Evil Twin Wireless Access Point Attack

Size: px
Start display at page:

Download "Evil Twin Wireless Access Point Attack"

Transcription

1 Evil Twin Wireless Access Point Attack 1 Evil Twin Wireless Access Point Attack Submitted to Dr. Stephan Robila CSIT 520 Network Security By Dan Ginsberg Department of Computer Science Montclair State University Spring 2015

2 Evil Twin Wireless Access Point Attack 2 Abstract Evil Twin Wireless Access Point Attack discusses a type of man in middle attack. Instead of pursuing a more traditional route, like obtaining access to a network to implement DNS poisoning, an Evil Twin wireless access point broadcasts an enticing or otherwise misleading WiFi network for unwitting users to join. Once unsuspecting users are connected to the Evil Twin wireless access point (WAP), their traffic can be inspected, modified and logged. Utilizing ettercap, SSLStrip, and relying on user ignorance, even SSL encrypted traffic falls prey to this attack. The attack is complex in terms of its complexity, yet it is simple to implement, and does not require very expensive hardware, only proximity and patience on the part of the hacker. An overview of the technology, procedures for implementation, and preventive measures are addressed.

3 Evil Twin Wireless Access Point Attack 3 INTRODUCTION WiFi is a useful technology that has been rapidly expanding for years and is now prevalent almost everywhere we go. It allows users and their devices to easily and wirelessly access the internet. Despite the reliance on this technology that has emerged in recent years, the average user is unaware of how it works and unaware of the many security vulnerabilities they subject themselves to when using it. While great advances have been made to protect wireless communications, such as WEP, WPA2, and WPS, the reality is that they are still all breakable. Further, they only work to secure the information traveling between the user s device and the WAP. The Evil Twin WAP attack provides the hacker a method for obtaining sensitive user information. Instead of targeting and hacking a wireless access point to infiltrate a network, the hacker simply tricks the user into connecting to a malicious network. An average user is unaware of what occurs when they connect to a wireless network. They know enough to determine something is wrong if their desired website does not load. However, even if their sites do not load, they usually assume their hardware is at fault and proceed to restart their routers. There is ample room to exploit these situations. In practice, it does not take a very elaborate plan to steal information. Furthermore, suspicion on the part of the user is usually kept at bay. In addition to uninformed users, WiFi devices are usually configured to auto connect to open or known networks. This combination of predictable human behaviour and the use of protocols that are easily trusted results in a very exploitable attack vector.

4 Evil Twin Wireless Access Point Attack 4 BACKGROUND The objective of this research is to identify a method for obtaining user credentials through a wireless man in the middle attack. During the initial research and development phase, several tools that simplified the implementation of the man in the middle attack were identified, and the original plan relied heavily on the user being oblivious to security and threats. An example of one type of threat would be the appearance of a fake version of Facebook at a x.x address space or a remembered password field being blank. This would have also required downloading the latest versions of several common websites like Google, Bing, Facebook, Twitter, LinkedIn and Fantasy Baseball and then running modified versions of each of those pages to return the form input to a database running locally through an Apache Web Server and MySQL. While researching the above implementation, it was discovered that the software, Ettercap, in conjunction with SSLStrip could more effectively capture the credentials of a victim from any website they visit, instead of the few sites that would have been modified originally. These tools also do a far better job of making the entire attack less noticeable and more transparent to the victim. Even going so far as adding a favicon lock icon to make the users think the session is secure. Outlined below are the original and implemented Plan of Attack. INITIAL PLAN 1. Find an open network, or crack the password of a secure network using Aircrack ng. 2. Broadcast an imposter SSID with the same credentials so users connect to me unknowingly. 3. Utilize the original router as an internet connection.

