SlideShare a Scribd company logo
1 of 105
WiFi practical hacking
"Show me the passwords!"
BY KONRAD JĘDRZEJCZYK
Whoami
• VP Threat Detection Analysis, Financial Institution
• Senior Threat Hunter, Pepsico Consulting Polska Sp. z o.o.
• Senior Incident Response Analyst, Royal Bank of Scotland S.A.
• IT Infrastructure Risk Analyst, Royal Bank of Scotland S.A.
• IT Security Incident Manager, ING Services Polska Sp. z o.o.
• IT Forensic Expert, ProCertiv Sp. z o.o.
• IT Security Expert (Co-Founder), Collective Systems
The opinions expressed here are my own and do not necessarily represent those of my employer.
WHOAMI 2
WHOAMI 3
http://podstawczynski.com/retro/pics_small/IMG_2443.jpg
Hz
PREPARATION 4
https://www.wifiki.eu
2.4 GHz (802.11b/g/n)
3.65 GHz (802.11y)
4.9 GHz (802.11j) public safety WLAN
5 GHz (802.11a/h/j/n/ac/ax)
5.9 GHz (802.11p)
60 GHz (802.11ad/ay)
900 MHz (802.11ah)
Theory...
THEORY 5
https://www.wigle.net/stats
THEORY 6
http://www.aliexpress.com
Theory...
Antenna - theory
PREPARATION 7
https://www.wifiki.eu
Antenna - theory
PREPARATION 8
https://www.wifiki.eu
Antenna - theory
PREPARATION 9
https://www.wifiki.eu
Antenna - reality
PREPARATION 10
PREPARATION 11
Hardware & Software
HARDWARE 12
Hardware & Software
OPENWRT = WORMHOLE ATTACK + MITM +3G 13
Hardware & Software
HARDWARE 14
Hardware & Software
HARDWARE 15
Hardware & Software
HARDWARE 16
Hardware & Budget
PREPARATION 17
Software & Aircrack-ng
PREPARATION 18
Checking hardware/driver capabilities
Iw list |
less
PREPARATION 19
Checking hardware/driver capabilities
Iw list |
less
PREPARATION 20
Checking hardware/driver capabilities
Iw list |
less
PREPARATION 21
Checking hardware/driver capabilities
Iw list |
less
PREPARATION 22
KISMET = WiFi+GPS
Iw list |
less
PREPARATION 23
KISMET = WiFi+GPS
Iw list |
less
Kismet-[date+hour].nettxt
PREPARATION 24
Network 4253: BSSID DC:53:7C:B7:AF:A2
Manuf : CompalBr
First : Wed Mar 21 16:05:29 2018
Last : Wed Mar 21 16:05:50 2018
Type : infrastructure
BSSID : DC:53:7C:B7:AF:A2
SSID 1
Type : Beacon
SSID : "House of Cards"
First : Wed Mar 21 16:05:29 2018
Last : Wed Mar 21 16:05:50 2018
Max Rate : 144.4
Beacon : 10
Packets : 3
WPS : Configured
Encryption : WPA+PSK
Encryption : WPA+TKIP
Encryption : WPA+AES-CCM
WPA Version: WPA+WPA2
Channel : 8
Frequency : 2447 - 3 packets, 100.00%
Max Seen : 1000
LLC : 3
Data : 0
Crypt : 0
Fragments : 0
Retries : 0
Total : 3
Datasize : 0
Min Pos : Lat 52.238670 Lon 20.988529 Alt 148.658997 Spd 0.000000
Max Pos : Lat 52.238674 Lon 20.988548 Alt 149.800995 Spd 0.000000
Peak Pos : Lat 52.238674 Lon 20.988548 Alt 148.658997
Avg Pos : AvgLat 52.238673 AvgLon 20.988536 AvgAlt 149.156900
Last BSSTS : Feb 26 09:02:14
Seen By : wlan0mon (wlan0mon) bc17995e-2d40-11e8-925d-5905352b2c03 3 packets
Wed Mar 21 16:05:50 2018
Client 1: MAC DC:53:7C:B7:AF:A2
Manuf : CompalBr
First : Wed Mar 21 16:05:29 2018
Last : Wed Mar 21 16:05:50 2018
Type : From Distribution
MAC : DC:53:7C:B7:AF:A2
Channel : 8
Frequency : 2447 - 3 packets, 100.00%
Max Seen : 1000
LLC : 3
Data : 0
Crypt : 0
Fragments : 0
Retries : 0
Total : 3
Datasize : 0
Min Pos : Lat 52.238670 Lon 20.988529 Alt 148.658997 Spd 0.000000
