Laurent Butti BlackHat Europe
|
|
- Ronald Harrington
- 5 years ago
- Views:
Transcription
1 ENSIMAG - 4MMSR - Network Security Seminars Laurent Butti BlackHat Europe Corentin Delpech corentin.delpech@ensimag.fr Lucas Fontaine lucas.fontaine@ensimag.fr ENSIMAG 2A TELECOM /29
2 Starring Laurent BUTTI! Network security at R&D labs o working for Orange Speaker at security-focused conferences o ToorCon, Shmoocon, First, BlackHAt US, hack.lu Wi-Fi security centric anecdote : o History of MadWifi. ENSIMAG 2A TELECOM /29
3 Summary Introduction, overview Historic, Wi-Fi standards, usages Technical specificities Networking modes Wi-Fi frames Security of Wi-Fi networks Which issues? How to perform vulnerability tests? Fuzzing What is fuzzing? Implementation of a fuzzer Discovered vulnerabilities Fuzzers limitation, countermeasures Demonstration (!) Final words, summary ENSIMAG 2A TELECOM /29
4 Summary Introduction, overview Historic, Wi-Fi standards, usages Technical specificities Networking modes Wi-Fi frames Security of Wi-Fi networks Which issues? How to perform vulnerability tests? Fuzzing What is fuzzing? Implementation of a fuzzer Discovered vulnerabilities Fuzzers limitation, countermeasures Demonstration (!) Final words, summary ENSIMAG 2A TELECOM /29
5 Historic, Wi-Fi standards Introduction Wi-Fi Wireless Fidelity Appeared in 1999 Now Ubiquitous Many platforms : laptops, cellular phones, printers Why this presentation? Many chipsets -> Many developers -> Heterogeneous regarding security Figure 1 Democratization of wireless hot spots ENSIMAG 2A TELECOM /29
6 Technical specificities, Networking Modes Introduction wireless cards can operate in different modes : Monitor : Just listen to traffic Master AdHoc : Act as an access point : Act as an Adhoc Station Managed : Act as a station Discovering an access point : Figure 2 A Network Active scanning : send probe request and listen to responses and do channel hopping Passive scanning : listen to beacons and do channel hopping ENSIMAG 2A TELECOM /29
7 Technical specificities, Wi-Fi Frames Introduction frames : Data frames Control frames Management frames : MAC frame format : Authentification, Asssociation Request, Assocation Responce, Resassociation Responce, Dissociation, Beacon, Probe Request,Probe responce, Request To Send, Clear To Send, Acknolegement Figure 3 - Mac frame format ENSIMAG 2A TELECOM /29
8 Technical specificities, Wi-Fi Frames Introduction Example of a frame : Figure 4 - Example of a frame with WireShark ENSIMAG 2A TELECOM /29
9 Technical specificities, Wi-Fi Frames Introduction 3 class frames : class 1 : Probe Request / Response, Beacon, Athentification Request / Responce, Deauhentication class 2 : (Re)association Request / Response Deassociation class 3 : Deauthentication Figure States for 1 client and server ENSIMAG 2A TELECOM /29
10 Summary Introduction, overview Historic, Wi-Fi standards, usages Technical specificities Networking modes Wi-Fi frames Security of Wi-Fi networks Which issues? How to perform vulnerability tests? Fuzzing What is fuzzing? Implementation of a fuzzer Discovered vulnerabilities Fuzzers limitation, countermeasures Demonstration (!) Final words, summary ENSIMAG 2A TELECOM /29
11 Which issues? Security of Wi-Fi networks Infrastructure/network sided security weak Client sided security weak Remote attack (in the victim s radio coverage) with kernel-mode code remote execution! Figure 6 Example of Wi-Fi remote attack ENSIMAG 2A TELECOM /29
12 How to perform vulnerability test? Security of Wi-Fi networks Closed source drivers Black box testing Reverse engineering Open source drivers Black & white box testing Source code auditing Corentin & Lucas! Figure 7 Do you know what is inside the box? ENSIMAG 2A TELECOM /29