5 Evil Twin Wireless Access Point Attack 5 4. Redirect desired URLs to my local web server running a fake copy of a login page, capture username & password. 5. Redirect user to actual desired login page. IMPLEMENTED PLAN 1. Broadcast enticing ESSID (Ex Free WiFi, or one being requested by a nearby device) using airbase ng 2. Utilize Ettercap and SSLStrip to force a client into http from https and grab plaintext usernames and passwords from form submits. 3. Connect the clients out to the internet so they do not suspect anything is wrong. THE TOOLS These are the key technologies involved in the execution of this Evil Twin attack. The basic purpose of the tools are defined here, details like parameters will be outlined below in the implementation section. ALFA AWUS036NHA USB WiFi ADAPTER This piece of hardware is renown throughout the security and penetration testing industry for its affordable price, robust feature set, and Linux driver compatibility. This is also one of the few wireless cards on the market capable of both Monitor mode and Master mode. Monitor mode allows inspection of wireless traffic without being associated with the access point; this is useful for packet sniffing. Master mode is the key feature needed for our Evil Twin attack. It allows the adapter to act as wireless access point and provide network services to clients that connect.

6 Evil Twin Wireless Access Point Attack 6 AIRBASE NG Airbase ng is multi purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself. [1] This is used to broadcast the ESSID the clients will connect to. It will create a tap interface (at0) that is used to receive decrypted packets and send encrypted ones. This is a loud application which can interfere with other networks on the same channel. As such, it has features to filter and limit its activity to better suit individual environments and requirements. ETTERCAP A powerful and flexible tool for man in the middle attacks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis. [5] This is the tool that will be responsible for credentials as they come through as well as passing the https traffic to SSLStrip for decryption. SSLSTRIP This is one of the most pivotal elements of the attack, sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks. [6] This tool forces HTTPS sessions to HTTP which in turn causes otherwise encrypted private form submissions to be exposed. It also adds the lock favicon associated with an HTTPS session to the URL bar to make users think the session is secure. IMPLEMENTATION This section will provide commentary along with screenshots detailing each step of the attack from initial configuration to obtaining usable results. The first step is to identify the

7 Evil Twin Wireless Access Point Attack 7 environment: both what is being broadcasted in the air as well as what hardware is available for use. In this case the guest OS, Kali Linux, has access to the internet via gateway on the virtual bridged interface, eth0. Running airmon ng will display the available wireless adapters. The Alfa USB Antenna is available as interface wlan0. Here the DHCP server is configured. This configuration will be used by the victims connecting to the Evil Twin WAP.

8 Evil Twin Wireless Access Point Attack 8 The next step is to place the wireless interface into monitor mode. This allows the interface to see all traffic sent from a wireless network, even without being associated with a WAP.

9 Evil Twin Wireless Access Point Attack 9 Above, errors are encountered. After some time troubleshooting, the value of reading warnings is learned. The above message about processes that could cause trouble proves accurate. Below, NetworkManager is killed airbase launches successfully. Airbase is used to broadcast a wireless network. In this example, a single ESSID of freewifi is set to broadcast on channel 11 via mon0.

10 Evil Twin Wireless Access Point Attack 10 My ifconfig & iptables configuration, passing the connection to the appropriate interface to allow SSLStrip to receive it. In order to launch the DHCP server, first a configuration needs to be binded to an interface. Use cf to point it to the configuration file created earlier. Then use pf to bind it to the at0 interface process. It will report back that it is listening and sending data. Then, start the actual DHCP server.

11 Evil Twin Wireless Access Point Attack 11 Configuring SSLStrip, enable the replacement favicon with a lock picture (this tricks users) with f. The p parameter enables logging of only SSL POSTs, and k defines which port for SSLStrip to listen on. p disables promiscuous mode, this narrows ettercaps filtering and only looks at packets traveling over the defined interface. u Prevents Ettercap from disabling kernel IP Forwarding. T Text format, dumps everything formatted with printf q Quiet mode; don t display everything, write it to a log file. i Specify an interface, in this case, the tap interface at0

12 Evil Twin Wireless Access Point Attack 12 Airbase reports that a device has connected to the the ESSID set earlier, freewifi The DHCP server then reports that a device has requested an address, and it is given a valid IP from the pool. When the victim submits a form on a website, SSLStrip sees the submission and displays the username and password. They have been blurred out for anonymity, however these results are in cleartext and valid. The victim has now submitted their credentials for what they believed was a secure website login. Their credentials are now passed to the website and they are successfully logged in, unaware of any Man in the middle interference. PREVENTATIVE MEASURES The most valuable preventative measure is user education and awareness. Once users know Evil Twins exist and understand how they work, they will be better able to defend themselves against the attacks. WiFi devices utilize passive and active listening to conveniently and automatically connect to known networks; in order to do this, these devices ask send request beacons by name. An attacker can see these beacon requests and customize the Evil Twin to answer with the correct SSID. As such, users should disable devices from automatically

