SlideShare a Scribd company logo

Talk2 esc2 muscl-wifi_v1_2b

S
Sylvain Martinez

Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks. The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack

Technology
1 of 25
Download to read offline
{elysiumsecurity} WIFI SECURITY EXPOSED An introduction to WIFI Security Version: 1.2a Date: 15/02/2018 Author: Sylvain Martinez Reference: ESC2-MUSCL Classification: Public cyber protection & response
{elysiumsecurity} cyber protection & response 2 DemoWPA3WPA/WPA2WEPContext • What is WIFI • How WIFI Works • Protocol • Weaknesses • Attacks • Protocol • Weaknesses • Attacks • Introduction • Karma Attack • Evil Portal CONTENTS Public
{elysiumsecurity} cyber protection & response 3Public What is WIFI / WI-FI • Technology using radio waves to provide network connectivity based on the IEEE 802.11 standard; • Frequencies of 2.4 GHz and 5.8 GHz; • 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac • Other radio waves technologies include: • ZigBee (IEEE 802.15.4); • Bluetooth and Bluetooth Low Energy (802.15.1); • WiMax (IEEE 802.16) • But also Cellular, NFC, etc; DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 4Public HOW WIFI WORKS • HOTSPOTS will usually advertise there are here by BROADCASTING their name (SSID); • Clients attempts to connect to HOTSPOTS, for example your WIFI home router; • Connection to the HOTSPOT can be done: • With no password (OPEN); • With a password or passphrase; • With a certificate; • Clients will remember HOTSPOTS they previously connected to: MY_WIFI, SHOP_WIFI, CORP_WIFI, etc. • As long as the Clients WIFI is on, they will keep trying to connect to their known HOTSPOTS, all of them, all the the time. DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 5Public HOW WIFI WORKS MY_WIFI Are you here? YES! CONNECT HOME MY_WIFI Are you here? NO SHOP_WIFI Are you here? CONNECT YES! MY_WIFI Are you here? NO SHOP_WIFI Are you here? YES! CORP_WIFI Are you here? COFFEE SHOP WORK MY_WIFI SHOP_WIFI CORP_WIFI NO Icons from VMWARE CONNECT DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 6 DemoWPA3WPA/WPA2WEPContext Public WEP PROTOCOL • 1997 • Wired Equivalent Privacy; • 10 or 26 Hexadecimal digits (40 or 104 bits) + 24 bits IV key. 2 key sizes due to earlier USA restriction on cryptography exportation • RC4 Stream cipher with CRC checks; Source from Wikipedia
{elysiumsecurity} cyber protection & response 7Public WEP WEAKNESSES • Same key must never be used twice, this is a problem in a busy network with only a 24 bits IV key; • Possibility to force traffic noise if the network is not busy enough; • Possibility to modify intercepted packets and replay those into the network; • Short key; • CRC was not designed for security; • Authenticated users can see other users’ network traffic. DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 8Public WEP ATTACKS • 2001, passive attack to recover the RC4 Key in about a minute with the right conditions and equipment; • 2005, Start of widely available open source tools to attack WEP; • 2006, near real time decryption of WEP traffic; • 2008, PCI Security Standards prohibits the use of WEP • Popular attacking tools: • Aircrack, Airsnort, kismet, Cain & Able, Fern WIFI Wireless cracker, etc. Source from Wikipedia DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 9Public WPA PROTOCOL • WEP Replacement from 2003; • Use of a Temporal Key Integrity Protocol (TKIP) to replace RC4 • Use of a Message Integrity Code (MIC/Michael) • Dynamically generates 128-bit key for each packet • Message Integrity Check to prevent replay and modification attacks; • Designed as an interim solution for hardware not supporting WPA2 Source from Wikipedia DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 10Public WPA WEAKNESSES • Some common weaknesses to WEP regarding its message integrity check algorithm (TKIP); • The message integrity code hash function (Michael) is flawed; • Possible to retrieve the keystream to use for re-injection and spoofing; • Authenticated users can see other users’ network traffic. DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 11Public WPA ATTACKS • 2012, Possible to brute force the WPA key; • Key = PBKDF2(HMAC−SHA1,passphrase, ssid, 4096, 256); • Large rainbow tables available for the top 1000 used SSIDs; • WPS can be attacked through a weaker PIN strength; • Popular attacking tools: • Aircrack-ng, Reaver, kismet, etc. DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 12Public WPA2 PROTOCOL • More secure protocol from 2004; • Implements all the mandatory elements of IEEE 802.11i; • Support for Counter Mode CBC-MAC (CCMP), an AES-Based encryption mode with strong security; • Since March 2006 mandatory for all new WI-FI labelled devices. Source from Wikipedia DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 13Public WPA2 WEAKNESSES • AES-128 is breakable with enough time; • ARP Poisoning and Spoofing are possible; • Authenticated users can see other user’s network traffic; DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 14Public WPA2 ATTACKS • Possible to disconnect legitimate users with a DEAUTH attack, even when not associated to the network; • Password can be cracked offline from intercepted encrypted traffic; • 2017, Key Reinstallation AttaCKs (KRACKs) allows an attacker to intercept and read data that is encrypted. The main attack is against the 4 way WPA2 handshake. https://www.krackattacks.com DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 15Public WPA3 • Announced in January 2018 for later this year; • 192 bit encryption; • Individualized encryption for each user; • Protection against brute-force dictionary attacks; • Improved handshake protocol • Simpler connection without a GUI (WPS?) DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 16Public DEMO • KARMA ATTACK • EVIL PORTAL DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 17Public WIFI KARMA ATTACK MY_WIFI Are you here? NO SHOP_WIFI Are you here? YES! CORP_WIFI Are you here? AIRPORT AIRPORT_WIFI NO CONNECT MY_WIFI Are you here? CONNECT AIRPORT MY_WIFI Are you here? MY_WIFI Are you here? YES! YES! YES! HACKER_HOTSPOT … DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 18Public WIFI EVIL PORTAL ATTACK COFFEE SHOP FREE_WIFI CONNECT DemoWPA3WPA/WPA2WEPContext Please login Hotel Page Google Orange Etc. Google Creds THANK YOU! Internet Access Granted
{elysiumsecurity} cyber protection & response 19Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 20Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 21Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 22Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 23Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext {elysiumsecurity} cyber protection & response 23Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response 24Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext {elysiumsecurity} cyber protection & response 23Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
{elysiumsecurity} cyber protection & response © 2018 ElysiumSecurity Ltd. All Rights Reserved www.elysiumsecurity.com THANK YOU! Public 25

