Will Hack For SUSHI

Hacking and Defending Wireless

• Home
• Defensive
• Offensive
  • file2air
  • FreeRADIUS-WPE
  • Asleap
  • Cowpatty
  • Bluecrypt
  • eapmd5pass
  • wlan2eth
• Projects
• Research
• Presentations
• Old Site
• About

Archive for the ‘Wireless’ Category

Reflections on “hole196″

Last week at BlackHat, AirTight Networks security analyst Md Sohail Ahmad presented his findings on a vulnerability dubbed “hole196″. Affecting WPA/WPA2 Enterprise networks, this issue allows an authenticated user to manipulate other clients on the network to establish ARP spoofing attacks, to impersonate data frames from the AP or to create a DoS attack [...]

August 3, 2010   Posted in: 802.11, Uncategorized  5 Comments

FaceTime Protocol Analysis

My good friend, fellow SANS instructor, sushi lover, colleague and boss, Mike Poor, has started a blog about packets over at www.packetstan.com.  I’ve been working on the site and have posted a 3-part series of articles assessing the Apple FaceTime protocol.  Stop by and take a look.
-Josh

July 9, 2010   Posted in: Apple, Reverse Engineering, Wireless, iPhone  No Comments

Updated FreeRADIUS-WPE

Brad brought the FreeRADIUS-WPE patch up to date for FreeRADIUS 2.1.7, which I’ve posted in the Offensive Section. This tool still works very reliably for me, and it’s always a treat when a target wireless network is running PEAP or TTLS and I get to use it.

Code is posted on the FreeRADIUS-WPE page. [...]

May 18, 2010   Posted in: 802.11, Hacking  Comments Closed

Verizon MiFi Pwned (maybe they should take my class)

Update: Please also see my post about the hidden page for advanced MiFi configuration settings.
Recently, I picked up a Verizon MiFi device for $50 and the extension of my service contract for another 2 years. The fun that I’ve had with the device so far has well made up for both costs.
Background
The MiFi is [...]

February 2, 2010   Posted in: 802.11, Wireless  4 Comments

Exploiting ZigBee at ToorCon 11 Slides

Yesterday I presented my findings on the security implications of the ZigBee protocol at ToorCon 11. I had a great audience and the presentation went smoothly where we looked at the basis of ZigBee technology and why ZigBee is important for embedded developers and interesting to attackers.
I also introduced a new project I’ve been [...]

October 25, 2009   Posted in: ZigBee  4 Comments

ToorCon 11: KillerBee – Practical Zigbee Exploitation Framework

On Saturday at ToorCon 11 I’m presenting my work in designing a framework and tools to exploit and manipulate ZigBee and IEEE 802.15.4 networks. KillerBee has been about 9 months in development, written in Python, leveraging the AVR RZUSB Stick as the interface to interact with these low-power networks.
ZigBee is a interesting wireless technology, [...]

October 21, 2009   Posted in: ZigBee  No Comments

Bluetooth and OS Language Pack Correlation

The Bluetooth Service Discovery Protocol (SDP) is used to publish and enumerate the services of a Bluetooth device. Through SDP, your mobile phone knows that your Mac accepts file transfers or can extend your wired network over Bluetooth, for example.
We can enumerate the SDP information for a given device with the Linux command “sdptool”:

$ [...]

August 4, 2009   Posted in: Bluetooth  No Comments

Special Evening Webcast on Kismet Newcore Thursday!

On Thursday night at 7pm EDT (4pm PDT) I’ll be giving a special evening webcast called “Budget Wireless Assessment using Kismet-Newcore”. I delivered this content at the SANS Denver conference a few weeks ago, but several people have contacted me complaining that they wanted to get in on the new features Kismet has to [...]

July 28, 2009   Posted in: 802.11, Bluetooth, Training, ZigBee  2 Comments

Wireless Privacy Loss++; Amazon Kindle

Fellow hacker and all-around rock-star Sherri Davidoff and I have been chatting lately about a new form of privacy loss from Amazon in the form of the Kindle.
I’m a big Kindle user, and I love having a good deal of my tech library with me on the Kindle DX when I travel. When I’m [...]

July 11, 2009   Posted in: Privacy, Wireless, ZigBee  No Comments

802.11 Pocket Reference Guide

I’ve posted my IEEE 802.11 pocket reference guide to the Projects Section. This legal-sized guide provides some quick-reference resources for wireless analysis including common acronyms, Wireshark display filters, Kismet shortcuts and a breakdown of several of the IEEE 802.11 header fields. This will be especially helpful to my SANS SEC617 Ethical Hacking Wireless [...]

July 9, 2009   Posted in: 802.11, Wireless  8 Comments

• « Older Entries

• Twitterific

  • @bug_bear I can't believe I forgot this one: One Second After by William Forstchen, awesome PA book about the destruction following EMP
  • TaoSecurity: Review of Hacking Exposed: Wireless, 2nd Ed Posted http://t.co/aicbN1F via @taosecurity (Awesome!)
  • @bug_bear World War Z was an awesome book
  • @bug_bear "The Taking" was not my favorite PA book. I think my favorite is still "Swan Song" or "The Stand"
  • @digininja Glad to hear your wife is well, best wishes.
  • Free chapters for Hacking Exposed Wireless 2nd Edition available online: http://bit.ly/bNzksI (all new content in this edition)

• Categories

  802.11 Administrative Apple Bluetooth Code Defending Exploit Fuzzing Hacking Hardware iPhone Linux Malware Penetration Testing Privacy Reverse Engineering Security Smart Grid Tool Training Uncategorized Vista Windows 2003 Wireless ZigBee

• Pages

  • About
  • Defensive
  • Offensive
    • Asleap
    • Bluecrypt
    • Cowpatty
    • eapmd5pass
    • file2air
    • FreeRADIUS-WPE
    • wlan2eth
  • Old Site
  • Presentations
  • Projects
  • Research