13 Evil Twin Wireless Access Point Attack 13 connecting to known networks. Users should also be vigilant and not intentionally connect to a known network when outside that networks range; like a home network when on vacation. Never assume a public wifi hotspot is safe; they could just as easily be Evil Twins as well. When using these networks, be cautious about sending sensitive information. In addition to these awareness factors, there are tools that can aid in protection. Here are two solutions that should be easy enough to implement. They may result in a less seamless user experience when under attack, but that is an acceptable price to pay for a chance at protecting sensitive credentials. MULTI FACTOR AUTHENTICATION The RSA SecurID is a formidable tool designed to combat against these attacks. Of course, credentials will still be compromised, but access to their respective pages will not necessarily be breached. This will defend against an Evil Twin passively logging credentials for use at a later point, however if a hacker is actively watching and waiting, or produces a script that is, they will capture the RSA fixed interval authentication code, and could access the account immediately and possibly remove the multi factor authentication. HTTPS EVERYWHERE This browser plugin is another great tool to try to enable a secure browsing session. It forces HTTPS whenever a website offers it as a service, and can be configured to not transmit data if the secure link is compromised or never established. This will ultimately prevent Evil Twin MiTM attacks that are using SSLStrip. Due to the non standard nature of the internet, some pages may not load as desired, and whitelist rules may need to be added for others.

14 Evil Twin Wireless Access Point Attack 14 FUTURE RESEARCH My personal research has already exceeded the initial scope of my project and I have now modified my focus. My initial goal of serving a fake login page via an apache server quickly developed into using ettercap and SSLStrip, a much more elegant approach. I will now continue my research utilizing a WiFi Pineapple by Hak5. It is a very powerful device that ties together some of the most renown hardware in the hacking and penetration testing community. Frankly, the Pineapple takes these tasks outlined in my research, expands upon their functionality, and trivializes the implementation of attack. They are also compact, can function off a portable battery pack, are inconspicuous and can easily be used with a high gain YAGI omni directional antenna for implementing these and other attacks from a distance. Future research will involve experimenting with the other possible man in the middle attacks utilizing the WiFi Pineapple. CONCLUSION An Evil Twin attack does not require expensive nor highly specialized hardware, and the software is open source and freely available. The large community that is made up of security specialists and penetration testers have been developing and fine tuning these tools for several years. There are also hundreds of pages of support documentation available. That is to say, this attack is a very real threat in malicious hands, as well as very easy to implement. Therefore, it does not require years of specialized training. Users should think before they connect to free or open networks. Users should also be cautious about connecting to known and secure WAPs. Again, WEP and WPA2 are easy to crack. Those same credentials can be used on an Evil Twin to further convince a user the network is safe WiFi is an effective technology for easy and wireless access to IP based networks. However, this convenience comes

15 Evil Twin Wireless Access Point Attack 15 at the cost of security, and often leads to user complacency. This Evil Twin exploits complacent and uneducated users by tricking them into connecting to the wrong network. This attack sidesteps the requirement of cracking a secure network. Once a user is connected, the use of SSLStrip breaks the HTTPS encryption process and allows for the capture of sensitive user information like passwords and even credit card numbers. Efforts have been made in protecting wireless communications by securing the information traveling between a user s device and the WAP and between the user s browser and a web server. The Evil Twin WAP attack easily circumvents both of these aspects of security. The rapid growth and implementation of WiFi across networked devices, including everything under the title, The Internet of Things further exacerbates the situation. Users transmit sensitive and personal information from their devices constantly. They need to become educated about the dangers associated with wireless technologies and remain vigilant when using them.