13 Summary Introduction, overview Historic, Wi-Fi standards, usages Technical specificities Networking modes Wi-Fi frames Security of Wi-Fi networks Which issues? How to perform vulnerability tests? Fuzzing What is fuzzing? Implementation of a fuzzer Discovered vulnerabilities Fuzzers limitation, countermeasures Demonstration (!) Final words, summary ENSIMAG 2A TELECOM /29
14 What is fuzzing? Fuzzing Black box software testing technique Automatically generate and inject malformed or semi-malformed data in order to find implementation bugs [OWASP.ORG] Fuzz (random data) Malformed data Semimalformed data Input of a program Which behavior? If program fails Defects and implementations bugs to correct New vulnerability discovered! Fuzzing is OK to discover the most obvious bugs KO for the most complex ones (not smart enough!) ENSIMAG 2A TELECOM /29
15 Implementation of a fuzzer Fuzzing Information Element Element ID (1) Length (1) Information (Length) Figure 8 Structure of an Information Element Figure 9 Information Element SSID of a frame List of interesting Information Element IE 0 : SSID (min size of 0 byte, max. 32) IE 3 : Channel (fixed size of 1 byte) Some fast boundary test examples : IE 0 {0, 1, MIN-1, MIN, MIN+1, MAX-1, MAX, MAX+1, 254, 255} lengths IE 3 {0, 1, 254, 255} Some IE have a fixed or maximum length Possible overflow of the static buffer receiving the Information if Length not checked ENSIMAG 2A TELECOM /29
16 Implementation of a fuzzer Fuzzing Ethernet connectivity useful for bug detection (ping and keepalive TCP connection) Figure 10 Architecture overview ENSIMAG 2A TELECOM /29
17 Implementation of a fuzzer Fuzzing Difficulties Proprietary Information Element (documentation?!) Channel hopping for active access point scan from the client NEED fast answer Difficult with a Python implementation of the fuzzer, even harder with existing injection framework like Scapy Cannot state if the victim device is listening or not to beacons Detection of a bug under several OS? Solutions More than just a fuzzer : a smart fuzzer Flood the radio with probe responses and beacons Automatic bug detection Windows : ping don t answer any more or even BSOD! Linux : monitor {oops unable to handle assert panic} kernel events Detect when the victim device stop sending probe request for active scanning -> the device don t work anymore! ENSIMAG 2A TELECOM /29
18 Summary Introduction, overview Historic, Wi-Fi standards, usages Technical specificities Networking modes Wi-Fi frames Discovered vulnerabilities Fuzzers limitation, countermeasures Demonstration (!) Security of Wi-Fi networks Which issues? How to perform vulnerability tests? Final words, summary Fuzzing What is fuzzing? Implementation of a fuzzer ENSIMAG 2A TELECOM /29
19 Discovered vulnerabilities by Laurent BUTTI with his Wi-Fi fuzzing - NetGear MA521 Wireless Driver Long Rates Overflow Utilisation d une trame avec un IE Rates trop long (longueur maximale de 8 octets normalement) - NetGear WG311v1 Wireless Driver Long SSID Overflow Utilisation d une trame avec un IE SSID trop long (longueur maximale de 32 octets normalement) - D-Link DWL-G650+ (A1) Wireless Driver Long TIM Overflow Utilisation d une trame avec un IE TIM trop long - Madwifi Driver Remote Buffer Overflow Vulnerability Utilisation d une trame avec IE WPA/RSN/VMM/ATH trop long Exploitable uniquement lors d un appel à SIOCGIWSCAN du client Commande iwlist par exemple ENSIMAG 2A TELECOM /29
20 Discovered vulnerabilities by Laurent BUTTI with his Wi-Fi fuzzing Figure 11 - Linux Kernel «oops» ENSIMAG 2A TELECOM /29
21 Discovered vulnerabilities by Laurent BUTTI with his Wi-Fi fuzzing Figure 12, 13, 14 «net80211/ieee80211_scan.c» MadWiFi source code Function giwscan_cb ENSIMAG 2A TELECOM /29
22 Discovered vulnerabilities by Laurent BUTTI with his Wi-Fi fuzzing Figure 15 «net80211/ieee80211_scan.c» MadWiFi source code Function encode_ie ENSIMAG 2A TELECOM /29
23 Summary Introduction, overview Historic, Wi-Fi standards, usages Technical specificities Networking modes Wi-Fi frames Security of Wi-Fi networks Which issues? How to perform vulnerability tests? Fuzzing What is fuzzing? Implementation of a fuzzer Discovered vulnerabilities Fuzzers limitation, countermeasures Demonstration (!) Final words, summary ENSIMAG 2A TELECOM /29
24 Fuzzer Limitations, counter-measure Limitations : the developer's comprehension of the protocol cannot help you to find Complex 'Bugs' needs to manage Wi-Fi states needs to have the same level of performance as the client cannot be sure a frame was analysed needs to understand bugs activated by fuzzer Driver's patches may prevent them. Or add some! Or only partially correct them J Figure 16 Logo of madwifi ENSIMAG 2A TELECOM /29
25 Demonstration (!) ENSIMAG 2A TELECOM /29
26 Summary Introduction, overview Historic, Wi-Fi standards, usages Technical specificities Networking modes Wi-Fi frames Security of Wi-Fi networks Which issues? How to perform vulnerability tests? Fuzzing What is fuzzing? Implementation of a fuzzer Discovered vulnerabilities Fuzzers limitation, countermeasures Demonstration (!) Final words, summary ENSIMAG 2A TELECOM /29
27 Conclusion Many vulnerabilities came with Fuzzing is the best way to make testing Tests wireless cards with : o his states o Information elements Helps to Discover obvious bug, and critical bugs. Can discover more complex bug o developer needs to know standards really well. ENSIMAG 2A TELECOM /29
28 Conclusion Other things to do : o extensions are coming o wireless devices : WUSB, Bluetooth 3.0, o fuzzing access point ENSIMAG 2A TELECOM /29
29 References Figure 1 Ref : intermonde_wifi_wimax.shtml Figure 2 Ref : definition of wifi frames Ref : article.php/ Logo madwifi: ENSIMAG 2A TELECOM /29
Wi-Fi Advanced Stealth
Wi-Fi Advanced Stealth Laurent BUTTI and Franck VEYSSET hack.lu, Luxembourg October 19-21, 2006 firstname[dot]lastname[at]francetelecom[dot]com Who Are We? Network security geeks (?) in R&D labs Working
More informationWi-Fi Advanced Stealth BlackHat US, Las Vegas August 2-3, 2006
Wi-Fi Advanced Stealth BlackHat US, Las Vegas August 2-3, 2006 Laurent BUTTI & Franck VEYSSET France Telecom Division R&D firstname dot lastname AT orange-ft dot com Who Are We? Network security experts
More informationSmart Fuzzing. Lidong LI & Naijie XU I.
802.11 Smart Fuzzing Lidong LI & Naijie XU I CyberPeace@AD-LAB About us Lidong LI: Security Researcher at CyberPeace-ADLAB Research:WIFI,BLE,Zigbee,Wireless Protocol Bug Hunter Jiangnan University Naijie
More informationComplexity. An introduction to protocol chaos. Andrés Blanco. CC License - Swtiruty Rgbytw
802.11 Complexity An introduction to 802.11 protocol chaos Andrés Blanco Email: 6e726d@gmail.com Twitter: @6e726d CC License - Swtiruty Rgbytw Motivation 802.11 it s everywhere https://twitter.com/skrud/status/767243097331736578
More informationABHELSINKI UNIVERSITY OF TECHNOLOGY
cm. Management Operations of the IEEE 802.11 Mei Yen Cheong meiyen.cheong@hut.fi S-72.333 Postgraduate Seminar on Radio Communications Helsinki University of Technology April 13, 2004 Management Operations
More informationBasic processes in IEEE networks
Module contents IEEE 802.11 Terminology IEEE 802.11 MAC Frames Basic processes in IEEE802.11 networks Configuration parameters IEEE 802.11 Terminology Station (STA) Architecture: Device that contains IEEE
More informationCYBER RISK CONSULTING. Smartphone Security Issues
CYBER RISK CONSULTING Blackhat Briefings Europe 2004 Smartphone Security Issues May 2004 Luc DELPHA Maliha RASHID 1. Introduction Why smartphones? Functionalities Operating Systems Supported Connectivity
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationWireless access point spoofing and mobile devices geolocation using swarms of flying robots
Wireless access point spoofing and mobile devices geolocation using swarms of flying robots Master optional semester project, spring 2014 Jonathan CHESEAUX (cheseauxjonathan@gmail.com) Supervisors : Prof.
