HACKING EXPOSED WIRELESS: WIRELESS SECURITY SECRETS & SOLUTIONS SECOND EDITION JOHNNY CACHE JOSHUA WRIGHT VINCENT LIU. Mc Graw mim

Similar documents
Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free

BackTrack 5 Wireless Penetration Testing

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Advanced Diploma on Information Security

Section 4 Cracking Encryption and Authentication

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support.

LESSON 12: WI FI NETWORKS SECURITY

SETTING UP THE LAB 1 UNDERSTANDING BASICS OF WI-FI NETWORKS 26

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

Wireless Attacks and Countermeasures

Wireless Networking Basics. Ed Crowley

GETTING THE MOST OUT OF EVIL TWIN

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

The following chart provides the breakdown of exam as to the weight of each section of the exam.

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

COPYRIGHTED MATERIAL. Contents

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Exam Questions SY0-401

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

Curso: Ethical Hacking and Countermeasures

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Wireless Penetration Testing For Realz and WCTF

Wireless Network Security

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Hacking Encrypted Wireless Network

Wireless LAN Security. Gabriel Clothier

Chapter 24 Wireless Network Security

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Ethical Hacking and Prevention

CWNP PW Wireless #

Configuring a Wireless LAN Connection

WIRELESS AS A BUSINESS ENABLER. May 11, 2005 Presented by: Jim Soenksen and Ed Sale, Pivot Group

Frequently Asked Questions WPA2 Vulnerability (KRACK)

OptiView Series III. Wireless Suite. Technical Datasheet. As a network manager, it s your task to. support new users, new networks, new

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

CWNA Exam PW0-100 certified wireless network administrator(cwna) Version: 5.0 [ Total Questions: 120 ]

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Chapter 1 Describing Regulatory Compliance

Authentication and Security: IEEE 802.1x and protocols EAP based

Securing Wireless Networks by By Joe Klemencic Mon. Apr

What is Eavedropping?

WPA Migration Mode: WEP is back to haunt you

The Final Nail in WEP s Coffin

Wireless Network (In)Security

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

TestsDumps. Latest Test Dumps for IT Exam Certification

Configuring Cipher Suites and WEP

WPA Passive Dictionary Attack Overview

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Wireless Security Security problems in Wireless Networks

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

NCR. Wi-Fi Setup Assistant. User guide

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

Security in IEEE Networks

International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, ISSN

Vulnerability issues on research in WLAN encryption algorithms WEP WPA/WPA2 Personal

Designing AirPort Networks

Unit title: Mobile Technology: Device Connectivity (SCQF level 5) Outcome 1

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Encrypted WiFi packet injection and circumventing wireless intrusion prevention systems

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

EAPeak - Wireless 802.1X EAP Identification and Foot Printing Tool. Matt Neely and Spencer McIntyre

Configuring a VAP on the WAP351, WAP131, and WAP371

Exam Questions CWSP-205

Network Encryption 3 4/20/17

Server Certificate Validation

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

Network Security. Thierry Sans

Configuring WEP and WEP Features

Configuring the Wireless Parameters (CPE and WBS)

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Worldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System

ETHICAL HACKING OF WIRELESS NETWORKS IN KALI LINUX ENVIRONMENT

Light Mesh AP. User s Guide. 2009/2/20 v1.0 draft

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

Wireless# Guide to Wireless Communications. Objectives

Certified Secure Web Application Engineer

Designing AirPort Networks

Endpoint Security - what-if analysis 1

Wireless Security Algorithms

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing

Specification. Delock industry USB WLAN 144Mbps module. date: ,50 60,00 25,00

W hy i OS (Android & others) F ail i nexplicably?

FAQ on Cisco Aironet Wireless Security

Security Setup CHAPTER

Wireless Router at Home

AirPort Networks for Windows. For Windows XP and Windows 2000

Wireless Security i. Lars Strand lars (at) unik no June 2004

1.0 Basic RF Characteristics (15%) 1.1 Describe RF signal characteristics Frequency Amplitude Phase 1.1.

Configuring OfficeExtend Access Points

Transcription:

HACKING EXPOSED WIRELESS: WIRELESS SECURITY SECRETS & SOLUTIONS SECOND EDITION JOHNNY CACHE JOSHUA WRIGHT VINCENT LIU Mc Graw mim

CONTENTS Foreword Acknowledgments Introduction xvn xlx XX1 Hacking 802.11 Wireless Technology Case Study: Wireless Hacking for Hire 2 Her First Engagement 2 A Parking Lot Approach 2 The Robot Invasion 3 Final Wrap-Up 4 1 Introduction to 802.11 Hacking 7 802.11 in a Nutshell 8 Discovery The Basics 8 Addressing in 802.11 Packets c> 802.11 Security Primer 9 Basics 13 Hardware and Drivers 21 A Note on the Linux Kernel 21 Chipsets and Linux Drivers 22 Modern Chipsets and Drivers 24 Cards 26 Antennas 33 Cellular Data Cards 37 GPS 38 40 2 Scanning and Enumerating 802.11 Networks 41 Choosing an Operating System 42 Windows 42