Recommended

Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
 
Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Sylvain Martinez
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyAdeel Ahmed
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 

Recommended

Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
 
Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Sylvain Martinez
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyAdeel Ahmed
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best PracticesHeather Axworthy
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco Canada
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Cisco connect winnipeg 2018 accelerating incident response in organizations...
Cisco connect winnipeg 2018 accelerating incident response in organizations...Cisco connect winnipeg 2018 accelerating incident response in organizations...
Cisco connect winnipeg 2018 accelerating incident response in organizations...Cisco Canada
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS OverviewGuardEra Access Solutions, Inc.
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewallmohannadalhanahnah
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstSatria Ady Pradana
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecuritySkycure
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 

More Related Content

What's hot

8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco Canada
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Cisco connect winnipeg 2018 accelerating incident response in organizations...
Cisco connect winnipeg 2018 accelerating incident response in organizations...Cisco connect winnipeg 2018 accelerating incident response in organizations...
Cisco connect winnipeg 2018 accelerating incident response in organizations...Cisco Canada
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstSatria Ady Pradana
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecuritySkycure
 

What's hot (20)

8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best Practices
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-Segmentation
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
Cisco connect winnipeg 2018 accelerating incident response in organizations...
Cisco connect winnipeg 2018 accelerating incident response in organizations...Cisco connect winnipeg 2018 accelerating incident response in organizations...
Cisco connect winnipeg 2018 accelerating incident response in organizations...
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS Overview
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
 

Similar to Talk2 esc2 muscl-wifi_v1_2b

Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedIRJET Journal
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksLiving in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksChema Alonso
 
chapter 7 -wireless network security.ppt
chapter 7 -wireless network security.pptchapter 7 -wireless network security.ppt
chapter 7 -wireless network security.pptabenimelos
 
Wireless and how safe are you
Wireless and how safe are youWireless and how safe are you
Wireless and how safe are youMarcus Dempsey
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
Describe the primary differences between WEP, WPA, and WPA2 protocol.pdf
Describe the primary differences between WEP, WPA, and WPA2 protocol.pdfDescribe the primary differences between WEP, WPA, and WPA2 protocol.pdf
Describe the primary differences between WEP, WPA, and WPA2 protocol.pdfrajkumarm401
 
Wireless lan electronics and communication engineering
Wireless lan electronics and communication engineeringWireless lan electronics and communication engineering
Wireless lan electronics and communication engineeringeceb9198
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technologytardeep
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 

Similar to Talk2 esc2 muscl-wifi_v1_2b (20)

Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be Jeopardized
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksLiving in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
 
chapter 7 -wireless network security.ppt
chapter 7 -wireless network security.pptchapter 7 -wireless network security.ppt
chapter 7 -wireless network security.ppt
 
Wireless and how safe are you
Wireless and how safe are youWireless and how safe are you
Wireless and how safe are you
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
 