More informationTopic 2b Wireless MAC. Chapter 7. Wireless and Mobile Networks. Computer Networking: A Top Down Approach
Topic 2b Wireless MAC Chapter 7 Wireless and Mobile Networks Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016 7-1 Ch. 7: Background: # wireless
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationUnencrypted Mouse Packet
MouseJack Injecting Keystrokes into Wireless Mice Marc Newlin Bastille Threat Research Team February 12, 2016 Abstract MouseJack is a collection of security vulnerabilities affecting non-bluetooth wireless
More informationEndpoint Security - what-if analysis 1
Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationAuthors. Passive Data Link Layer Wireless Device Driver Fingerprinting. Agenda OVERVIEW. Problems. Device Drivers
Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting Presenter: Tyler Sidell April 2, 2008 Authors Jason Franklin, Carnegie Mellon Damon McCoy, University of Colorado Paria Tabriz, University
More informationEncrypted WiFi packet injection and circumventing wireless intrusion prevention systems
Encrypted WiFi packet injection and circumventing wireless intrusion prevention systems White Paper Tim de Waal - 2015 Table of contents 1. Introduction 2. Proposed attack 2.1. Attack outline 2.2. Attack
More informationA Configuration Protocol for Embedded Devices on Secure Wireless Networks
A Configuration Protocol for Embedded Devices on Secure Wireless Networks Larry Sanders lsanders@ittc.ku.edu 6 May 2003 Introduction Wi-Fi Alliance Formally Wireless Ethernet Compatibility Alliance (WECA)
More informationMultipot: A More Potent Variant of Evil Twin
Multipot: A More Potent Variant of Evil Twin K. N. Gopinath Senior Wireless Security Researcher and Senior Engineering Manager AirTight Networks http://www.airtightnetworks.net Email: gopinath.kn@airtightnetworks.net
More informationMobile Security Fall 2013
Mobile Security 14-829 Fall 2013 Patrick Tague Class #6 More WiFi Security & Privacy Issues WiFi Security Issues A Scenario Internet Open AP SSID Network X Open OpenAP AP SSID Attacker Network X LaptopLaptop
More informationOffense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent
Offense & Defense in IoT World Samuel Lv Keen Security Lab, Tencent Keen Security Lab of Tencent Wide coverage of software and hardware security research Mainstream PC & Mobile Operating Systems Mainstream
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationCYBER ATTACKS EXPLAINED: WIRELESS ATTACKS
CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these
More information6.9 Summary. 11/20/2013 Wireless and Mobile Networks (SSL) 6-1. Characteristics of selected wireless link standards a, g point-to-point
Chapter 6 outline 6.1 Introduction Wireless 6.2 Wireless links, characteristics CDMA 6.3 IEEE 802.11 wireless LANs ( wi-fi ) 6.4 Cellular Internet Access architecture standards (e.g., GSM) Mobility 6.5
More informationNetwork Security Issues and New Challenges
Network Security Issues and New Challenges Brijesh Kumar, Ph.D. Princeton Jct, NJ 08550 Brijesh_kumar@hotmail.com A talk delivered on 11/05/2008 Contents Overview The problem Historical Perspective Software
More informationSniffing and processing wireless traffic Alessandro Redondi
Sniffing and processing wireless traffic Alessandro Redondi Sniffing Sniffing or eavesdropping is the process of secretly listening to the communication of others (even without their consent) For wireless
More informationDo More. Nighthawk AC1900 Smart WiFi Router. Model R6900P
Do More Nighthawk AC1900 Smart WiFi Router Model R6900P WiFi Network Name and Password The preassigned WiFi network name (SSID) and password (network key) are unique to your router, like a serial number.