16 Evil Twin Wireless Access Point Attack 16 REFERENCES [1] "Aircrack ng." Airbase ng N.p., n.d. Web. 10 May from ng.org/doku.php?id=airbase ng [2] "Evil Twin Tutorial." Information Treasure. N.p., 25 July Web. 10 May from twin tutorial/ [3] J. Broad, A. Binder. (2003). Hacking with Kali: Practical Penetration Testing Techniques [4] "Man in the middle Attack." Wikipedia. Wikimedia Foundation, Web. 10 May from in the middle_attack [5] Manual Reference Pages ETTERCAP, Web. 10 May 2015 from 3 man/ettercap [6] "Moxie0/sslstrip." GitHub. N.p., n.d. Web. 10 May from

Post Connection Attacks

Post Connection Attacks Post Connection Attacks All the attacks we carried out in the previous sections can be done without knowing the key to the AP, ie: without connecting to the target network. We saw how we can control all

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless

More information

Man-In-The-Browser Attacks. Daniel Tomescu

Man-In-The-Browser Attacks. Daniel Tomescu Man-In-The-Browser Attacks Daniel Tomescu 1 About me Work and education: Pentester @ KPMG Romania Moderator @ Romanian Security Team MSc. Eng. @ University Politehnica of Bucharest OSCP, CREST CRT Interests:

More information

Jackson State University Department of Computer Science CSC 437/539 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan

Jackson State University Department of Computer Science CSC 437/539 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan Jackson State University Department of Computer Science CSC 437/539 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan Lab Project # 3: Simulating DHCP Snooping and DNS Cache Poisoning through

More information

SETTING UP THE LAB 1 UNDERSTANDING BASICS OF WI-FI NETWORKS 26

SETTING UP THE LAB 1 UNDERSTANDING BASICS OF WI-FI NETWORKS 26 Table of Contents 0 SETTING UP THE LAB 1 HARDWARE REQUIREMENTS 1 SOFTWARE REQUIREMENTS 2 KALI LINUX INSTALLATION: 3 INSTALL KALI LINUX UNDER VMWARE 3 INSTALLING KALI LINUX ON PC 11 Kali Linux on USB: Advantages

More information

WIRELESS EVIL TWIN ATTACK

WIRELESS EVIL TWIN ATTACK WIRELESS EVIL TWIN ATTACK Prof. Pragati Goel Associate Professor, NCRD s Sterling Institute of Management Studies, Navi Mumbai Mr. Chetan Singh NCRD s Sterling Institute Of Management Studie, Navi Mumbai

More information

Wireless Attacks and Countermeasures

Wireless Attacks and Countermeasures Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections

More information

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Securing Wireless Networks by By Joe Klemencic Mon. Apr http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies

More information

Ethical Hacking and Prevention

Ethical Hacking and Prevention Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive

More information

Section 4 Cracking Encryption and Authentication

Section 4 Cracking Encryption and Authentication Section 4 Cracking 802.11 Encryption and Authentication In the previous section we showed the vulnerabilities of Open Wireless LANs. In this section we ll show some of the techniques and tools used to

More information

Wi-Net Window and Rogue Access Points

Wi-Net Window and Rogue Access Points Wi-Net Window and Rogue Access Points The Wi-Net Window (WP150) has several features that make it ideal for detecting and locating rogue access points: A rogue access point is a wireless access point that

More information

5 Steps Wifi Hacking Cracking WPA2 Password

5 Steps Wifi Hacking Cracking WPA2 Password Advertise Here Contact Us Request Tutorial Write for Us Download» Hacking Knowledge Hacking News Hacking Tutorial Hacking Widget Online Tools» Tips and Trick Website» Phone Hacking Search 9,517 91 +525

More information

GETTING THE MOST OUT OF EVIL TWIN

GETTING THE MOST OUT OF EVIL TWIN GETTING THE MOST OUT OF EVIL TWIN B-SIDES ATHENS 2016 GEORGE CHATZISOFRONIOU (@_sophron) sophron@census-labs.com www.census-labs.com > WHOAMI Security Engineer at CENSUS S.A. Cryptography, Wi-Fi hacking,

More information

5 Tips to Fortify your Wireless Network

5 Tips to Fortify your Wireless Network Article ID: 5035 5 Tips to Fortify your Wireless Network Objective Although Wi-Fi networks are convenient for you and your employees, there may be unwanted clients using up the bandwidth you pay for. In