OS X Linux 43 Windows Discovery Tools 43 Vistumbler 44 inssider 48 Windows Sniffing/Injection Tools 50 NDIS 6.0 Monitor Mode Support (NetMon) 50 AirPcap CommView for WiFi 56 OS X Discovery Tools 61 KisMAC 61 Kismet on OS X 67 Linux Discovery Tools 67 Kismet 67 Mobile Discovery Tools 73 Online Mapping Services (WIGLE and Skyhook) 75 77 T 3 Attacking 802.11 Wireless Networks 79 Basic Types of Attacks 80 Security Through Obscurity 80 Defeating WEP 88 WEP Key Recovery Attacks 88 Bringing It All Together: Cracking a Hidden Mac-Filtering, WEP-Encrypted Network 104 Keystream Recovery Attacks Against WEP 107 Attacking the Availability of Wireless Networks Ill 113 T 4 Attacking WPA-Protected 802.11 Networks 115 Breaking Authentication: WPA-PSK 116 Breaking Authentication: WPA Enterprise 129 Obtaining the EAP Handshake 129 LEAP 131 PEAP and EAP-TTLS 133 EAP-TLS 136 EAP-FAST 137 EAP-MD5 139 Breaking Encryption: TKIP 141 Attacking Components 146 151 42 54

Hacking 802.11 Clients Case Study: Riding the Insecure Airwaves 154 T 5 Attack 802.11 Wireless Clients 155 Attacking the Application Layer 157 Attacking Clients Using an Evil DNS Server 161 Ettercap Support for Content Modification 165 Dynamically Generating Rogue APs and Evil Servers with Karmetasploit 167 Direct Client Injection Techniques 172 Injecting Data Packets with AirPWN 172 Generic Client-side Injection with airtun-ng 175 Munging Software Updates with IPPON 177 Device Driver Vulnerabilities 182 Fingerprinting Device Drivers 186 Web Hacking and Wi-Fi 187 Hacking DNS via XSRF Attacks Against Routers 197 201 T 6 Taking It All The Way: Bridging the Airgap from OS X 203 The Game Plan 204 Preparing the Exploit 204 Prepping the Callback 209 Performing Initial Reconnaissance 210 Preparing Kismet, Aircrack-ng 211 Prepping the Package 213 Exploiting WordPress to Deliver the Java Exploit 214 Making the Most of User-level Code Execution 217 Gathering 802.11 Intel (User-level Access) 219 Popping Root by Brute-forcing the Keychain 220 Returning Victorious to the Machine 226 Managing OS X's Firewall 229 238 7 Taking It All the Way: Bridging the Airgap from Windows 239 The Attack Scenario 240 Preparing for the Attack 241 Exploiting Hotspot Environments 243 Controlling the Client 247 Local Wireless Reconnaissance 248 Remote Wireless Reconnaissance 255 Windows Monitor Mode 256 Microsoft NetMon 257 Target Wireless Network Attack 263 267

Hacking Additional Wireless Technologies Case Study: Snow Day 270 T 8 Bluetooth Scanning and Reconnaissance 273 Bluetooth Technical Overview 274 Device Discovery 275 Protocol Overview 275 Bluetooth Profiles 278 Encryption and Authentication 278 Preparing for an Attack 279 Selecting a Bluetooth Attack Device 279 Reconnaissance 282 Active Device Discovery 282 Passive Device Discovery 290 Hybrid Discovery 293 Passive Traffic Analysis 296 Service Enumeration 309 313 T 9 Bluetooth Eavesdropping 315 Commercial Bluetooth Sniffing 316 Open-Source Bluetooth Sniffing 326 343 10 Attacking and Exploiting Bluetooth 345 PIN Attacks 346 Practical PIN Cracking 352 Identity Manipulation 360 Bluetooth Service and Device Class 360 Bluetooth Device Name 364 Abusing Bluetooth Profiles 374 Testing Connection Access 375 Unauthorized AT Access 377 Unauthorized PAN Access 381 Headset Profile Attacks 385 File Transfer Attacks 391 Future Outlook 396 398 T 11 HackZigBee 399 ZigBee Introduction 400 ZigBee's Place as a Wireless Standard 400 ZigBee Deployments 401 ZigBee History and Evolution 402

ZigBee Layers ZigBee Profiles 406 MY7 ZigBee Security Rules in the Design of ZigBee Security 407 ZigBee Encryption 408 ZigBee Authenticity 409 ZigBee Authentication 409 ZigBee Attacks 410 Introduction to KillerBee 411 Network Discovery 416 Eavesdropping Attacks 418 Replay Attacks 424 Encryption Attacks 427 Attack Walkthrough 430 Network Discovery and Location 430 Analyzing the ZigBee Hardware 432 RAM Data Analysis 436 438 12 Hack DECT 439 DECT Introduction 440 DECT Profiles 441 DECT PHY Layer 441 DECT MAC Layer 443 Base Station Selection 444 DECT Security 444 Authentication and Pairing 445 Encryption DECT Attacks 447 402 Services 446 DECT Hardware 448 DECT Eavesdropping 449 DECT Audio Recording 455 458 ' A Scoping and Information Gathering 459 Pre-assessment 460 Scoping 460 Things to Bring to a Wireless Assessment 462 Conducting Scoping Interviews 464 Gathering Information via Satellite Imagery 465 Putting It All Together 469 r Index 471

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback