity checking to messages to prevent attacks. WPA also supports 802.1X/EAP authentication and pre-shared keys for access control. While an improvement over WEP, WPA is still susceptible to denial of service attacks. However, it provides a secure transition method to the more robust WPA2 standard for wireless network security.
Man In The Middle - Hacking Illustrated
See how man-in-the-middle is performed. Step by step instructions and diagrams showing how this attack works
Security standard
This document discusses various wireless network security threats such as war driving, rogue access points, man-in-the-middle attacks, and denial-of-service attacks. It also explains the evolution of wireless security protocols from WEP to WPA and WPA2. WEP was the initial standard but had flaws that allowed the key to be cracked easily. WPA was an interim solution that added features to strengthen WEP, while WPA2 fully implements the ratified IEEE 802.11i standard and is considered the current best practice using AES encryption. The document also warns that the Wi-Fi Protected Setup standard has a security flaw and its use should be disabled.
802.11 Wireless, WEP, WPA lecture
This document discusses the history and evolution of wireless networking standards, including early versions like ALOHAnet, as well as common wireless encryption protocols like WEP, WPA, and WPA2. It explains how each standard works on a technical level and its weaknesses, such as WEP having only 24-bit initialization vectors that could be exhausted in a few hours, making it trivial to crack. Later standards like WPA and WPA2 aimed to fix these issues through techniques like dynamic session keys and stronger encryption algorithms to provide more secure wireless networking.
Detection and analysis_of_syn_flood_ddos
1. The document describes how to simulate a SYN flood DDoS attack using tools like GNS3, Virtual Machine Manager, Hping on the attacker system, and Wireshark on the victim system.
2. In the attack, the attacker generates a large number of TCP packets with different spoofed IP addresses and the SYN flag set, targeting a single victim IP. This overwhelms the victim's network queue.
3. Analyzing the network traffic on the victim using Wireshark shows a huge number of incoming TCP SYN packets but no ACK packets, indicating the attack and the victim system resetting half-open connections as the queue fills.
WEP
Wired Equivalent Privacy (WEP) was the first and most widely used algorithm for securing wireless networks by providing authentication and encryption using a shared key. However, WEP has significant security flaws because it uses a small 24-bit initialization vector (IV) that is not encrypted and can become predictable, compromising the RC4 encryption key. It also does not protect data integrity. As a result, WEP is susceptible to attacks that can recover the WEP key and decrypt wireless transmissions. It is recommended to avoid using WEP and instead use more robust standards like WPA or WPA2.
Wi-Fi security – WEP, WPA and WPA2
The document discusses Wi-Fi encryption protocols, specifically examining the weaknesses of WEP encryption and how tools like Aircrack can crack WEP keys in minutes by exploiting those weaknesses. It then provides an overview of the newer WPA and WPA2 standards introduced in 802.11i to replace WEP, discussing their implementations and some initial minor vulnerabilities.
Final Engagement
This document contains information about a red team attack on a vulnerable network including the network topology, critical vulnerabilities identified, red team activities, blue team alerts and hardening recommendations. The red team was able to gain access to several systems by exploiting open ports, weak passwords, and WordPress vulnerabilities. They also identified credentials in the SQL database and installed a backdoor. The blue team recommends strong password policies, restricting root privileges, removing MySQL access, and automating patching with Ansible to harden the network. Network analysis found normal browsing activity but also suspicious uses like a private server hosting malware and a machine infected with malware.
Pentesting
This document provides an overview of pentesting and related topics presented by Henrik Jacobsen. It begins with introductions and disclaimers, then covers WiFi networking basics. Next it discusses using a WiFi Pineapple for penetration testing and demonstrates rogue networking and WPS hacking. It concludes with an introduction to using Kali Linux for security assessments.
Linux IoT Botnet Wars and the lack of basic security hardening
Eystein Stenberg, CTO of Mender.io , walks through the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. He covers specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware.
Wpa vs Wpa2
WPA and WPA2 are security protocols for wireless networks. WPA2 improved upon WPA by supporting stronger AES encryption instead of TKIP, separating authentication from encryption, and being more secure against attacks. Specifically, WPA2 uses 128-bit AES encryption, whereas WPA only supports the weaker TKIP encryption. Theoretically, WPA2 cannot be hacked while WPA remains vulnerable to certain attacks.