More information

Mobile Security Fall 2013

Mobile Security Fall 2013 Mobile Security 14-829 Fall 2013 Patrick Tague Class #6 More WiFi Security & Privacy Issues WiFi Security Issues A Scenario Internet Open AP SSID Network X Open OpenAP AP SSID Attacker Network X LaptopLaptop

More information

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question

More information

Wireless Security Algorithms

Wireless Security Algorithms (NOTE: If you are using a virtual lab to run your attacks you will need an external Wi Fi attachment. The other option is to have a direct install on your computer. Virtual labs cannot access your wireless

More information

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these

More information

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Introduction to SSL. Copyright 2005 by Sericon Technology Inc. Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter

More information

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009 Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References

More information

Hacking Demonstration. Dr John McCarthy Ph.D. BSc (Hons) MBCS

Hacking Demonstration. Dr John McCarthy Ph.D. BSc (Hons) MBCS Hacking Demonstration Dr John McCarthy Ph.D. BSc (Hons) MBCS Demonstration Deploying effective cyber security is one of the 21 st century s greatest challenges for business. The threats facing businesses

More information

Main area: Security Additional areas: Digital Access, Information Literacy, Privacy and Reputation

Main area: Security Additional areas: Digital Access, Information Literacy, Privacy and Reputation Public Wi Fi Created: March 2016 Last Updated: July 2018 Estimated time: Group or individual activity: Ages: 60 minutes [10 minutes] Activity #1 [15 minutes] Activity #2 [10 minutes] Activity #3 [10 minutes]

More information

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Frequently Asked Questions WPA2 Vulnerability (KRACK) Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key

More information

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging

More information

Wireless Network Security

Wireless Network Security Wireless Network Security By: Jose Rodriguez Table of Contents Wireless Network Security...1 Table of Contents...2 Introduction...3 Wireless Network Requirements...4 Wireless Network Protocols...5 Wireless

More information

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO

More information

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:

More information

Man in the middle. Bởi: Hung Tran

Man in the middle. Bởi: Hung Tran Man in the middle Bởi: Hung Tran INTRODUCTION In today society people rely a lot on the Internet for studying, doing research and doing business. Internet becomes an integral part of modern life and many

More information

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14 Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.

More information

A Framework for Optimizing IP over Ethernet Naming System

A Framework for Optimizing IP over Ethernet Naming System www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul

More information

Wireless LAN Security (RM12/2002)

Wireless LAN Security (RM12/2002) Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For

More information

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support.

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support. Sniffers - Wireshark: The most popular packet sniffer with cross platform support. - Tcpdump: A popular CLI sniffer available for both the Unix and Linux platforms. - Windump: Windows version of tcpdump.

More information

Hacking Wireless Networks by data

Hacking Wireless Networks by data Hacking Wireless Networks by data -disclaimer- The sole purpose of this article is so that you may be informed about how your neighbor may be able to take a laptop, crack your wep/wpa key to your router

More information

Once in BT3, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card.

Once in BT3, click the tiny black box in the lower left corner to load up a Konsole window. Now we must prep your wireless card. Hacking WEP wifi passwords 1. Getting the right tools Download Backtrack 3. It can be found here: http://www.remote-exploit.org/backtrack_download.html The Backtrack 4 beta is out but until it is fully

More information

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted. Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.

More information

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple

More information

Security and Privacy

Security and Privacy E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila

More information

Security Course. WebGoat Lab sessions

Security Course. WebGoat Lab sessions Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter

More information

Hacking Encrypted Wireless Network

Hacking Encrypted Wireless Network Hacking Encrypted Wireless Network Written by Fredrik Alm CompuTechSweden 2010 http://www.fredrik-alm.se/ REQUIREMENTS Software: Operating System: Linux kernel (Recommended: BackTrack 4 Final ) Download:

More information

What is Eavedropping?

What is Eavedropping? WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks

More information

Webomania Solutions Pvt. Ltd. 2017

Webomania Solutions Pvt. Ltd. 2017 The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.