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationLure10: Exploiting Windows Automatic Wireless Association Algorithm
Lure10: Exploiting Windows Automatic Wireless Association Algorithm HITBSecConf2017, Amsterdam GEORGE CHATZISOFRONIOU (@_sophron) sophron@census-labs.com www.census-labs.com > Wi-Fi Automatic Association
More informationR6200v2 Smart WiFi Router Installation Guide
Trademarks NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationDynamic program analysis
Dynamic program analysis Pierre.Girard@gemalto.com RE-TRUST workshop Meudon, March 19, 2009 Mission of the day Give an overview of tools and procedures for dynamic software analysis in an industrial security
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationChapter 16: Advanced Security
: Advanced Security IT Essentials: PC Hardware and Software v4.0 1 Purpose of this Presentation To provide to instructors an overview of : List of chapter objectives Overview of the chapter contents, including
More informationPRODUCT GUIDE Wireless Intrusion Prevention Systems
PRODUCT GUIDE Wireless Intrusion Prevention Systems The Need for Wireless INTRUSION PREVENTION SYSTEMS A Wireless Intrusion Prevention System (WIPS) is designed to address two classes of challenges facing
More information9. Security. Safeguard Engine. Safeguard Engine Settings
9. Security Safeguard Engine Traffic Segmentation Settings Storm Control DoS Attack Prevention Settings Zone Defense Settings SSL Safeguard Engine D-Link s Safeguard Engine is a robust and innovative technology
More informationSecurity Concerns in Automotive Systems. James Martin
Security Concerns in Automotive Systems James Martin Main Questions 1. What sort of security vulnerabilities do modern cars face today? 2. To what extent are external attacks possible and practical? Background
More informationGETTING THE MOST OUT OF EVIL TWIN
GETTING THE MOST OUT OF EVIL TWIN B-SIDES ATHENS 2016 GEORGE CHATZISOFRONIOU (@_sophron) sophron@census-labs.com www.census-labs.com > WHOAMI Security Engineer at CENSUS S.A. Cryptography, Wi-Fi hacking,
More informationHigh Speed Risks in n Networks. Joshua Wright Aruba Networks 4/17/08 WIR-301
High Speed Risks in 802.11n Networks Joshua Wright Aruba Networks 4/17/08 WIR-301 Introduction IEEE 802.11n technology introduction Availability risks for legacy networks Extended range in 802.11n 40 MHz
More informationHow to refresh a Wireless Profile on your computer
How to refresh a Wireless Profile on your computer This document details how to delete the old Wi-Fi connection profile stored on your computer so it does not conflict with your new Wi-Fi connection When
More informationWireless# Guide to Wireless Communications. Objectives
Wireless# Guide to Wireless Communications Chapter 7 Low-Speed Wireless Local Area Networks Objectives Describe how WLANs are used List the components and modes of a WLAN Describe how an RF WLAN works
More informationWireless and Mobile Networks Reading: Sections 2.8 and 4.2.5
Wireless and Mobile Networks Reading: Sections 2.8 and 4.2.5 Acknowledgments: Lecture slides are from Computer networks course thought by Jennifer Rexford at Princeton University. When slides are obtained
More informationDo More. AC1750 Smart WiFi Router. Model R6400v2
Do More AC1750 Smart WiFi Router Model R6400v2 WiFi Network Name and Password The preassigned WiFi network name (SSID) and network key (password) are unique to your router, like a serial number. Because
More informationAttacks on WLAN Alessandro Redondi
Attacks on WLAN Alessandro Redondi Disclaimer Under the Criminal Italian Code, articles 340, 617, 617 bis: Up to 1 year of jail for interrupting public service 6 months to 4 years of jail for installing
More informationTable of Contents 1 WLAN Service Configuration 1-1
Table of Contents 1 WLAN Service Configuration 1-1 WLAN Service Overview 1-1 Terminology 1-1 Wireless Client Access 1-2 802.11 Overview 1-4 WLAN Topologies 1-5 Single BSS 1-5 Multi-ESS 1-5 Single ESS Multiple
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More information2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp
2013 Summer Camp: Wireless LAN Security Exercises 2013 JMU Cyber Defense Boot Camp Questions Have you used a wireless local area network before? At home? At work? Have you configured a wireless AP before?