Network Security Applications
A quick presentation with a brief introduction, an example of an authentication application, Kerberos, and a web security standard, SSL/TLS.
Cymmetria Webinar: Deception & Responder
This webinar discusses the Responder.py tool and how to use the Responder Monitor to detect its activity. The Responder Monitor works by issuing fake NBNS queries and detecting if Responder.py responds, indicating a poisoning attempt. If credentials are provided, it checks if they are stolen. Best practices include deploying decoys in each network segment and configuring the Responder Monitor service and endpoints to monitor that segment. SOC integration can detect any use of stolen credentials. A demo then showed the Responder Monitor in use.
The Easy Way to Secure Microservices
Every microservice in production must be secured. In order to ensure this, there is a significant additional effort compared to a monolithic system due to the high number of services. If the operation then still takes place in a public cloud, neither the communication within the infrastructure of the cloud provider nor the connection via the Internet may be unencrypted. In addition, corresponding authorization checks must take place in each individual service.
This session shows how easy and effortless it is to implement security measures with a service mesh tool like Istio. With a few small Istio rules, all communication in the service mesh is secured with mutual TLS (mTLS). Basic checks of service-to-service communication and end-user authorization using JWT can also be delegated to Istio. The extended authorization checks within a Java service are illustrated using the MicroProfile specifications.
'Moon' Security Management System for OPNFV
Orange's Jamil Chawki and Ruan HE provide an overview of the 'Moon' security management system for OPNFV
WPA2
WPA2 is the latest security standard for Wi-Fi networks. It uses AES encryption and 802.1X/EAP authentication to securely transmit data between wireless devices and access points. The four phase process establishes a secure communication context through agreeing on security policies, generating a master key, creating temporary keys, and using the keys to encrypt transmissions. WPA2 provides stronger security than previous standards like WEP and WPA through more robust encryption and authentication methods.
RSA - WLAN Hacking
This document discusses WLAN security threats and countermeasures. It describes vulnerabilities in early security standards like WEP. It then outlines improved security mechanisms in WPA and 802.11i like AES encryption and 802.1x authentication. Finally, it recommends a multi-layered approach using tools like VPN, firewalls, and rogue AP detection to securely manage enterprise WLAN access.
What's hot (20)
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardening
Similar to Cys Report Krack Attack Threat Briefing
Fundamentals of network hacking
This session covered cyber security and ethical hacking topics such as network hacking, Kali Linux, IPV4 vs IPV6, MAC addresses, wireless hacking techniques like deauthentication attacks, cracking WEP and WPA encryption, and post-connection attacks including ARP spoofing and MITM attacks. The presenter emphasized the importance of securing networks by using strong passwords, disabling WPS, and enabling HTTPS to prevent hacking attempts.
Comprehensive Guide On Network Security
Welcome to the world of 'network security' which is an unavoidable term in cyber security. This white paper of Network security encompasses the most significant and predominantly used networking security concepts which are highly important for maintaining your network environment secure.
Wireless Security null seminar
Wireless Security
1) Introduction to WLAN Security
2) Wardriving
3) WPA / WPA2 PSK (Personal) Cracking
4 wifi security
The document discusses various 802.11 wireless networking standards including 802.11a, 802.11b, 802.11g, 802.11e, 802.11i, 802.11n and the developing 802.11ac. It also covers wireless network modes of infrastructure and ad-hoc, security threats like eavesdropping, man-in-the-middle attacks and denial of service. Additional topics include WEP, WPA, WPA2 and techniques to improve wireless security.
Workshop on Wireless Security
The document summarizes a presentation on wireless security. It discusses wireless standards like 802.11b, 802.11a, and 802.11g and security standards like WEP, WPA, and WPA2. It describes vulnerabilities in WEP like weak IVs and keys. It also explains attacks like identity theft through MAC spoofing and defenses like strong encryption, authentication, and regular key changes.
Sheetal - Wirelesss Hacking - ClubHack2008
The document summarizes a presentation on wireless security. It discusses wireless standards like 802.11b, 802.11a, and 802.11g and security standards like WEP, WPA, and WPA2. It describes vulnerabilities in WEP like weak IVs and keys. It also explains attacks like identity theft through MAC spoofing and defenses like strong encryption, authentication, and monitoring.
Wpa3
WPA3 provides several security improvements over WPA2:
1. It uses a more secure handshake called Simultaneous Authentication of Equals (SAE) that is resistant to offline dictionary attacks.