More information

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:

More information

Wireless Network Penetration Testing Using Kali Linux on BeagleBone Black

Wireless Network Penetration Testing Using Kali Linux on BeagleBone Black Wireless Network Penetration Testing Using Kali Linux on BeagleBone Black Aparicio Carranza, PhD 1 and Casimer DeCusatis, PhD 2 1 The New York City College of Technology CUNY, USA, acarranza@citytech.cuny.edu

More information

Wireless Network Security Spring 2016

Wireless Network Security Spring 2016 Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project

More information

To search type and hit enter

To search type and hit enter Contact Us Advertise Disclaimer Privacy Policy Sitemap Write for Us To search type and hit enter Home Android Linux Raspberry Pi PHP Tricks Windows Tech News WordPress Videos Apps Forum Home -> Linux ->

More information

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came Victoria Ellsworth Dr. Ping Li ICTN 4040 04/11/17 Internet of Things (IoT) Attacks The Internet of Things (IoT) is based off a larger concept; the Internet of Things came from idea of the Internet of Everything.

More information

Wireless Network Security Spring 2015

Wireless Network Security Spring 2015 Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA

More information

Defeating All Man-in-the-Middle Attacks

Defeating All Man-in-the-Middle Attacks Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type

More information

Testing login process security of websites. Benjamin Krumnow

Testing login process security of websites. Benjamin Krumnow Testing login process security of websites Benjamin Krumnow Benjamin Krumnow 2 Initial Project: Shepherd Marc Sleegers, B.Sc., master student at the Open University Bachelor Thesis, March 2017 [1] Counting

More information

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits

More information

What action do you want to perform by issuing the above command?

What action do you want to perform by issuing the above command? 1 GIAC - GPEN GIACCertified Penetration Tester QUESTION: 1 You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?

More information

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking

More information

Securing CS-MARS C H A P T E R

Securing CS-MARS C H A P T E R C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout

More information

PMS 138 C Moto Black spine width spine width 100% 100%

PMS 138 C Moto Black spine width spine width 100% 100% Series MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. 2009 Motorola, Inc. Table of

More information

RouterCheck Installation and Usage

RouterCheck Installation and Usage RouterCheck Installation and Usage February 16, 2015 No part of this document may be reproduced, copied, or distributed in any fashion without the express written permission of Sericon Technology Inc.

More information

Project 3: Network Security

Project 3: Network Security CIS 331 October 3, 2017 Introduction to Networks & Security Project 3: Network Security Project 3: Network Security This project is due on Tuesday, October 17 at 10 p.m.. You must work in teams of two

More information

Web Application Security. Philippe Bogaerts

Web Application Security. Philippe Bogaerts Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security

More information

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney. Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw

More information

Breaking SSL Why leave to others what you can do yourself?

Breaking SSL Why leave to others what you can do yourself? Breaking SSL Why leave to others what you can do yourself? By Ivan Ristic 1/ 26 Who is Ivan Ristic? 1) ModSecurity (open source web application firewall), 2) Apache 2/ 33 Security (O Reilly, 2005), 3)

More information

Lure10: Exploiting Windows Automatic Wireless Association Algorithm

Lure10: Exploiting Windows Automatic Wireless Association Algorithm Lure10: Exploiting Windows Automatic Wireless Association Algorithm HITBSecConf2017, Amsterdam GEORGE CHATZISOFRONIOU (@_sophron) sophron@census-labs.com www.census-labs.com > Wi-Fi Automatic Association

More information

Welcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:

Welcome. Password Management & Public Wi-Fi Security. Hosted by: Content by: Welcome Password Management & Public Wi-Fi Security Hosted by: Content by: Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 1:00 Welcome Foster & Motley Clients to Security Education

More information

Configuration of Access Points and Clients. Training materials for wireless trainers

Configuration of Access Points and Clients. Training materials for wireless trainers Configuration of Access Points and Clients Training materials for wireless trainers Goals to provide a simple procedure for the basic configuration of WiFi Access Points (and clients) to review the main

More information

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the

More information

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014 Network Security Security in local-area networks Radboud University Nijmegen, The Netherlands Autumn 2014 Announcement Exercise class (werkcollege) time and room changed: Friday, 15:30-17:30, in LIN 8