Max Pos : Lat 52.238674 Lon 20.988548 Alt 149.800995 Spd 0.000000
Peak Pos : Lat 52.238674 Lon 20.988548 Alt 148.658997
Avg Pos : AvgLat 52.238673 AvgLon 20.988536 AvgAlt 149.156900
Seen By : wlan0mon (wlan0mon) bc17995e-2d40-11e8-925d-5905352b2c03 3 packets
Wed Mar 21 16:05:50 2018
Gathering Intel - wrong
PREPARATION 25
https://raw.githubusercontent.com/adamziaja/wardriving/master/wardriving_4.png
Gathering Intel - wrong
PREPARATION 26
https://raw.githubusercontent.com/adamziaja/wardriving/master/wardriving_4.png
Gathering Intel – Correct
PREPARATION 27
Gathering Intel
PREPARATION 28
https://sklep.batis.pl https://allegro.pl
PREPARATION 29
Hardware & Software
PREPARATION 30
Hardware & Software
OPENWRT = WORMHOLE ATTACK + MITM +3G 31
Hardware & Software
OpenWrt as tool for Attacker
http://wiki.openwrt.org/toh/start
OPENWRT WILL TURN CHEAP HARDWARE TO YOUR BEST WIFI CARD 32
Gathering Intel – Overkill
PREPARATION - OVERKILL 33
34
35
36
#!/bin/bash
MAC="$(echo $1 | sed 's/ //g' | sed 's/-//g' | sed 's/://g' | cut -c1-6)";
result="$(grep -i -A 4 ^$MAC ./oui.txt)";
if [ "$result" ]; then
echo "For the MAC $1 the following information is found:"
echo "$result"
else
echo "MAC $1 is not found in the database."
fi
37
Airgraph-ng
38
Airgraph-ng
39
40
41
42
43
PREPARATION 44
Gathering Intel & Mobile
PREPARATION 45
Gathering Intel & Mobile
MAC
MAC 46
First described by Stefan Viehbock.
“When poor design meets poor implementation.”
Still, there is only 11,000 possible combinations.
reaver -i mon0 -b 0A:0B:0C:0D:0E:0F
44443338 checksum
PIN part 2 – 1000 possibilities
PIN part 1 – 10000 possibilities
802.11 Auth
802.11 Assoc
EAP initiation
Receive
Send M4
Increment 1st
half of PIN
802.11
Deauth
Send M6
Increment 2nd
half of PIN/fix
checksum
Dump AP
Configuration (M7)
M5
NACK
NACKReceive
M7
WPS – WiFi Protected Setup
WPS 47
WPS?
PREPARATION 48
WPS?
PREPARATION 49
WPS - Currently Implemented
Safeguards:
• Limiting the number of attempts that can be made in a given timeframe
• Using a different PIN for every pairing attempt
• Limiting the pairing time
• Disabling WPS …however, there is a good chance that it will be disabled only in web api…
WPS 50
Don’t Underestimate the “Luck Factor”
http://zaufanatrzeciastrona.pl/wp-content/uploads/2014/02/superbowl.jpg
TALK TO ME:D 51
Practical?
52
Theory...
THEORY 53
https://www.wigle.net/stats
Global corporate solutions & WiFi
CORPORATE 54
Global corporate solutions & WiFi
CORPORATE 55
Global corporate solutions & WiFi
CORPORATE 56
WPA/WPA2 Connection
Supplicant (Client) Authenticator
Supplicant Random number
(Snonce nonce generated by supplicant),
Message Integrity Code (MIC)
Security parameters (RSN)
Authenticator Random Number
(Anonce nonce generated by authenticator),
Authenticator MAC
Resend Random number,
Encrypted by PTK
Confirm both PTK and GTK are installed
Pairwise Master Key
(PMK)
Pairwise Transient
Key (PTK)
WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE? 57
WPA/WPA2 Connection
Unauthenticated
Unassociated
Authenticated
Unassociated
Authenticated
Associated
Deauthentication
Authentication
(Re)association
Deauthentication
Disassociation
WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE? 58
Airodump-ng
WPA/WPA2 IN PRACTICE 59
WPA/WPA2 Deauth
HANDSHAKE 60
WPA/WPA2 Deauth
HANDSHAKE 61
Airodump-ng
HANDSHAKE 62
Airodump-ng
HANDSHAKE 63
hashcat?
HANDSHAKE 64
In order to make use of this new attack you need the following tools:
1: hcxdumptool v4.2.0 or higher: https://github.com/ZerBea/hcxdumptool
2: hcxtools v4.2.0 or higher: https://github.com/ZerBea/hcxtools
3: hashcat v4.2.0 or higher: https://github.com/hashcat/hashcat
hcxdumptool -o hashfile -i wlan0mon --filterlist=macfilter.txt --filtermode=2 --enable_status=3
./hashcat-m 16800 /root/hashtocrack -a 3 -w 3 '?u?u?u?u?u?u?u?u'
hashcat?
HANDSHAKE 65
WPA/WPA2
PASSWORD 66
https://cdn.vox-cdn.com/thumbor/F0F4q7C1MLIo_aWsnc-xManUDa4=/0x0:740x601/920x0/filters:focal(0x0:740x601):format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/9007635/password_strength.png
Aircrack-ng
WPA/WPA2 IN PRACTICE 67
HASHCAT
HASHCAT 68
Hash file: hccap -> hccapx
HASHCAT 69
cap2hccapx to convert
Older = faster... same for HashCat?
HASHCAT 70
HASHCAT
CPU 71
X = Cn
Where:
X - Number of combinations
C - Number of characters in a charset
n - Password range (>=8)
Example:
8 char lowercase alpha
[a-z or (not and) A-Z] = 268
= 208827064576
Example for Radeon R9 270 OC (~98 kH/sek)
WPA/WPA2 Password Entropy
GPU 72
n Charset Time
Single R290 (~140 kH/s)
8 [0-9] = 10 12 minutes
8 [a-z] or [A-Z] = 26 17 days
8 [a-z + 0-9] or [A-Z + 0-9] = 36 233 days
9 [a-z] or [A-Z] = 26 1 year and 83 days
9 [a-z + 0-9] or [A-Z + 0-9] = 36 23 years
8 a-z + A-Z + 0-9 = 62 50 years
12 x R270 (12 x ~100 kH/s)
8 [a-z] or [A-Z] = 26 2 days
8 [a-z + 0-9] or [A-Z + 0-9] = 36 27 days
9 [a-z] or [A-Z] = 26 52 days
Single i5 CPU (~3,3 kH/s) depending on version
8 [a-z] or [A-Z] = 26 2 years and 1 month
HASHCAT
GO! GO! GO! 73
HASHCAT
 74
HASHCAT
 75
nothing
 76
8 char lowercase alpha
[a-z or (not and) A-Z] = 268
= 208827064576
WPA/WPA2 Password Entropy
PASSWORD 77
8 char lowercase alpha
[a-z or (not and) A-Z] = 268
= 208827064576
WPA/WPA2 Password Entropy
PASSWORD 78
8 char lowercase alpha
[a-z or (not and) A-Z] = 268
= 208827064576
WPA/WPA2 Password Entropy
PASSWORD 79
WPA/WPA2 Password Entropy
PASSWORD 80
... and crunch
and CeWL
and... and... and
WPA/WPA2 Entropy in Practice
WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE? 81
paulina Paulina paulina! Paulina! Paulina!@# ,(15011, 'andziulka19994',
PaulinA!@# ,(15024, 'mariusz22',
paulina0 Paulina0 paulina0! Paulina0! PaUliNa0! ,(15003, 'demiano7'
paulina1 Paulina1 paulina1! Paulina1! P@ulin@1! ,(15004, 'Lampka',
(...) (...) (...) (...) Paulina2o15! ,(15005, 'paradyne',
paulina9 Paulina9 paulina9! Paulina9! paulinA1989! ,(15006, 'darek1054',
paulina!-! ,(15007, 'bandzior2911'
paulina10 Paulina10 paulina10! Paulina10! paulina19890101 ,(15008, 'Ruthless blade',
paulina11 Paulina11 paulina11! Paulina11! 89Paulina! ,(15009, 'SzYbKi',
(...) (...) (...) (...) 1paulina1 ,(15023, 'aramil23',
paulina99 Paulina99 paulina99! Paulina99! PaUlInA ,(15012, 'kasiq10',
.paulina ,(15013, 'diabelskapam'
paulina1970 Paulina1970 paulina1970! Paulina1970! paulinapaulina ,(15014, 'Janosik_13',
