Wireless technology is inherently insecure in general, however this presentation details some unconventional attacks that have been around for years but are still incredibly effective. Discussing the basics of AP cloning, abusing captive portals, and more.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
Intrusion detection system (IDS) is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
The Open Web Application Security Project, is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
One of those projects, The OWASP Top Ten, provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.
The OWASP team recently released the 2017 revised and updated version of the ten most critical web application security risks and so we’ve created these flash cards for you, your friends, and your colleagues (especially product and engineering :) to test your knowledge and learn more about these important issues.
Company-wide security awareness is a powerful way to improve the overall security of your organization. So adorn your waiting rooms, cubicles, and snack rooms with these flash cards for easy learning and remembrance.
About Port Scanning
Used Nmap and Shadow Security scanner for the best outputs.
A Detailed description on performing the port scanning mostly for the network administrators.
Why to perform? How to perform? Where to perform? these areas are taken into consideration and presented with best output results using tools "nmap scanner" and "shadow security scanner".
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
Intrusion detection system (IDS) is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
The Open Web Application Security Project, is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
One of those projects, The OWASP Top Ten, provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.
The OWASP team recently released the 2017 revised and updated version of the ten most critical web application security risks and so we’ve created these flash cards for you, your friends, and your colleagues (especially product and engineering :) to test your knowledge and learn more about these important issues.
Company-wide security awareness is a powerful way to improve the overall security of your organization. So adorn your waiting rooms, cubicles, and snack rooms with these flash cards for easy learning and remembrance.
About Port Scanning
Used Nmap and Shadow Security scanner for the best outputs.
A Detailed description on performing the port scanning mostly for the network administrators.
Why to perform? How to perform? Where to perform? these areas are taken into consideration and presented with best output results using tools "nmap scanner" and "shadow security scanner".
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
Recorded Webcast: https://logrhythm.com/resources/webcasts/activated-charcoal-making-sense-of-endpoint-data/
Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you can highlight trends, find flaws and resolve issues.
This Presentation was given at Black Hat 2016 and, recently, an SC Magazine Webcast, covering the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.
This presentation is about how WEP configured WiFi enabled roaming client can be compromised and WEP Key can be retireved, sitting thousands of miles away from actual network. The talk was presented in Toorcon 9 in 2007.
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
linksys is a one of the most running well technology in networks..here's configuration steps of linksysy router who helps to understand a things easily and install in your system. ....
The Caffe Latte attack debunks the age old myth that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network, with at least one functional AP up and running. We demonstrate that it is possible to retrieve the WEP key from an isolated Client - the Client can be on the Moon! - using a new technique called "AP-less WEP Cracking". With this discovery Pen-testers will realize that a hacker no longer needs to drive up to a parking lot to crack WEP. Corporations still stuck with using WEP, will realize that their WEP keys can be cracked while one of their employees is transiting through an airport, having a cup of coffee, or is catching some sleep in a hotel room. Interestingly, Caffe Latte also has a great impact on the way Honey-pots work today and takes them to the next level of sophistication.
Informationssicherheit im ÜbersetzungsprozessHans Pich
Die Frage nach Informationssicherheit wird spätestens seit der NSA-Affäre auch in Unternehmen zunehmend öfter gestellt. Im Vortrag werden die sich hieraus ergebenden Anforderungen für Übersetzungsdienstleister und ihre Auftraggeber anhand der Vorgaben der ISO 27001 vorgestellt. Neben den formalen Anforderungen im Bereich der Prozessgestaltung, Aspekten der physischen Sicherheitseinrichtungen und der IT werden auch die speziellen Besonderheiten beim Einsatz von Freelancern in gesicherten Prozessen diskutiert und praxisnahe Lösungsansätze aufgezeigt. Weitere Informationen unter www.rws-group.de/de/uebersetzung/rws-secure-translations/
Static PIE, How and Why - Metasploit's new POSIX payload: MettleBrent Cook
This talk discusses methods for building and injecting position-independent payloads into ELF processes. It also introduces Metasploit's new POSIX payload 'mettle' and outlines goals and future directions for Unix and Linux exploitation with Metasploit.
Como foi o Webinar?
Rafael apresentou a ferramenta, assim como explicou um pouco sobre sua arquitetura e suas principais funcionalidades. Rafael falou também dos próximos cursos da Academia Clavis: Metasploit Framework, Análise Forense Computacional e Teste de Invasão em Redes e Sistemas EAD.
http://www.blog.clavis.com.br/
With the 'rise of containers' comes also the rise of container platforms. And while Docker is the way to do things for now, Podman has also been gaining traction as the new kid on the block especially after being somewhat embraced by RedHat and Fedora. Being new also comes with lack of heavy scrutiny and audit on the security side of things. Once you start integrating other protocols and pieces that compliment each other, such as Varlink, boundaries become fuzzy. Rather than focus on container breakouts, which are also very important, we'll focus on how Podman and Varlink interoperate and the authentication and security implications as such. We'll look at the remote API capabilities, secure configurations and how certain setups and projects out there by default can be vulnerable to compromise. By the end of the talk, we will have discussed various bugs, issues and hardening techniques around deploying Podman and Varlink together and if you don't know a lot about containers, you'll learn a bit along the way.
