Archive for the ‘802.11’ Category

ISACA Review: Hacking Exposed Wireless 2nd Edition

A special thanks to Horst Karin for posting a great review of my new book, Hacking Exposed Wireless 2nd Edition on the ISACA website. If you haven’t already checked it out, you can browse the book through Amazon’s Page Viewer. For the first time in print, we provided an in-depth coverage of attacking and exploiting [...]

December 9, 2010   Posted in: 802.11, Bluetooth, Exploit, Hacking, Linux, OSX, Penetration Testing, Security, ZigBee  One Comment

Reflections on “hole196″

Last week at BlackHat, AirTight Networks security analyst Md Sohail Ahmad presented his findings on a vulnerability dubbed “hole196″. Affecting WPA/WPA2 Enterprise networks, this issue allows an authenticated user to manipulate other clients on the network to establish ARP spoofing attacks, to impersonate data frames from the AP or to create a DoS attack against [...]

August 3, 2010   Posted in: 802.11, Uncategorized  2 Comments

Updated FreeRADIUS-WPE

Brad brought the FreeRADIUS-WPE patch up to date for FreeRADIUS 2.1.7, which I’ve posted in the Offensive Section. This tool still works very reliably for me, and it’s always a treat when a target wireless network is running PEAP or TTLS and I get to use it. Code is posted on the FreeRADIUS-WPE page. If [...]

May 18, 2010   Posted in: 802.11, Hacking  Comments Closed

Verizon MiFi Pwned (maybe they should take my class)

Update: Please also see my post about the hidden page for advanced MiFi configuration settings. Recently, I picked up a Verizon MiFi device for $50 and the extension of my service contract for another 2 years. The fun that I’ve had with the device so far has well made up for both costs. Background The [...]

February 2, 2010   Posted in: 802.11, Wireless  3 Comments

Special Evening Webcast on Kismet Newcore Thursday!

On Thursday night at 7pm EDT (4pm PDT) I’ll be giving a special evening webcast called “Budget Wireless Assessment using Kismet-Newcore”. I delivered this content at the SANS Denver conference a few weeks ago, but several people have contacted me complaining that they wanted to get in on the new features Kismet has to offer [...]

July 28, 2009   Posted in: 802.11, Bluetooth, Training, ZigBee  No Comments

802.11 Pocket Reference Guide

I’ve posted my IEEE 802.11 pocket reference guide to the Projects Section. This legal-sized guide provides some quick-reference resources for wireless analysis including common acronyms, Wireshark display filters, Kismet shortcuts and a breakdown of several of the IEEE 802.11 header fields. This will be especially helpful to my SANS SEC617 Ethical Hacking Wireless students! -Josh

July 9, 2009   Posted in: 802.11, Wireless  7 Comments

New Presentation: Budget Wireless Assessment with Kismet Newcore

New slides I’m delivering tonight at the SANS Denver 2009 conference on using Kismet Newcore for wireless assessment in the role of wireless network administrator, auditor or ethical hacker. Check it out in the usual place. Thanks to @jabra for his help in getting the BT4 update repository current with the most recent Kismet Newcore [...]

July 8, 2009   Posted in: 802.11  No Comments

Cowpatty 4.6 (with less teh suck)

As it turns out, there was a pretty significant bug in cowpatty 4.5 and earlier when built on systems with a more modern version of OpenSSL than what I was testing against: typedef struct { unsigned char k_ipad[65]; unsigned char k_opad[65]; unsigned char k_ipad_set; unsigned char k_opad_set; } SHA1_CACHE;   struct SHA1_CACHE cached; SHA1_CTX context; [...]

July 3, 2009   Posted in: 802.11, Code, Security, Tool  No Comments

Cowpatty 4.5

After too much time I have posted coWPAtty 4.5 with several fixes and a couple of new features: Fewer restrictions on collecting the data needed to mount an attack.В  The default behavior requires all 4 frames of the 4-way handshake to mount an attack.В  If you specify “-2″ on the command-line, coWPAtty will only require [...]

June 4, 2009   Posted in: 802.11, Penetration Testing, Security, Tool  4 Comments

Kismet-Newcore Screenshots

Dragorn has posted a bunch of screenshots for Kismet-Newcore, demonstrating some of the cool UI features including traffic activity timeline view, update client list view, plugins view, network details view, color preferences, channel utilization (signal and noise) view, and channel configuration. Check them out at http://kismetwireless.net/screenshot.shtml. -Josh

May 26, 2009   Posted in: 802.11, Security, Tool  No Comments