2. It enables encryption for open WiFi networks through Opportunistic Wireless Encryption (OWE) without requiring a pre-shared password.
3. It supports connecting devices without displays through the Device Provisioning Protocol (DPP) using QR codes and other contactless methods.
4. It enhances cryptographic strength with a 192-bit security suite aligned with government standards.
Windows network
This document discusses securing Windows networks. It begins with discussing hacker personas and common security mistakes made. It then covers securing Windows networks by discussing system administrator personas, threats like password attacks and remote code execution vulnerabilities, and countermeasures. It also discusses the Microsoft Secure Windows Initiative and staying secure through awareness, vulnerability assessment, and responding to security events. The focus is on implementing security through practices like strong passwords, keeping systems patched, and using tools like the Microsoft Baseline Security Analyzer.
New flaws in WPA-TKIP
Presentation given at the Brucon security conference in Ghent, Belgium. Two new attacks are described. The first is a Denial of Service attack capable of halting all traffic for one minute by injecting only two frames. The second attack allows the injection of arbitrary many packets towards a client. It is shown that this can be used to perform a portscan on any TKIP-secured client.
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution presents wireless security protocols and attack vectors to break into the wireless security protocols.
Wpa2 psk security measure
The document discusses wireless network security and WPA2-PSK. It covers the need for wireless security, early security protocols like WEP and their vulnerabilities. It then describes WPA and WPA2, how they work and their advantages over WEP. WPA2 uses the strong AES encryption algorithm. The document also discusses security threats to wireless networks like eavesdropping, man-in-the-middle attacks. While WPA2 is secure, it has some vulnerabilities in management frames and attacks like deauthentication. The proposed IEEE 802.11w standard aims to provide stronger protections against these vulnerabilities.
Resilience in the ZigBee Residential Mode
ZigBee is a wireless mesh networking standard for low-power devices. It uses low data rates, low power consumption and mesh networking to connect devices over short distances. ZigBee provides security features like access control, encryption and authentication to protect wireless transmissions. However, ZigBee devices have some security vulnerabilities like weak encryption keys, replay attacks and denial of service attacks that can be exploited if not properly implemented and managed.
Wifi Security
This document discusses WiFi security and provides information on various topics related to securing wireless networks. It begins with an introduction to wireless networking and then covers security threats like eavesdropping and man-in-the-middle attacks. The document analyzes early security protocols like WEP that were flawed and discusses improved protocols like WPA and WPA2. It provides tips for securing a wireless network and examines potential health effects of WiFi radiation. The conclusion emphasizes that wireless security has improved greatly with new standards but work remains to be done.
Common crypto attacks and secure implementations
This presentation covers common cryptographic attacks, secure cryptographic implementation requirements, an overview of FIPS 140-2 and secure crypto implementation guidelines
SSL Secure socket layer
The document provides an overview of the Secure Sockets Layer (SSL) protocol. It discusses SSL's goals of providing confidentiality, integrity, and authentication for network communications. It describes the SSL handshake process, where the client and server authenticate each other and negotiate encryption parameters before transmitting application data. It also discusses SSL applications like securing web traffic and online payments. The document concludes that SSL is vital for web security and ensures user confidentiality and integrity.
Wireless security837
This document provides an overview of wireless security standards and vulnerabilities. It discusses the insecurity of WEP and vulnerabilities like IV reuse, bit flipping, and FMS attacks. It then covers solutions like 802.1x for authentication, WPA for improved encryption with TKIP, and WPA2 which implements the full 802.11i standard including AES-CCMP. The document demonstrates how to crack WEP security and sniff wireless traffic. It recommends using WPA or WPA2 with 802.1x authentication for secure wireless networks.
Computer Security - CCNA Security - Lecture 2
We will discuss the following: Classical Security Methods, AAA, Authentication, Authorization, Accounting, AAA Characteristic, Local Based AAA, Server Based AAA, TACACS+ and RADIUS.
Airheads vail 2011 pci 2.0 compliance
The document discusses wireless security best practices for PCI compliance. It covers the evolution of the PCI DSS standard and wireless threats over time. The key recommendations are to securely segment wireless networks from cardholder data environments using firewalls, use strong encryption like WPA2-AES for wireless traffic, and authenticate both devices and users on the network. Aruba's integrated wireless intrusion prevention system and policy-based enforcement approach is presented as an effective solution.