Your data is much safer at home than it is letting some corporation "take care of it" for you, right? Security reviews for some of the top vendors' devices reveal many interesting findings. Like everything else, there are bugs. But knowing what kinds of bugs and how the vendors have responded will allow you to better understand the impact of plugging these devices into your network. Jeremy will show you just how low access control and least privilege are their list of priorities. He'll also explore the amount of test collateral and debug interfaces sloppily left shipping to consumers. From remote roots to stealing social network tokens to just plain weird stuff, he'll expand on how it's not just about what they do, but also what they don't do. And, he'll give you some useful guidelines on how to close the gaps yourself.
Using Blockchain to Increase Supply Chain TransparencyHorea Porutiu
Slides used for a live webinar: Efficiency and transparency in a coffee bean supply chain. Showing how Hyperledger is different than other blockchain platforms, and what makes it a great product for the enterprise.
InfoSec analysts are all somewhat familiar with Honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly; when deployed and monitored properly, Honeypots and Honey Tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using Honeypots and actively defend their network using indicators generated from an internal Honeynet?
The answer is Honeypots for Active Defense. There are currently many open source security tool distributions that come pre-loaded with Honeypots among other useful tools, however the Honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage Honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the Honeypots with the production environment. When deploying Honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network before they become the next headline.
TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go.
Putting too much trust in security products alone can be the downfall of an organization. In the 2015 BSides Tampa talk “Pentest Apocalypse” Beau discussed 10 different pentesting techniques that allow attackers to easily compromise an organization. These techniques still work for many organizations but occasionally more advanced tactics and techniques are required. This talk will continue where “Pentest Apocalypse” left off and demonstrate a number of red team techniques that organizations need to be aware of in order to prevent a “Red Team Apocalypse” as described in the tabletop scenario above.
In this talk we will demonstrate and unveil the latest developments on browser specific weaknesses including creative new mechanisms to compromise confidentiality, successfully perform login and history detection, serve mixed content, deliver malicious ghost binaries without a C&C server, exploit cache / timing side channels to extract secrets from third-party domains and leverage new HTML5 features to carry out more stealthy attacks. This is a fast-paced practical presentation with live demos that will challenge your knowledge of the Same Origin Policy and push the limits of what is possible with today’s web clients.
Topics will include: Current XSS filter bypass for IE & Chrome. Same Origin Policy timing attacks on Chrome. Data URI malware with spoofed URLs and ‘download’ attribute. HTML5 drag & drop exploitation. History stealing attacks. Clipboard stealing attacks. Cross-domain hijacking attacks with flash content sniffing, Blob URLs and SVGs. Spoofing URL address bars on modern browsers. Advanced browser encoding quirks and exploitation techniques.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
Ever wonder, "how can I make my home internet more secure" or "how can I make sure my kids are safely browsing the internet"? Join this cat meme filled presentation on how to secure your home's internet; everything from securing your wireless network to tools that you can use to help keep you and your family safe while surfing the web.
Ransomware has plagued organizations of all types and sizes for years. Yet, we have still only seen these tools, techniques, and procedures applied to traditional on-premise networks, and cloud-hosted assets themselves. And while we have just begun to see the tip of the iceberg as it relates to global-scale sweeping attacks that leverage enterprise management technologies, we have not yet experienced the cascading impact of such an attack on the very cloud infrastructure we have come to rely upon. This is surprising, given the simplicity, speed, and sheer efficacy of such an event. In this session, we will highlight the overlaps and disparities between traditional and cloud environments, using MITRE ATT&CK as a guide, to get ahead of the adversaries, and proactively protect our organizations, our customers, and ultimately society as a whole.
VMware Carbon Black Connect 2020 - Presentation on Destructive Malware and how the threat landscape is evolving as it relates to Nation State Adversaries and their capabilities.
Crypto Hacks - Quit your Job and Become a Crypto FarmerGreg Foss
With cryptocurrencies becoming more widely adopted as a form of payment, identity management, and accountability, our understanding of security implications around digital currency needs to keep pace. This talk dives into the many ways in which the systems put in place around new cryptocurrency technologies can be exploited to take advantage of loopholes and bypasses in this technology space.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported. This talk covers the framework and then dives into some stories from the field.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported.
Optimizing SAO with Open Source Tools. A deep dive into the Phishing Intelligence Engine (PIE) and how users can leverage infrastructure and open source to automate and respond to threats.
Drupal, WordPress, and Joomla are very popular Content Management Systems (CMS) that have been widely adopted by government agencies, major businesses, social networks, and more — underscoring why understanding how these systems work and properly securing these applications is of the utmost importance. This talk focuses on the penetration tester’s perspective of CMS’ and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists- all of which are open-source and can be downloaded and implemented following the presentation.
Drupal is a very popular content management system that has been widely adopted by government agencies, major businesses, social networks, and more. This talk focuses on the penetration tester's perspective of Drupal and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists.
