Presentations

2012


A Taste of SEC575: Invasion of the Mobile Phone Snatchers“, June 1, 2012, Joshua Wright
This first part of a trilogy of webcasts introducing the SANS Mobile Device Security and Ethical Hacking (SEC575) course looks at the threat of lost or stolen mobile devices, examining how an attacker can use backup tools to extract data from mobile devices, bypass PIN authentication on Apple iOS and BlackBerry devices, and how to mitigate the impact of lost devices.

 

2011


The Pen Test Perfect Storm: We Love Cisco!, Part 6“, March 23, 2011, Kevin Johnson, Ed Skoudis, Joshua Wright
Presented as a CORE Security Technologies webcast, this is the sixth in the “trilogy” of Pen Test Perfect Storm presentations. In this presentation we share our love and admiration for Cisco technology including attacks against routers, switches and wireless devices. Pen testing techniques against SNMP, VLAN hopping, web interfaces and wireless controllers are covered in all their glory details.

 

2010


The Pen Test Perfect Storm: We Love Adobe!, Part 5“, August 31, 2010, Kevin Johnson, Ed Skoudis, Joshua Wright
Presented as a CORE Security Technologies webcast, this is the fifth in the “trilogy” of Pen Test Perfect Storm presentations. In this presentation we share our fondness for Adobe technology including Reader, Flash and Shockwave and how we enjoy leveraging the many weaknesses in Adobe products during penetration tests. Wireless, Network and Web attacks abound, and often give an adversary the upper-hand with typical Adobe product deployments.

 


Maximum Overdrive Redux!“, May 8, 2010, Joshua Wright
Presented at SANS SecWest 2010, this presentation looks at several of the issues and opportunities for attackers to exploit hardware and embedded systems for new access opportunities. I tried to answer the question: Are we headed for a Maximum Overdrivereal-world scenario?

 


Essential Crypto for Pen Testers (Without the Math!)“, April 26, 2010, Joshua Wright
Presented on a SANS webcast promoting the Pen Test Summit, this presentation takes a look at various cryptographic components and how we can assess them as penetration testers with a real-life example of how we (at InGuardians) exploited a wireless protocol using a proprietary implementation of RC4. Also take a look a the simple tool “pcaphistogram” that I demonstrate in the presentation.

 


The Pen Test Perfect Storm: We Love Microsoft!, Part 4“, April 6, 2010, Kevin Johnson, Ed Skoudis, Joshua Wright
Presented as a CORE Security Technologies webcast, this is the continuation of the, uhh, “trilogy” of Pen Test Perfect Storm presentations. In this presentation we devoted our message of combining network, web and wireless penetration testing techniques to Microsoft technology, looking at the beauty of IIS, SharePoint, target enumeration with Metasploit’s Meterpreter and Nmap, common wireless configuration weaknesses and Windows 7 soft AP functionality, following by a step-by-step attack illustration. Keep an eye out for more presentations focusing on vendor-specific technology coming to a webcast near you.

 

2009


KillerBee: Practical ZigBee Exploitation Framework“, October 25, 2009, Joshua Wright
Presented at the ToorCon 11 conference in San Diego, this presentation examines the ZigBee protocol, and its use in interacting with devices in the kinetic world such as hydro plant water spill gates, natural gas line valve actuators and smart home technology. Based on my research about the ZigBee and IEEE 802.15.4 protocols, I’ve developed several tools designed to exploit vulnerabilities in these protocols and common implementations, dubbed KillerBee.

 


Budget Wireless Assessment: Kismet Newcore“, July 8, 2009, Joshua Wright
Presented at the SANS Denver 2009 conference, this presentation takes a look at the challenges of wireless assessment for wireless network administrators, auditors and ethical hackers, presenting Kismet Newcore as a powerful tool for common analysis tasks. Focusing on getting Kismet Newcore up and running on a budget, this presentation guides you through the task of getting Newcore running on Backtrack 4 and leveraging the powerful new features it provides.