paulina1971 Paulina1971 paulina1971! Paulina1971! KonradPaulina ,(15015, 'Sztukens',
(...) (...) (...) (...) !!!PAULINA!!! ,(15016, 'superrolnik',
paulina2016 Paulina2016 paulina2016! Paulina2016! PaulinaDefCamp ,(15017, 'Henry102',
Real passwords from stolen and
publicly available sql file:
www.pobieramy24.pl.sql
WiFi & close ”air” support
WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE? 82
https://en.wikipedia.org/wiki/Joint_terminal_attack_controllerhttps://github.com/wifiphisher/wifiphisher
Frameworks: WiFi-Pumpkin
83
Frameworks: WiFi-Pumpkin
84
Frameworks: WiFi-Pumpkin
85
Frameworks: WiFi-Pumpkin
86
Frameworks: WiFi-Pumpkin
87
Frameworks: WiFi-Pumpkin
88
Frameworks: WiFi-Pumpkin
89
Frameworks: WiFi-Pumpkin
90
• airodump-ng
• airbase-ng
• airdecap-ng
• airmon-ng
• aireplay-ng
• airserv-ng
• tkiptun-ng
• sslstrip
• tcpdump
• ettercap
• … screen
AP
OpenWRT
You
FTP server
Comm-link
Wireless access point
Database server
Mail server
Switch
Laptop
Smart phone
Symbol Description
Legend Subtitle
Legend
OpenWrt – Everything You Need
OPENWRT = WORMHOLE ATTACK + MITM +3G 91
OpenWrt as tool for Attacker
OPENWRT WILL TURN CHEAP HARDWARE TO YOUR BEST WIFI CARD 92
Video...
WiFiPhisher (Captive Portal Attack)
93
WiFiPhisher
94
WiFiPhisher
WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE? 95
WiFiPhisher
96WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE?
WiFiPhisher
97WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE?
WiFiPhisher
98WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE?
WiFiPhisher
99WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE?
WiFiPhisher
100WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE?
WiFiPhisher
WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE? 101
WiFiPhisher
WPA/WPA2 – IS THE HASHING ALGORITHM SO INSECURE AS WE ARE LED TO BELIEVE? 102
STANDARD H FAILURE – NEXT TIME 103
C64 – YES:D 104
Most commonly used for WiFi operations:
Kali & OpenWRT
Alfa AWUS036NHA (does have problems, old only b/g/n)
TP-LINK:
3020 (small & old standards)
3220 (stable & old standards)
3040 (battery included & old standards)
WR1043ND v4 (modern standards & 16 MB flash will allow direct install of aircrack-ng)
TILL NEXT TIME 105
ROK liczba postępowań wszczętych liczba przestępstw stwierdzonych
2016 3401 2718
2015 3515 2452
Art. 267
§ 1. Kto bez uprawnienia uzyskuje dostęp do informacji dla niego nieprzeznaczonej, otwierając zamknięte pismo,
podłączając się do sieci telekomunikacyjnej lub przełamując albo omijając elektroniczne, magnetyczne,
informatyczne lub inne szczególne jej zabezpieczenie, podlega grzywnie, karze ograniczenia wolności albo
pozbawienia wolności do lat 2.
§ 2. Tej samej karze podlega, kto bez uprawnienia uzyskuje dostęp do całości lub części systemu
informatycznego.
§ 3.Tej samej karze podlega, kto w celu uzyskania informacji, do której nie jest uprawniony, zakłada lub posługuje
się urządzeniem podsłuchowym, wizualnym albo innym urządzeniem lub oprogramowaniem.
§ 4. Tej samej karze podlega, kto informację uzyskaną w sposób określony w § 1-3 ujawnia innej osobie.
§ 5. Ściganie przestępstwa określonego w § 1-4 następuje na wniosek pokrzywdzonego.
Przedawnienie – 5 lat