Download the associated scripts, movies, and checklist here: https://github.com/gfoss/attacking-drupal
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
4. *I am not liable for what you do with any of this information*
Section 638:17 House Bill 495 - US rules against wireless
hacking
http://en.wikipedia.org/wiki/Legality_of_piggybacking#United_States
5. DISCLAIMER
Not a ‘Wi-Fi Security Expert’ nor a Lawyer
Just about everything I’m going to demonstrate is probably
illegal, don’t do any of this against unauthorized targets…
6. Not Discussing
Wi-Fi Security Basics
• 802.11
• WEP Cracking - ridiculously easy, google it
• WPA / WPA2 Attacks - Reaver
• WPS Attacks - Reaver
• PEAP, LEAP, etc. - Out of Scope
9. it’s everywhere…
enough free WiFi that it’s almost not
worth the time it takes to infiltrate
unless free internet’s not the goal…
10. Bypassing is easy…
• Sometimes Tor or a VPN will simply be allowed
through the captive portal, no joke
• Try appending ?.jpg or ?.png to the URL
• Look for Open Redirect flaws, iFrames, etc.
• Tunnel out over DNS!
• Same tricks work if your ISP suspends your
internet access, depending on the ISP of
course…
11. Bypassing is easy…
• On time-limited access points, just change your
MAC when the time runs out. Or sniff MACs and
ride on another’s paid access.
• De-auth existing clients and/or DoS access points:
• Aireplay-ng or Airdrop
• http://www.aircrack-ng.org/
• MDK3
• https://forums.kali.org/showthread.php?19498-
MDK3-Secret-Destruction-Mode
12. Bypassing is easy…
• Sniff MAC Addresses and wait for a user to
go idle, then modify your MAC and IP to
match
• Works on just about any open access
point, especially captive portals
• CPSCAM by Josh Wright will do this for
you:
• http://www.willhackforsushi.com/code/
cpscam.pl
16. The Evil Twin…
source: http://www.breakthesecurity.com/2014/04/evil-twin-attack-fake-wifi-hack.html
17.
18.
19.
20.
21.
22.
23.
24.
25. How to clone and weaponize captive portals
1. Connect to the access point and wait for the splash page to pop-
up.
2. Close the splash page, and open your browser. Visit any random
web page (http normally works better than https).
3. When the splash page comes up, save the entire landing page. Use
the splash page and save additional pages as necessary.
4. Change the UA string and grab the mobile version as well if it
exists.
5. Replace the form processor to write a log file and pass the client
through to a legitimate landing page.
6. Modify the page HTML to point to your form processor and modify
parameters as necessary.
7. Deploy the captive portal (will discuss this shortly)
8. Use IPTables to allow the victim’s MAC through to the internet using
the form processor.
32. How to Deauthenticate Clients
and DoS Access Points
• Aireplay-ng using the —deauth flag
• file2air - deauth packet injection flood tool by
Josh Wright
• http://www.willhackforsushi.com/code/file2air/1.1/
file2air-1.1.tgz
• Spoof AP MAC, send deauth requests to clients
• Target a single user, all users, or AP itself
• MDK3 Deauth Amok Mode to take out all WPA AP’s
33. How to Deauthenticate Clients
and DoS Access Points
source: https://github.com/sophron/wifiphisher
34. How to Deauthenticate Clients
and DoS Access Points
https://github.com/sophron/wifiphisher
47. DDWRT
• Flash with DDWRT, then you can use
NocatSplash to configure a captive portal.
• Many other ways to go about this…
DDWRT is just one of the easier options.
• http://www.dd-wrt.com/site/index
• http://sourceforge.net/projects/
nocatsplash/
51. • Kali Linux
• http://www.kali.org/
• Can do just about anything to connecting
clients
• Unlimited attack potential and plenty of
drive space to build elaborate landing
pages and believable scenarios
Laptop Hotspot and/or Proxy
52. • Makes hacking Wi-Fi even easier!
• https://github.com/SilverFoxx/PwnSTAR
PwnStar - By SilverFoxx
57. Combine Pineapple portability
with the versatility of Kali Linux
• http://www.offensive-security.com/kali-
linux/kali-linux-evil-wireless-access-point/
58. BeagleBone Black + Alfa Wi-Fi Card
http://beagleboard.org/black http://www.alfa.com.tw/
70. Client Defense…
• Always use a VPN/VPS/SSH Port Forwarding/
etc. when connected to an open access
point.
• Turn all Wireless devices off when traveling
or in crowded areas, many devices still
connect to wireless networks even when
‘sleeping’.
• Hotspot not served up over HTTPS and other
generally suspicious behavior.
• Beware duplicate networks with different
encryption.
71. Client Defense…
• Use different login details and passwords for
public wifi. Test false-credentials first, if it
lets you through it’s not legit.
• Turn off Wi-Fi on devices when traveling.
• Exercise caution when connections suddenly
drop, especially if it happens for everyone on
the network.
• If it just ‘doesn’t feel right’ then trust your
instincts…