Archive for the ‘Wireless’ Category
ISACA Review: Hacking Exposed Wireless 2nd Edition
A special thanks to Horst Karin for posting a great review of my new book, Hacking Exposed Wireless 2nd Edition on the ISACA website. If you haven’t already checked it out, you can browse the book through Amazon’s Page Viewer. For the first time in print, we provided an in-depth coverage of attacking and exploiting [...]
December 9, 2010
Posted in: 802.11, Bluetooth, Exploit, Hacking, Linux, OSX, Penetration Testing, Security, ZigBee 
One Comment
Reflections on “hole196″
Last week at BlackHat, AirTight Networks security analyst Md Sohail Ahmad presented his findings on a vulnerability dubbed “hole196″. Affecting WPA/WPA2 Enterprise networks, this issue allows an authenticated user to manipulate other clients on the network to establish ARP spoofing attacks, to impersonate data frames from the AP or to create a DoS attack against [...]
August 3, 2010
Posted in: 802.11, Uncategorized 2 Comments
FaceTime Protocol Analysis
My good friend, fellow SANS instructor, sushi lover, colleague and boss, Mike Poor, has started a blog about packets over at www.packetstan.com. I’ve been working on the site and have posted a 3-part series of articles assessing the Apple FaceTime protocol. Stop by and take a look. -Josh
July 9, 2010
Posted in: Apple, iPhone, Reverse Engineering, Wireless No Comments
Updated FreeRADIUS-WPE
Brad brought the FreeRADIUS-WPE patch up to date for FreeRADIUS 2.1.7, which I’ve posted in the Offensive Section. This tool still works very reliably for me, and it’s always a treat when a target wireless network is running PEAP or TTLS and I get to use it. Code is posted on the FreeRADIUS-WPE page. If [...]
May 18, 2010
Posted in: 802.11, Hacking Comments Closed
Verizon MiFi Pwned (maybe they should take my class)
Update: Please also see my post about the hidden page for advanced MiFi configuration settings. Recently, I picked up a Verizon MiFi device for $50 and the extension of my service contract for another 2 years. The fun that I’ve had with the device so far has well made up for both costs. Background The [...]
February 2, 2010
Posted in: 802.11, Wireless 3 Comments
Exploiting ZigBee at ToorCon 11 Slides
Yesterday I presented my findings on the security implications of the ZigBee protocol at ToorCon 11. I had a great audience and the presentation went smoothly where we looked at the basis of ZigBee technology and why ZigBee is important for embedded developers and interesting to attackers. I also introduced a new project I’ve been [...]
October 25, 2009
Posted in: ZigBee 3 Comments
ToorCon 11: KillerBee – Practical Zigbee Exploitation Framework
On Saturday at ToorCon 11 I’m presenting my work in designing a framework and tools to exploit and manipulate ZigBee and IEEE 802.15.4 networks. KillerBee has been about 9 months in development, written in Python, leveraging the AVR RZUSB Stick as the interface to interact with these low-power networks. ZigBee is a interesting wireless technology, [...]
October 21, 2009
Posted in: ZigBee No Comments
Bluetooth and OS Language Pack Correlation
The Bluetooth Service Discovery Protocol (SDP) is used to publish and enumerate the services of a Bluetooth device. Through SDP, your mobile phone knows that your Mac accepts file transfers or can extend your wired network over Bluetooth, for example. We can enumerate the SDP information for a given device with the Linux command “sdptool”: [...]
August 4, 2009
Posted in: Bluetooth No Comments
Special Evening Webcast on Kismet Newcore Thursday!
On Thursday night at 7pm EDT (4pm PDT) I’ll be giving a special evening webcast called “Budget Wireless Assessment using Kismet-Newcore”. I delivered this content at the SANS Denver conference a few weeks ago, but several people have contacted me complaining that they wanted to get in on the new features Kismet has to offer [...]
July 28, 2009
Posted in: 802.11, Bluetooth, Training, ZigBee No Comments
Wireless Privacy Loss++; Amazon Kindle
Fellow hacker and all-around rock-star Sherri Davidoff and I have been chatting lately about a new form of privacy loss from Amazon in the form of the Kindle. I’m a big Kindle user, and I love having a good deal of my tech library with me on the Kindle DX when I travel. When I’m [...]
July 11, 2009
Posted in: Privacy, Wireless, ZigBee No Comments