More information

NETWORK SECURITY. Ch. 3: Network Attacks

NETWORK SECURITY. Ch. 3: Network Attacks NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network

More information

Secure Communications Over a Network

Secure Communications Over a Network Secure Communications Over a Network Course: MITS:5400G Proffessor: Dr. Xiaodong Lin By: Geoff Vaughan 100309160 March 20th 2012 Abstract The purpose of this experiment is to transmit an encrypted message

More information

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

5. Execute the attack and obtain unauthorized access to the system.

5. Execute the attack and obtain unauthorized access to the system. Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and

More information

Worldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System

Worldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System Your world, Secured 2016 Worldwide Release System Overview Wi-Fi interception system is developed for police operations and searching of information leaks in the office premises, government agencies and

More information

IoT Vulnerabilities. By Troy Mattessich, Raymond Fradella, and Arsh Tavi. Contribution Distribution

IoT Vulnerabilities. By Troy Mattessich, Raymond Fradella, and Arsh Tavi. Contribution Distribution Security Penetration Through IoT Vulnerabilities By Troy Mattessich, Raymond Fradella, and Arsh Tavi Contribution Distribution Arsh Tavi Troy Mattessich Raymond Fradella Conducted research and compiled

More information

Personal Internet Security Basics. Dan Ficker Twin Cities DrupalCamp 2018

Personal Internet Security Basics. Dan Ficker Twin Cities DrupalCamp 2018 Personal Internet Security Basics Dan Ficker Twin Cities DrupalCamp 2018 Overview Security is an aspiration, not a state. Encryption is your friend. Passwords are very important. Make a back-up plan. About

More information

6 Vulnerabilities of the Retail Payment Ecosystem

6 Vulnerabilities of the Retail Payment Ecosystem 6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting

More information

Principles of ICT Systems and Data Security

Principles of ICT Systems and Data Security Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing

More information

Linux in the connected car platform

Linux in the connected car platform Linux in the connected car platform Background Long time desktop Linux user Designed several capes for the BeagleBone Black Currently an Embedded engineer for Dialexa What is a connected car anyway? A

More information

Wireless Printing Updated 10/30/2008 POLICY. The use of Wireless Networking is not permitted at any site for full client/server networking of Taxwise.

Wireless Printing Updated 10/30/2008 POLICY. The use of Wireless Networking is not permitted at any site for full client/server networking of Taxwise. Updated 10/30/2008 POLICY Tax-Aide Wireless Printing Policy The use of Wireless Networking is not permitted at any site for full client/server networking of Taxwise. Wireless networking, for the purpose

More information

Man In The Middle Project completed by: John Ouimet and Kyle Newman

Man In The Middle Project completed by: John Ouimet and Kyle Newman Man In The Middle Project completed by: John Ouimet and Kyle Newman What is MITM? Man in the middle attacks are a form of eves dropping where the attacker relays messages that are sent between victims

More information

XL-PB350CA. EoC bridge slave. User manual

XL-PB350CA. EoC bridge slave. User manual XL-PB350CA EoC bridge slave User manual Content 1. Equipment Connection... 6 2. Set Accessed PC... 6 3.WIFI WEB Configuration... 8 3.1 Login WEB Interface... 8 3.2 WAN Configuration... 10 3.2.1 PPPO E

More information

Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free

Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free The latest wireless security solutions Protect your wireless systems from crippling attacks using the detailed security information

More information

WAP6405. User s Guide. Quick Start Guide. 5GHz AC1750 Gigabit Wireless Bridge. Default Login Details. Version 1.00 Edition 1, 06/2016

WAP6405. User s Guide. Quick Start Guide. 5GHz AC1750 Gigabit Wireless Bridge. Default Login Details. Version 1.00 Edition 1, 06/2016 WAP6405 5GHz AC1750 Gigabit Wireless Bridge Version 1.00 Edition 1, 06/2016 Quick Start Guide User s Guide Default Login Details LAN IP Address http://192.168.1.2 (AP Mode) http://192.168.1.5 (Repeater

More information

Course. Curriculum ADVANCED ETHICAL HACKING

Course. Curriculum ADVANCED ETHICAL HACKING Course Curriculum ADVANCED ETHICAL HACKING Xploit - Advanced Ethical Hacking Curriculum Duration Lecture and Demonstration: Introduction 20 Hours Xploit has been specially designed for the students who

More information

John Coggeshall Copyright 2006, Zend Technologies Inc.

