Archive for the ‘Security’ Category

ISACA Review: Hacking Exposed Wireless 2nd Edition

A special thanks to Horst Karin for posting a great review of my new book, Hacking Exposed Wireless 2nd Edition on the ISACA website. If you haven’t already checked it out, you can browse the book through Amazon’s Page Viewer. For the first time in print, we provided an in-depth coverage of attacking and exploiting [...]

December 9, 2010   Posted in: 802.11, Bluetooth, Exploit, Hacking, Linux, OSX, Penetration Testing, Security, ZigBee  One Comment

Cowpatty 4.6 (with less teh suck)

As it turns out, there was a pretty significant bug in cowpatty 4.5 and earlier when built on systems with a more modern version of OpenSSL than what I was testing against: typedef struct { unsigned char k_ipad[65]; unsigned char k_opad[65]; unsigned char k_ipad_set; unsigned char k_opad_set; } SHA1_CACHE;   struct SHA1_CACHE cached; SHA1_CTX context; [...]

July 3, 2009   Posted in: 802.11, Code, Security, Tool  No Comments

Cowpatty 4.5

After too much time I have posted coWPAtty 4.5 with several fixes and a couple of new features: Fewer restrictions on collecting the data needed to mount an attack.В  The default behavior requires all 4 frames of the 4-way handshake to mount an attack.В  If you specify “-2″ on the command-line, coWPAtty will only require [...]

June 4, 2009   Posted in: 802.11, Penetration Testing, Security, Tool  4 Comments

Kismet-Newcore Screenshots

Dragorn has posted a bunch of screenshots for Kismet-Newcore, demonstrating some of the cool UI features including traffic activity timeline view, update client list view, plugins view, network details view, color preferences, channel utilization (signal and noise) view, and channel configuration. Check them out at http://kismetwireless.net/screenshot.shtml. -Josh

May 26, 2009   Posted in: 802.11, Security, Tool  No Comments

Kismet Newcore RC1 Released

Just a little while ago, dragorn released RC1 of Kismet-Newcore, the much-awaited next-generation of Kismet. From the release news: After 5+ years of development, this staging release is to work out any final minor issues before a full release. Kismet-2009-05-RC1 is expected to be fully functional, so please report problems on the forums or via [...]

May 26, 2009   Posted in: 802.11, Security, Tool  4 Comments

Locating ZigBee Devices

Since the introduction of the ZigBee-2004 specification, the ZigBee Alliance has made significant improvements in the security of sensor-based wireless networks. Despite improvements introduced in later amendments including the ZigBee-Pro specification, the security is not bullet-proof, due to the significant constraints of CPU, flash and memory availability in low-cost devices. Designing around these constraints, the [...]

May 11, 2009   Posted in: Linux, Security, ZigBee  2 Comments

Follow the Bouncing Malware: Gone With the WINS

Tom Liston is a unique individual. Not only is he technically skilled in many areas, but he has the Kurt Vonnegut gift of being able to write a story that both delivers a message and keeps you entertained with simple sentences (oh, and teaches you a thing or two about malware analysis). Follow the Bouncing [...]

May 7, 2009   Posted in: Exploit, Malware, Reverse Engineering, Security, Windows 2003  No Comments

Pen Test Perfect Storm Trilogy Slides

Over the last several months I had the pleasure of working with Ed Skoudis and Kevin Johnson in presenting a trilogy of webcasts titled the Pen Test Perfect Storm where we talk about techniques to combine network, web app and wireless pen testing. By combining these components of classic pen-tests, we are able to more [...]

May 3, 2009   Posted in: 802.11, Exploit, Hacking, Penetration Testing, Security, Vista  No Comments

Why Zoher Anis Rocks My Inbox

If you haven’t met Zoher Anis at a SANS conference or other popular venue, please make an effort to do so as soon as possible. Zoher is one of the most awesome guys I know, and humbles me with his new presentation “Why Joshua Wright loves Windows Vista ? And why you should be glad [...]

April 11, 2009   Posted in: 802.11, Hacking, Penetration Testing, Security, Vista, Wireless  No Comments