More Related Content

What's hot

Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in India
gsmonga
 

What's hot (20)

Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
Ngelab Packet Tracer - Subnet, IP, DHCP, Server, DNS, Email, NTP, FTP, RIP, E...
Ngelab Packet Tracer - Subnet, IP, DHCP, Server, DNS, Email, NTP, FTP, RIP, E...Ngelab Packet Tracer - Subnet, IP, DHCP, Server, DNS, Email, NTP, FTP, RIP, E...
Ngelab Packet Tracer - Subnet, IP, DHCP, Server, DNS, Email, NTP, FTP, RIP, E...
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Privacy in a Digital age
Privacy in a Digital agePrivacy in a Digital age
Privacy in a Digital age
 
Soal Linux Actual - ITNSA LKS SMK Tingkat Provinsi NTB 2021
Soal Linux Actual - ITNSA LKS SMK Tingkat Provinsi NTB 2021Soal Linux Actual - ITNSA LKS SMK Tingkat Provinsi NTB 2021
Soal Linux Actual - ITNSA LKS SMK Tingkat Provinsi NTB 2021
 
CCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communicationsCCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communications
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in India
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Modul cisco-packet-tracer
Modul cisco-packet-tracerModul cisco-packet-tracer
Modul cisco-packet-tracer
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-access
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Soal Modul A Linux Environment LKS SMK NTB 2018
Soal Modul A Linux Environment LKS SMK NTB 2018Soal Modul A Linux Environment LKS SMK NTB 2018
Soal Modul A Linux Environment LKS SMK NTB 2018
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 
System Security
System SecuritySystem Security
System Security
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
 

Similar to WiFi practical hacking "Show me the passwords!"

Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
Hammam Samara
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networks
guestf2e41
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
Mihir Shah
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
ClubHack
 

Similar to WiFi practical hacking "Show me the passwords!" (20)

Wi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationWi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu Exploitation
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
 
Black Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source ProjectsBlack Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's  more than cracking WEPWireless Pentesting: It's  more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden Ticket
 
Jose Selvi - Side-Channels Uncovered [rootedvlc2018]
Jose Selvi - Side-Channels Uncovered [rootedvlc2018]Jose Selvi - Side-Channels Uncovered [rootedvlc2018]
Jose Selvi - Side-Channels Uncovered [rootedvlc2018]
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networks
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case study
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 Mars
 
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
 

More from DefCamp

More from DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 

Recently uploaded

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 

WiFi practical hacking "Show me the passwords!"