DDoS Attack on DNS using infected IoT Devices
[Case Study] DDoS Attack on DNS using infected IoT Devices @ ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
"Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve Riley, Abb, and Alva Duckwall [5][6].
In addition to the development of 802.1x-2010, improved 802.1x support by peripheral devices such as printers also poses a challenge to attackers. Gone are the days in which bypassing 802.1x was as simple as finding a printer and spoofing address, as hardware manufacturers have gotten smarter.
In this talk, we will introduce a novel technique for bypassing 802.1x-2010 by demonstrating how MacSEC fails when weak forms of EAP are used. Additionally, we will discuss how improved 802.1x support by peripheral devices does not necessarily translate to improved port-security due to the widespread use of weak EAP. Finally, we will consider how improvements to the Linux kernel have made bridge-based techniques easier to implement and demonstrate an alternative to using packet injection for network interaction. We have packaged each of these techniques and improvements into an open source tool called Silent Bridge, which we plan on releasing at the conference."
Similar to Cys Report Krack Attack Threat Briefing (20)
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Recently uploaded
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
UiPath Test Automation using UiPath Test Suite series, part 5
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Best 20 SEO Techniques To Improve Website Visibility In SERP
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Recently uploaded (20)
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Cys Report Krack Attack Threat Briefing
- 3. WPA2 Krack Attack - What Happened? • WPA2 has been broken – Belgian Univ Researchers • “The attack works against all modern protected wifi networks. • Forces nonce reuse on the client • Weakness in the design of the WPA2 protocol in which the client can be forced into reusing a key cysreport.com
- 4. • WPA2 is no longer secure. • Reveals sensitive information such as credit card numbers, passwords, or usernames, and so on. • “Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.” WPA2 Krack Attack - What Does This Mean? cysreport.com
- 5. WPA2 Krack Attack - Details • Devastating against Linux and Android 6.0 or higher. Android and Linux can be tricked into (re)installing an all-zero encryption key • If the client uses either the WPA-TKIP or GCMP encryption protocol, instead of AES-CCMP, Nonce reuse enables an adversary to not only decrypt, but also to forge and inject packets. • Note that the attacks do not recover the password of the Wi-Fi network. (any parts of) the fresh encryption key that is negotiated during the 4-way handshake. cysreport.com
- 6. PTK = Session Key WPA2 Krack Attack – The Details Please… cysreport.com
- 7. Krack Attack 4-way handshake 1. AP (Authenticator) sends ANonce to client (supplicant) and client derives the PTK 2. Client sends SNonce to AP and the AP derives the PTK 3. Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment, client resets it nonce and retransmits so hacker has key (Linux and Android zero out key) (Win & IOS don’t accept the retransmission, but are susceptible to the GTK) 4. Malicious AP derives PTK and client installs PTK and GTK Nonce reset PTK PTK GTK cysreport.com
- 8. WPA2 Krack Attack – How to Protect Yourself • Attack is executed against the client • Note: Only access points that support the Fast BSS Transition handshake (802.11r) can be vulnerable, but all clients are vulnerable… Remediation: • Patch all devices phones, tablets, computers, wireless Apps • What if I don’t have a patch for my AP? • Disable client functionality on AP (which is used in repeater modes) • Use a VPN, (not free) recommended: F-Secure Freedome, Cisco Anyconnect • Use TLS when accessing websites cysreport.com
Editor's Notes
- https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns https://www.darkreading.com/attacks-breaches/factorization-bug-exposes-millions-of-crypto-keys-to-roca-exploit/d/d-id/1330151?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
- From 33C3: Analyzing Embedded Operating System Random Number Generators paper http://samvartaka.github.io/cryptanalysis/2017/01/03/33c3-embedded-rngs https://www.krackattacks.com/
- From 33C3: Analyzing Embedded Operating System Random Number Generators paper http://samvartaka.github.io/cryptanalysis/2017/01/03/33c3-embedded-rngs https://www.krackattacks.com/
- From 33C3: Analyzing Embedded Operating System Random Number Generators paper http://samvartaka.github.io/cryptanalysis/2017/01/03/33c3-embedded-rngs
- From 33C3: Analyzing Embedded Operating System Random Number Generators paper http://samvartaka.github.io/cryptanalysis/2017/01/03/33c3-embedded-rngs