SlideShare a Scribd company logo

WiFi Insecurity2013

Kurt Baumgartner
Kurt Baumgartner

Brief presentation on wifi security risk in 2013.

Technology
1 of 10
Wifi Insecurity 2013 Risks and Usage Kurt Baumgartner @k_sec Principal Security Researcher Global Research and Analysis Team
Wifi Insecurity 2013 Usage and Risks Credit: wigle.net , 2013.08.29 • WiFi • Absolutely ubiquitous • Demonstrably insecure
Wifi Availability Who cares? 15%-20% WiFi is “unprotected” Credit: wigle.net , 2013.08.29
Wifi Availability Does WPA2 really matter? Session hijacking, complete compromise • • Banking / Retail cc Credit: www.immunityinc.com/images/silica/new_wifimonitor_edited.png
Wifi Attacker’s Toolset 2013 Getting in – is anything new? • Evil Twin == ARPSpoof, DHCP spoofing • Aircrack-ng handshake collector, WPS PIN defaults and Reaver brute forcing • Cloud based cracking, ocl-Hashcat-plus • 55 is the new 15! • Performance improvements by orders of magnitude • Certificate forging, SSLStrip, HTML Injection and Sidejacking • Cookie theft and replay • System Compromise and DNS Hijacking
Connecting to Public Wifi Confident connections • VPN (and/or SSH) • Pay attention to your browser!
Connecting to Public Wifi Confident connections
Connecting to Public Wifi Confident connections
Thank You Kurt Baumgartner, @k_sec Principal Security Researcher Global Research and Analysis Team

Recommended

Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius Vigil
Savvius, Inc
 
Long Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and SplunkLong Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and Splunk
Savvius, Inc
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
Skybox Security
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics Overview
Skybox Security
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
Skybox Security
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
Skybox Security
 
Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!
Regis Allen
 

Recommended

Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius Vigil
Savvius, Inc
 
Long Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and SplunkLong Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and Splunk
Savvius, Inc
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
Skybox Security
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics Overview
Skybox Security
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
Skybox Security
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
Skybox Security
 
Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!
Regis Allen
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
SwiftTech Solutions, Inc.
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
Cisco Security
 
Data protection on demand in hybrid it
Data protection on demand in hybrid itData protection on demand in hybrid it
Data protection on demand in hybrid it
Hybrid IT Europe
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
Rahul Neel Mani
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
Chandrapal Badshah
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & Access
Ivan Dwyer
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
Skybox Security
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
Skybox Security
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World
Symantec
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - Magnifier
Jisc
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
Cloudflare
 
Harnessing the Power of Metadata for Security
Harnessing the Power of Metadata for SecurityHarnessing the Power of Metadata for Security
Harnessing the Power of Metadata for Security
John Pollack
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Fpweb
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
Vishwas Manral
 
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Jisc
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
Ashwin Resume
Ashwin ResumeAshwin Resume
Ashwin ResumeAshwin Vijay
 
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
Priyanka Aash
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
ssuserfb92ae
 
Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)subtitle
 

More Related Content

What's hot

Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
SwiftTech Solutions, Inc.
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
Cisco Security
 
Data protection on demand in hybrid it
Data protection on demand in hybrid itData protection on demand in hybrid it
Data protection on demand in hybrid it
Hybrid IT Europe
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
Rahul Neel Mani
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
Chandrapal Badshah
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & Access
Ivan Dwyer
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
Skybox Security
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
Skybox Security
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World
Symantec
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - Magnifier
Jisc
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
Cloudflare
 
Harnessing the Power of Metadata for Security
Harnessing the Power of Metadata for SecurityHarnessing the Power of Metadata for Security
Harnessing the Power of Metadata for Security
John Pollack
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Fpweb
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
Vishwas Manral
 
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Jisc
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
Priyanka Aash
 

What's hot (20)

Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
 
Data protection on demand in hybrid it
Data protection on demand in hybrid itData protection on demand in hybrid it
Data protection on demand in hybrid it
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & Access
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - Magnifier
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
 
Harnessing the Power of Metadata for Security
Harnessing the Power of Metadata for SecurityHarnessing the Power of Metadata for Security
Harnessing the Power of Metadata for Security
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Ashwin Resume
Ashwin ResumeAshwin Resume
Ashwin Resume
 
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
 

Similar to WiFi Insecurity2013

CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
ssuserfb92ae
 
Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)subtitle
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 
Databook 2018 ver2
Databook 2018 ver2Databook 2018 ver2
Databook 2018 ver2
DrayTek
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technology
Deep Ranjan Deb
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft Azure
responsiveX
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager Networks
NTS UK - Part of Capita
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01Sergiy Pitel
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
Cisco Canada
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
ITCamp
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
Yunfei Yang
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the Cloud
Alert Logic
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)
Ryan Orsi
 
Cisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by MerakiCisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by Meraki
Rowell Dionicio
 
Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...
Adewole Shitta-bey
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
Cloud Distribution
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
Tudor Damian
 
Sprite guard on line brochure
Sprite guard on line brochureSprite guard on line brochure
Sprite guard on line brochure
James Doherty PgDipFM CBIFM
 
BGP Anomaly Detection
BGP Anomaly DetectionBGP Anomaly Detection
BGP Anomaly Detection
University of Kufa
 
Session810 ken huang
Session810 ken huangSession810 ken huang
Session810 ken huang
Ken Huang
 

Similar to WiFi Insecurity2013 (20)

CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
Databook 2018 ver2
Databook 2018 ver2Databook 2018 ver2
Databook 2018 ver2
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technology
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft Azure
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager Networks
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the Cloud
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)
 
Cisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by MerakiCisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by Meraki
 
Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
 
Sprite guard on line brochure
Sprite guard on line brochureSprite guard on line brochure
Sprite guard on line brochure
 
BGP Anomaly Detection
BGP Anomaly DetectionBGP Anomaly Detection
BGP Anomaly Detection
 
Session810 ken huang
Session810 ken huangSession810 ken huang
Session810 ken huang
 

More from Kurt Baumgartner

Billington 2013 IceFog APT
Billington 2013 IceFog APTBillington 2013 IceFog APT
Billington 2013 IceFog APT
Kurt Baumgartner
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
Kurt Baumgartner
 
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red OctoberNot-so Passive Sonar - Red October
Not-so Passive Sonar - Red OctoberKurt Baumgartner
 
Kurt baumgartner lan_deskse2012
Kurt baumgartner lan_deskse2012Kurt baumgartner lan_deskse2012
Kurt baumgartner lan_deskse2012
Kurt Baumgartner
 
The ROP Pack
The ROP PackThe ROP Pack
The ROP Pack
Kurt Baumgartner
 
AntiRE en Masse
AntiRE en MasseAntiRE en Masse
AntiRE en Masse
Kurt Baumgartner
 
Recent Rogueware
Recent RoguewareRecent Rogueware
Recent Rogueware
Kurt Baumgartner
 
Storm Worm - Malware 2.0
Storm Worm - Malware 2.0Storm Worm - Malware 2.0
Storm Worm - Malware 2.0
Kurt Baumgartner
 

More from Kurt Baumgartner (8)

Billington 2013 IceFog APT
Billington 2013 IceFog APTBillington 2013 IceFog APT
Billington 2013 IceFog APT
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
 
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red OctoberNot-so Passive Sonar - Red October
Not-so Passive Sonar - Red October
 
Kurt baumgartner lan_deskse2012
Kurt baumgartner lan_deskse2012Kurt baumgartner lan_deskse2012
Kurt baumgartner lan_deskse2012
 
The ROP Pack
The ROP PackThe ROP Pack
The ROP Pack
 
AntiRE en Masse
AntiRE en MasseAntiRE en Masse
AntiRE en Masse
 
Recent Rogueware
Recent RoguewareRecent Rogueware
Recent Rogueware
 
Storm Worm - Malware 2.0
Storm Worm - Malware 2.0Storm Worm - Malware 2.0
Storm Worm - Malware 2.0
 

Recently uploaded

Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 

Recently uploaded (20)

Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 

WiFi Insecurity2013

  • 1. Wifi Insecurity 2013 Risks and Usage Kurt Baumgartner @k_sec Principal Security Researcher Global Research and Analysis Team
  • 2. Wifi Insecurity 2013 Usage and Risks Credit: wigle.net , 2013.08.29 • WiFi • Absolutely ubiquitous • Demonstrably insecure
  • 3. Wifi Availability Who cares? 15%-20% WiFi is “unprotected” Credit: wigle.net , 2013.08.29
  • 4. Wifi Availability Does WPA2 really matter? Session hijacking, complete compromise • • Banking / Retail cc Credit: www.immunityinc.com/images/silica/new_wifimonitor_edited.png
  • 5. Wifi Attacker’s Toolset 2013 Getting in – is anything new? • Evil Twin == ARPSpoof, DHCP spoofing • Aircrack-ng handshake collector, WPS PIN defaults and Reaver brute forcing • Cloud based cracking, ocl-Hashcat-plus • 55 is the new 15! • Performance improvements by orders of magnitude • Certificate forging, SSLStrip, HTML Injection and Sidejacking • Cookie theft and replay • System Compromise and DNS Hijacking
  • 6. Connecting to Public Wifi Confident connections • VPN (and/or SSH) • Pay attention to your browser!
  • 7. Connecting to Public Wifi Confident connections
  • 8. Connecting to Public Wifi Confident connections
  • 9.
  • 10. Thank You Kurt Baumgartner, @k_sec Principal Security Researcher Global Research and Analysis Team