More informationLearn How to Configure EnGenius Wi-Fi Products for Popular Applications
Learn How to Configure EnGenius Wi-Fi Products for Popular Applications Operation Modes Access Point (AP) / WDS AP Client Bridge (CB) Repeater WDS Bridge Client Router AP Router Access Point An access
More informationCourse 831 Certified Ethical Hacker v9
Course 831 Certified Ethical Hacker v9 Duration: 5 days What You Get: CEH v9 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class hours dedicated to
More informationGuide to Wireless Communications, Third Edition. Objectives
Guide to Wireless Communications, Third Edition Chapter 7 Low-Speed Wireless Local Area Networks Objectives Describe how WLANs are used List the components and modes of a WLAN Describe how an RF WLAN works
More informationWireless and Mobile Networks 7-2
Wireless and Mobile Networks EECS3214 2018-03-26 7-1 Ch. 6: Wireless and Mobile Networks Background: # wireless (mobile) phone subscribers now exceeds # wired phone subscribers (5-to-1)! # wireless Internet-connected
More informationWireless Protocols. Training materials for wireless trainers
Wireless Protocols Training materials for wireless trainers Goals The goal of this lecture is to introduce: IEEE wireless protocols coverage 802.11 radio protocols terminology WiFi modes of operation details
More informationDo More. Nighthawk X8 AC5300 WiFi VDSL/ADSL Modem Router. Model D8500
Do More Nighthawk X8 AC5300 WiFi VDSL/ADSL Modem Router Model D8500 WiFi Network Name and Password The preassigned WiFi network name (SSID) and network key (password) are unique to your modem router, like
More informationAdvanced Network Troubleshooting Using Wireshark (Hands-on)
Advanced Network Troubleshooting Using Wireshark (Hands-on) Description This course is a continuation of the "Basic Network Troubleshooting Using Wireshark" course, and comes to provide the participants
More informationInstruction How To Use Wifi In Mobile Phone Via Laptop >>>CLICK HERE<<<
Instruction How To Use Wifi In Mobile Phone Via Laptop You could also just connect your phone to your laptop and draw power from of the Wi-Fi hotspot feature, but you can also tether via a USB cable or
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationActive fingerprinting
Active 802.11 fingerprinting Sergey Bratus Cory Cornelius, Daniel Peebles, Axel Hansen INSTITUTE FOR SECURITY TECHNOLOGY STUDIES Cyber Security and Trust Research & Development http:// Motivation Can a
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More informationAdding Unusual Transports to The Serval Project
Adding Unusual Transports to The Serval Project Alexandros Tsiridis & Joseph Hill Supervised by: Dr. Paul Gardner-Stephen The Serval Project Serval is a telecommunications system comprised of at least
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationNighthawk AC1900 Smart WiFi Router Model R7000 Installation Guide
Trademarks NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information
More informationWelcome to my presentation: Message Denial and Alteration on IEEE Low- Power Radio Networks.
Welcome to my presentation: Message Denial and Alteration on IEEE 802.15.4 Low- Power Radio Networks. This presentation discusses the susceptibility of IEEE 802.15.4 radio networks to several different
More informationBlack Hat Webcast Series. C/C++ AppSec in 2014
Black Hat Webcast Series C/C++ AppSec in 2014 Who Am I Chris Rohlf Leaf SR (Security Research) - Founder / Consultant BlackHat Speaker { 2009, 2011, 2012 } BlackHat Review Board Member http://leafsr.com
More informationWhen the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft
When the Lights go out Hacking Cisco EnergyWise Version: 1.0 Date: 7/1/14 Classification: Author(s): Public Ayhan Koca, Matthias Luft TABLE OF CONTENT 1 HANDLING... 5 1.1 DOCUMENT STATUS AND OWNER... 5
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More information3.1. Introduction to WLAN IEEE
3.1. Introduction to WLAN IEEE 802.11 WCOM, WLAN, 1 References [1] J. Schiller, Mobile Communications, 2nd Ed., Pearson, 2003. [2] Martin Sauter, "From GSM to LTE", chapter 6, Wiley, 2011. [3] wiki to
More informationQuick Start. Package Contents. Nighthawk AC1900 WiFi VDSL/ADSL Modem Router Model D7000. NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA USA
Support Thank you for purchasing this NETGEAR product. After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com.