 


The Pen Test Perfect Storm: Network Reconstructive Surgery, Part 3“, March 24, 2009, Kevin Johnson, Ed Skoudis, Joshua Wright
Presented as a CORE Security Technologies and SANS Institute webcast, this is the third and “final” in the trilogy of Pen Test Perfect Storm presentations. In this presentation we take a look at an outside-in attack, leveraging Ratproxy, the Yokoso! project and a browser exploit, as well as how a pentester can manipulate the not-so-helpful features in enterprise wireless networking systems.

 

Privacy Loss in a Pervasive Wireless World“, March 1, 2009, Joshua Wright
Presented at a the SANS 2009 conference, this presentation looks at a different side of wireless security: privacy loss. Taking a look at the many different ways you can lose your privacy and anonymity through WiFi, proprietary, cellular and Bluetooth networks, this presentation was written to help people understand their privacy risks in a pragmatic manner.

The Pen Test Perfect Storm: Client Side Mutiny, Part 2“, January 21, 2009, Kevin Johnson, Ed Skoudis, Joshua Wright
Presented at a SANS Institute webcast, this is part two of three presentations on combining web app, network and wireless penetration testing. This presentation looks at techniques to leverage the route and pass-the-hash features built into Metasploit, leveraging a compromised client to perform wireless discovery and attack using the vistarfmon, netsh (Vista built-in) and nm2lp tools. From a compromised client and net wireless network discovery, we leverage w3af to exploit vulnerable internal web servers.

2008


Understanding the WPA/WPA2 Break“, November 17, 2008, Joshua Wright
Presented at a SANS Institute webcast, this presentation examines the attacks against the TKIP protocol, with recommended defenses and vendor-specific mitigation and monitoring device.

The Pen Test Perfect Storm: Combining Network, Web App and Wireless Pen Test Techniques, Part I“, October 15, 2008, Kevin Johnson, Ed Skoudis, Joshua Wright
Presented at a SANS Institute webcast, this is the first of three presentations on what we believe is the future of effective penetration testing. Instead of focusing on a single method such as network analysis or wireless analysis, we propose and illustrate an example of a pen test where web, network and wireless pen testing work together for a practical and effective analysis of security vulnerabilities. This presentation introduces a method to exploit guest networks to introduce cross-site scripting (XSS) attacks against any web browsing traffic (even sites not vulnerable to XSS) using a yet-unreleased tool called AirCSRF. Leveraging the Browser Exploitation Framework (BeEF), once a client is hooked, we can deliver network exploits to internal targets.

High Speed Risks in 802.11n Networks“, April 17, 2008, Joshua Wright
Presented at the RSA2008 conference, this presentation looks at the new features of the 802.11n protocol, identifying new risks inherent with 802.11n and the opportunities for an attacker to exploit wireless leveraging these features.

Leveraging Wireshark for Wireless Network Analysis“, April 1, 2008, Joshua Wright
Presented by Mike Kershaw at the SHARKFEST 2008 conference, this presentation provides guidance on leveraging Wireshark as a valuable tool for troubleshooting and analyzing wireless networks, from both the operational and security perspectives.

Security Implications of Pervasive Wireless Technology“, March 2008, Joshua Wright
Presented at an invite-only conference put on by Intel Corporation, this presentation takes a look at how wireless technology can invade consumer privacy, and ways that malicious wireless users can collect sensitive information about wireless users’ identities.

Wireless Threats and Practical Exploits“, March 2008, Joshua Wright
Presented at the Virginia Tech SANS Conference, this presentation identifies the practical, real-world, “no kidding you NEED TO DO SOMETHING ABOUT THIS” problems with wireless networks.

PEAP: Pwned Extensible Authentication Protocol“, Feb 2008, Joshua Wright and Bran Antoniecwicz
Presented at the Shmoocon 2008 Conference, Brad and I talked about attacks against the Extensible Authentication Protocol including EAP-MD5, LEAP and, most importantly, ways to compromise user passwords on PEAP and TTLS networks. You can also snag our video of the talk here.