Archive for the ‘Wireless’ Category

ISACA Review: Hacking Exposed Wireless 2nd Edition

A special thanks to Horst Karin for posting a great review of my new book, Hacking Exposed Wireless 2nd Edition on the ISACA website. If you haven’t already checked it out, you can browse the book through Amazon’s Page Viewer. For the first time in print, we provided an in-depth coverage of attacking and exploiting [...]

December 9, 2010   Posted in: 802.11, Bluetooth, Exploit, Hacking, Linux, OSX, Penetration Testing, Security, ZigBee  One Comment

Reflections on “hole196″

Last week at BlackHat, AirTight Networks security analyst Md Sohail Ahmad presented his findings on a vulnerability dubbed “hole196″. Affecting WPA/WPA2 Enterprise networks, this issue allows an authenticated user to manipulate other clients on the network to establish ARP spoofing attacks, to impersonate data frames from the AP or to create a DoS attack against [...]

August 3, 2010   Posted in: 802.11, Uncategorized  2 Comments

FaceTime Protocol Analysis

My good friend, fellow SANS instructor, sushi lover, colleague and boss, Mike Poor, has started a blog about packets over at  I’ve been working on the site and have posted a 3-part series of articles assessing the Apple FaceTime protocol.  Stop by and take a look. -Josh

July 9, 2010   Posted in: Apple, iPhone, Reverse Engineering, Wireless  No Comments

Updated FreeRADIUS-WPE

Brad brought the FreeRADIUS-WPE patch up to date for FreeRADIUS 2.1.7, which I’ve posted in the Offensive Section. This tool still works very reliably for me, and it’s always a treat when a target wireless network is running PEAP or TTLS and I get to use it. Code is posted on the FreeRADIUS-WPE page. If [...]

May 18, 2010   Posted in: 802.11, Hacking  Comments Closed

Verizon MiFi Pwned (maybe they should take my class)

Update: Please also see my post about the hidden page for advanced MiFi configuration settings. Recently, I picked up a Verizon MiFi device for $50 and the extension of my service contract for another 2 years. The fun that I’ve had with the device so far has well made up for both costs. Background The [...]

February 2, 2010   Posted in: 802.11, Wireless  3 Comments

Exploiting ZigBee at ToorCon 11 Slides

Yesterday I presented my findings on the security implications of the ZigBee protocol at ToorCon 11. I had a great audience and the presentation went smoothly where we looked at the basis of ZigBee technology and why ZigBee is important for embedded developers and interesting to attackers. I also introduced a new project I’ve been [...]

October 25, 2009   Posted in: ZigBee  3 Comments

ToorCon 11: KillerBee – Practical Zigbee Exploitation Framework

On Saturday at ToorCon 11 I’m presenting my work in designing a framework and tools to exploit and manipulate ZigBee and IEEE 802.15.4 networks. KillerBee has been about 9 months in development, written in Python, leveraging the AVR RZUSB Stick as the interface to interact with these low-power networks. ZigBee is a interesting wireless technology, [...]

October 21, 2009   Posted in: ZigBee  No Comments

Bluetooth and OS Language Pack Correlation

The Bluetooth Service Discovery Protocol (SDP) is used to publish and enumerate the services of a Bluetooth device. Through SDP, your mobile phone knows that your Mac accepts file transfers or can extend your wired network over Bluetooth, for example. We can enumerate the SDP information for a given device with the Linux command “sdptool”: [...]

August 4, 2009   Posted in: Bluetooth  No Comments

Special Evening Webcast on Kismet Newcore Thursday!

On Thursday night at 7pm EDT (4pm PDT) I’ll be giving a special evening webcast called “Budget Wireless Assessment using Kismet-Newcore”. I delivered this content at the SANS Denver conference a few weeks ago, but several people have contacted me complaining that they wanted to get in on the new features Kismet has to offer [...]

July 28, 2009   Posted in: 802.11, Bluetooth, Training, ZigBee  No Comments

Wireless Privacy Loss++; Amazon Kindle

Fellow hacker and all-around rock-star Sherri Davidoff and I have been chatting lately about a new form of privacy loss from Amazon in the form of the Kindle. I’m a big Kindle user, and I love having a good deal of my tech library with me on the Kindle DX when I travel. When I’m [...]

July 11, 2009   Posted in: Privacy, Wireless, ZigBee  No Comments