More informationBLUEGIGA WF111 SOFTWARE DRIVERS
BLUEGIGA WF111 SOFTWARE DRIVERS RELEASE NOTES Thursday, 2 February 2017 Version 5.2.2-r3 Copyright Silicon Labs All rights reserved. Silicon Labs assumes no liability or responsibility for any errors,
More informationCSMC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala. Fall 2018 CMSC417 Set 1 1
CSMC 417 Computer Networks Prof. Ashok K Agrawala 2018 Ashok Agrawala Fall 2018 CMSC417 Set 1 1 The Medium Access Control Sublayer November 18 Nov 6, 2018 2 Wireless Networking Technologies November 18
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationAttack & Defense in Wireless Networks
Attack & Defense in Wireless Networks John M. Shea April 22, 2008 Overview Wireless networks fundamentals vulnerabilities WING testbed Demonstration of Denial-of-Service Attack and Defense Classification:
More informationWireless Networks. CSE 3461: Introduction to Computer Networking Reading: , Kurose and Ross
Wireless Networks CSE 3461: Introduction to Computer Networking Reading: 6.1 6.3, Kurose and Ross 1 Wireless Networks Background: Number of wireless (mobile) phone subscribers now exceeds number of wired
More informationSANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.
SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling http://killexams.com/exam-detail/sec504 QUESTION: 315 Which of the following techniques can be used to map 'open' or 'pass through'
More informationChapter 4 Advanced Settings and Features
Chapter 4 Advanced Settings and Features This chapter describes the features you can configure or view under Advanced in the main menu of your WiFi range extender. Advanced Wireless Settings Note: The
More informationCSCD 433/533 Advanced Networking
CSCD 433/533 Advanced Networking Lecture 6 Wireless LAN Components and Characteristics Winter 2017 Some Material in these slides from J.F Kurose and K.W. Ross All material copyright 1996-2007 1 Introduction
More informationWireless Security Algorithms
(NOTE: If you are using a virtual lab to run your attacks you will need an external Wi Fi attachment. The other option is to have a direct install on your computer. Virtual labs cannot access your wireless
More informationPing of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods
Ping of death Land attack Teardrop Syn flood Smurf attack DOS Attack Methods Ping of Death A type of buffer overflow attack that exploits a design flaw in certain ICMP implementations where the assumption
More informationHow to perform the DDoS Testing of Web Applications
How to perform the DDoS Testing of Web Applications Peerlyst November 02, 2017 Nasrumminallah Zeeshan (zeeshan@nzwriter.com) A Denial of Service (DoS) attack is consisted of carrying out traffic flooding
More informationPass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores
Pass4suresVCE http://www.pass4suresvce.com Pass4sures exam vce dumps for guaranteed success with high scores Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version :
More informationCS61C Machine Structures Lecture 37 Networks. No Machine is an Island!
CS61C Machine Structures Lecture 37 Networks April 24, 2006 John Wawrzynek Page 1 No Machine is an Island! Computer Processor (active) Control ( brain ) Datapath ( brawn ) Memory (passive) (where programs,
More informationPhysical and Link Layer Attacks
Physical and Link Layer Attacks CMSC 414 November 1, 2017 Attenuation Physical links are subject to attenuation Copper cables have internal resistance, which degrades signal over large distances Fiber
More informationHacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free
Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free The latest wireless security solutions Protect your wireless systems from crippling attacks using the detailed security information
More informationSection 4 Cracking Encryption and Authentication
Section 4 Cracking 802.11 Encryption and Authentication In the previous section we showed the vulnerabilities of Open Wireless LANs. In this section we ll show some of the techniques and tools used to
More informationUser Guide. AC1200 Max Wi-Fi Range Extender. Model # RE6500
User Guide AC1200 Max Wi-Fi Range Extender Model # RE6500 Table of Contents Product Overview...3 RE6500... 3 How to Install the Range Extender...6 Special Feature Music Streaming... 11 ios... 11 Android*...