John Coggeshall Copyright 2006, Zend Technologies Inc. PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor

More information

Comodo Internet Security Essentials Software Version 1.3

Comodo Internet Security Essentials Software Version 1.3 Comodo Internet Security Essentials Software Version 1.3 User Guide Guide Version 1.3.010518 Comodo Security Solutions 1255 Broad Street Clifton, NJ, 07013 United States Table of Contents Comodo Internet

More information

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) HW/Lab 4: IPSec and Wireless Security CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) This HW/Lab assignment covers Lectures 8 (IPSec) and 10 (Wireless Security). Please review these

More information

Configuration of Access Points and Clients. Training materials for wireless trainers

Configuration of Access Points and Clients. Training materials for wireless trainers Configuration of Access Points and Clients Training materials for wireless trainers Goals To provide a simple procedure for the basic configuration of WiFi Access Points (and clients) To review the main

More information

Topics. Ensuring Security on Mobile Devices

Topics. Ensuring Security on Mobile Devices Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that

More information

Introductions: Who are we? What do we need to cover here?

Introductions: Who are we? What do we need to cover here? MacLab Session LT Running Your Wireless Network Safely & Reliably - Tips on Best Tools Wednesday, January 7, 2009 1:00 PM - 3:00 PM Room North 111 Dr. Bill Wiecking wiecking@mac.com Introductions: Who

More information

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of

More information

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac WISNETWORKS User Manual V1.1 2016/3/21 Software version 1.0.0021 Table of contents 1. Setup& WMI... 3 1.1 Hardware Setup... 3 1.2 Web Management Interface... 3 2. Status... 4 2.1 Overview... 4 2.1.1 System...

More information

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/

More information

Network Encryption 3 4/20/17

Network Encryption 3 4/20/17 The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server

More information

How to Render SSL Useless. Render SSL Useless. By Ivan Ristic 1 / 27

How to Render SSL Useless. Render SSL Useless. By Ivan Ristic 1 / 27 How to Render SSL Useless By Ivan Ristic 1 / 27 Who is Ivan Ristic? 1) ModSecurity (open source web application firewall), 2) Apache 2 / 33 Security (O Reilly, 2005), 3) SSL Labs (research and assessment

More information

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing. I Introduction to Hacking Important Terminology Ethical Hacking vs. Hacking Effects of Hacking on Business Why Ethical Hacking Is Necessary Skills of an Ethical Hacker What Is Penetration Testing? Networking

More information

Evaluating the Security Risks of Static vs. Dynamic Websites

Evaluating the Security Risks of Static vs. Dynamic Websites Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline

More information

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder. Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/

More information

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each. Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard

More information

Missouri University of Science and Technology ACM SIG-Security 2014 Wi-Fi Workshop Exploitation Handbook

Missouri University of Science and Technology ACM SIG-Security 2014 Wi-Fi Workshop Exploitation Handbook Missouri University of Science and Technology ACM SIG-Security 2014 Wi-Fi Workshop Exploitation Handbook 1 2 The information provided in this manual is to be used for educational purposes only. The authors

More information

Sirindhorn International Institute of Technology Thammasat University

Sirindhorn International Institute of Technology Thammasat University Name.............................. ID............... Section...... Seat No...... Sirindhorn International Institute of Technology Thammasat University Course Title: IT Security Instructor: Steven Gordon

More information

Using aircrack and a dictionary to crack a WPA data capture

Using aircrack and a dictionary to crack a WPA data capture Step by Step Backtrack 5 and wireless Hacking basics Installing Backtrack 5 Creating a Backtrack 5 R3 Live CD Installing to the Hard drive Installing and running with VMware Reaver WPA dictionary attack

More information

Computer Security 3e. Dieter Gollmann. Chapter 18: 1

Computer Security 3e. Dieter Gollmann.  Chapter 18: 1 Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter

More information