Pdf3
Pdf3Pdf3
Pdf3
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Describe the primary differences between WEP, WPA, and WPA2 protocol.pdf
Describe the primary differences between WEP, WPA, and WPA2 protocol.pdfDescribe the primary differences between WEP, WPA, and WPA2 protocol.pdf
Describe the primary differences between WEP, WPA, and WPA2 protocol.pdf
 
Wireless lan electronics and communication engineering
Wireless lan electronics and communication engineeringWireless lan electronics and communication engineering
Wireless lan electronics and communication engineering
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technology
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP Exploit
 
Wifi
WifiWifi
Wifi
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 

More from Sylvain Martinez

PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
INTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYSylvain Martinez
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSSylvain Martinez
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESSylvain Martinez
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWSylvain Martinez
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security AssessmentSylvain Martinez
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Sylvain Martinez
 
Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Sylvain Martinez
 

More from Sylvain Martinez (20)

PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
INTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLES
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?
 
GDPR SECURITY ISSUES
GDPR SECURITY ISSUESGDPR SECURITY ISSUES
GDPR SECURITY ISSUES
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security Assessment
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
 
OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
 
Risk on Crypto Currencies
Risk on Crypto CurrenciesRisk on Crypto Currencies
Risk on Crypto Currencies
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2
 
Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2
 

Recently uploaded

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Talk2 esc2 muscl-wifi_v1_2b

  • 1. {elysiumsecurity} WIFI SECURITY EXPOSED An introduction to WIFI Security Version: 1.2a Date: 15/02/2018 Author: Sylvain Martinez Reference: ESC2-MUSCL Classification: Public cyber protection & response
  • 2. {elysiumsecurity} cyber protection & response 2 DemoWPA3WPA/WPA2WEPContext • What is WIFI • How WIFI Works • Protocol • Weaknesses • Attacks • Protocol • Weaknesses • Attacks • Introduction • Karma Attack • Evil Portal CONTENTS Public
  • 3. {elysiumsecurity} cyber protection & response 3Public What is WIFI / WI-FI • Technology using radio waves to provide network connectivity based on the IEEE 802.11 standard; • Frequencies of 2.4 GHz and 5.8 GHz; • 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac • Other radio waves technologies include: • ZigBee (IEEE 802.15.4); • Bluetooth and Bluetooth Low Energy (802.15.1); • WiMax (IEEE 802.16) • But also Cellular, NFC, etc; DemoWPA3WPA/WPA2WEPContext
  • 4. {elysiumsecurity} cyber protection & response 4Public HOW WIFI WORKS • HOTSPOTS will usually advertise there are here by BROADCASTING their name (SSID); • Clients attempts to connect to HOTSPOTS, for example your WIFI home router; • Connection to the HOTSPOT can be done: • With no password (OPEN); • With a password or passphrase; • With a certificate; • Clients will remember HOTSPOTS they previously connected to: MY_WIFI, SHOP_WIFI, CORP_WIFI, etc. • As long as the Clients WIFI is on, they will keep trying to connect to their known HOTSPOTS, all of them, all the the time. DemoWPA3WPA/WPA2WEPContext
  • 5. {elysiumsecurity} cyber protection & response 5Public HOW WIFI WORKS MY_WIFI Are you here? YES! CONNECT HOME MY_WIFI Are you here? NO SHOP_WIFI Are you here? CONNECT YES! MY_WIFI Are you here? NO SHOP_WIFI Are you here? YES! CORP_WIFI Are you here? COFFEE SHOP WORK MY_WIFI SHOP_WIFI CORP_WIFI NO Icons from VMWARE CONNECT DemoWPA3WPA/WPA2WEPContext
  • 6. {elysiumsecurity} cyber protection & response 6 DemoWPA3WPA/WPA2WEPContext Public WEP PROTOCOL • 1997 • Wired Equivalent Privacy; • 10 or 26 Hexadecimal digits (40 or 104 bits) + 24 bits IV key. 2 key sizes due to earlier USA restriction on cryptography exportation • RC4 Stream cipher with CRC checks; Source from Wikipedia
  • 7. {elysiumsecurity} cyber protection & response 7Public WEP WEAKNESSES • Same key must never be used twice, this is a problem in a busy network with only a 24 bits IV key; • Possibility to force traffic noise if the network is not busy enough; • Possibility to modify intercepted packets and replay those into the network; • Short key; • CRC was not designed for security; • Authenticated users can see other users’ network traffic. DemoWPA3WPA/WPA2WEPContext
  • 8. {elysiumsecurity} cyber protection & response 8Public WEP ATTACKS • 2001, passive attack to recover the RC4 Key in about a minute with the right conditions and equipment; • 2005, Start of widely available open source tools to attack WEP; • 2006, near real time decryption of WEP traffic; • 2008, PCI Security Standards prohibits the use of WEP • Popular attacking tools: • Aircrack, Airsnort, kismet, Cain & Able, Fern WIFI Wireless cracker, etc. Source from Wikipedia DemoWPA3WPA/WPA2WEPContext
  • 9. {elysiumsecurity} cyber protection & response 9Public WPA PROTOCOL • WEP Replacement from 2003; • Use of a Temporal Key Integrity Protocol (TKIP) to replace RC4 • Use of a Message Integrity Code (MIC/Michael) • Dynamically generates 128-bit key for each packet • Message Integrity Check to prevent replay and modification attacks; • Designed as an interim solution for hardware not supporting WPA2 Source from Wikipedia DemoWPA3WPA/WPA2WEPContext
  • 10. {elysiumsecurity} cyber protection & response 10Public WPA WEAKNESSES • Some common weaknesses to WEP regarding its message integrity check algorithm (TKIP); • The message integrity code hash function (Michael) is flawed; • Possible to retrieve the keystream to use for re-injection and spoofing; • Authenticated users can see other users’ network traffic. DemoWPA3WPA/WPA2WEPContext
  • 11. {elysiumsecurity} cyber protection & response 11Public WPA ATTACKS • 2012, Possible to brute force the WPA key; • Key = PBKDF2(HMAC−SHA1,passphrase, ssid, 4096, 256); • Large rainbow tables available for the top 1000 used SSIDs; • WPS can be attacked through a weaker PIN strength; • Popular attacking tools: • Aircrack-ng, Reaver, kismet, etc. DemoWPA3WPA/WPA2WEPContext
  • 12. {elysiumsecurity} cyber protection & response 12Public WPA2 PROTOCOL • More secure protocol from 2004; • Implements all the mandatory elements of IEEE 802.11i; • Support for Counter Mode CBC-MAC (CCMP), an AES-Based encryption mode with strong security; • Since March 2006 mandatory for all new WI-FI labelled devices. Source from Wikipedia DemoWPA3WPA/WPA2WEPContext
  • 13. {elysiumsecurity} cyber protection & response 13Public WPA2 WEAKNESSES • AES-128 is breakable with enough time; • ARP Poisoning and Spoofing are possible; • Authenticated users can see other user’s network traffic; DemoWPA3WPA/WPA2WEPContext
  • 14. {elysiumsecurity} cyber protection & response 14Public WPA2 ATTACKS • Possible to disconnect legitimate users with a DEAUTH attack, even when not associated to the network; • Password can be cracked offline from intercepted encrypted traffic; • 2017, Key Reinstallation AttaCKs (KRACKs) allows an attacker to intercept and read data that is encrypted. The main attack is against the 4 way WPA2 handshake. https://www.krackattacks.com DemoWPA3WPA/WPA2WEPContext
  • 15. {elysiumsecurity} cyber protection & response 15Public WPA3 • Announced in January 2018 for later this year; • 192 bit encryption; • Individualized encryption for each user; • Protection against brute-force dictionary attacks; • Improved handshake protocol • Simpler connection without a GUI (WPS?) DemoWPA3WPA/WPA2WEPContext
  • 16. {elysiumsecurity} cyber protection & response 16Public DEMO • KARMA ATTACK • EVIL PORTAL DemoWPA3WPA/WPA2WEPContext
  • 17. {elysiumsecurity} cyber protection & response 17Public WIFI KARMA ATTACK MY_WIFI Are you here? NO SHOP_WIFI Are you here? YES! CORP_WIFI Are you here? AIRPORT AIRPORT_WIFI NO CONNECT MY_WIFI Are you here? CONNECT AIRPORT MY_WIFI Are you here? MY_WIFI Are you here? YES! YES! YES! HACKER_HOTSPOT … DemoWPA3WPA/WPA2WEPContext
  • 18. {elysiumsecurity} cyber protection & response 18Public WIFI EVIL PORTAL ATTACK COFFEE SHOP FREE_WIFI CONNECT DemoWPA3WPA/WPA2WEPContext Please login Hotel Page Google Orange Etc. Google Creds THANK YOU! Internet Access Granted
  • 19. {elysiumsecurity} cyber protection & response 19Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
  • 20. {elysiumsecurity} cyber protection & response 20Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
  • 21. {elysiumsecurity} cyber protection & response 21Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
  • 22. {elysiumsecurity} cyber protection & response 22Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
  • 23. {elysiumsecurity} cyber protection & response 23Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext {elysiumsecurity} cyber protection & response 23Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
  • 24. {elysiumsecurity} cyber protection & response 24Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext {elysiumsecurity} cyber protection & response 23Public WIFI EVIL PORTAL ATTACK DemoWPA3WPA/WPA2WEPContext
  • 25. {elysiumsecurity} cyber protection & response © 2018 ElysiumSecurity Ltd. All Rights Reserved www.elysiumsecurity.com THANK YOU! Public 25