More informationLast Lecture: Data Link Layer
Last Lecture: Data Link Layer 1. Design goals and issues 2. (More on) Error Control and Detection 3. Multiple Access Control (MAC) 4. Ethernet, LAN Addresses and ARP 5. Hubs, Bridges, Switches 6. Wireless
More informationSoftware Vulnerability
Software Vulnerability Refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the
More informationIT220 Network Standards & Protocols. Unit 6: Chapter 6 Wireless LANs
IT220 Network Standards & Protocols Unit 6: Chapter 6 Wireless LANs 2 Objectives Identify the major needs and stakeholders for computer networks and network applications. Identify the classifications of
More informationCSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology
CSNT 180 Wireless Networking Chapter 7 WLAN Terminology and Technology Norman McEntire norman.mcentire@servin.com Founder, Servin Corporation, http://servin.com Technology Training for Technology Professionals
More informationGrandstream Networks, Inc. Client Isolation Configuration Guide
Grandstream Networks, Inc. Table of Contents INTRODUCTION... 3 CLIENT ISOLATION MODES... 4 CLIENT ISOLATION CONFIGURATION... 5 Client Isolation - Internet Mode... 5 Client Isolation - Radio Mode... 7 Client
More informationN300 WiFi Router with External Antennas
Performance & Use N300 300 SPEED N300 WiFi speed Faster downloads & Internet gaming 5dBi antennas for improved WiFi coverage WiFi range for medium-sized homes RANGE The NETGEAR Difference - Push N Connect
More informationQuick Start. Package Contents. Nighthawk AC1900 WiFi Cable Modem Router for XFINITY Internet and Voice Model C7100V
Support Thank you for purchasing this NETGEAR product. You can visit www.netgear.com/support to register your product, get help, access the latest downloads and user manuals, and join our community. We
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationClear Hat Consulting, Inc.
Clear Hat Consulting, Inc. www.clearhatconsulting.com Assessment of Software & Hardware Approaches to Building a USB Fuzzer 1. Background The USB protocol defines communication between a host controller
More informationWiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake Mathy Vanhoef - @vanhoefm imec-distrinet, KU Leuven Black Hat, 27 July 2017 Introduction More and more Wi-Fi network
More informationWUA-1810 AC1200 Dual Band Wireless USB Network Adapter User Manual V1.0
WUA-1810 AC1200 Dual Band Wireless USB Network Adapter User Manual V1.0 Digital Data Communications Asia Co., Ltd. http://www.level1.com 0 / 19 Table of Contents Part 1: Working on Windows PC------------------------------------------------------------P2
More informationAttacking Networks. Joshua Wright LightReading LIVE! October 1, 2003
Attacking 802.11 Networks Joshua Wright Joshua.Wright@jwu.edu LightReading LIVE! October 1, 2003 Attention The material presented here reflects the personal experience and opinions of the author, and not
More informationA HIGH ASSURANCE WIRELESS COMPUTING SYSTEM (HAWCS ) ARCHITECTURE FOR SOFTWARE DEFINED RADIOS AND WIRELESS MOBILE PLATFORMS
A HIGH ASSURANCE WIRELESS COMPUTING SYSTEM (HAWCS ) ARCHITECTURE FOR SOFTWARE DEFINED RADIOS AND WIRELESS MOBILE PLATFORMS David Murotake, Ph.D. (SCA Technica, Inc. Nashua NH, USA; dmurotak@scatechnica.com)
More informationComputer Networks Security: intro. CS Computer Systems Security
Computer Networks Security: intro CS 166 - Computer Systems Security A very easy network 3/14/16 Computer Networks: Intro 2 Two philosophers example Translator Language Translator Engineer Communication
More informationFuzzing Proprietary Protocols
Corporate Technology Fuzzing Proprietary Protocols A Practical Approach Dr. Thomas Pröll Siemens CERT Copyright Siemens AG 2010. All rights reserved. Overview Fuzzing: What is it? Proprietary Protocols
More informationScribe Notes -- October 31st, 2017
Scribe Notes -- October 31st, 2017 TCP/IP Protocol Suite Most popular protocol but was designed with fault tolerance in mind, not security. Consequences of this: People realized that errors in transmission
More information