SecDocs Feed for tag WiFi

[Video] News Key Recovery Attacks on RC4/WEP

Mon, 14 May 2012 23:48:48 +0200

Authors: Martin Vuagnoux
Tags: WiFi
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: In this paper, we present several weaknesses in the stream cipher RC4. First, we present a technique to automatically reveal linear correlations in the PRGA of RC4. With this method, 48 new exploitable correlations have been discovered. Then we bind these new biases in the PRGA with known KSA weaknesses to provide practical key recovery attacks. Henceforth, we apply a similar technique on RC4 as a black box, i.e. the secret key words as input and the keystream words as output. Our objective is to exhaustively find linear correlations between these elements. Thanks to this technique, 9 new exploitable correlations have been revealed. Finally, we exploit these weaknesses on RC4 to some practical examples, such as the WEP protocol. We show that these correlations lead to a key recovery attack on WEP with only 9,800 encrypted packets (less than 20 seconds), instead of 24,200 for the best previous attack.

[Audio] News Key Recovery Attacks on RC4/WEP

Mon, 14 May 2012 23:35:45 +0200

[Paper] News Key Recovery Attacks on RC4/WEP

Mon, 14 May 2012 23:34:12 +0200

[Slides] 802.11 Packets in Packets

Wed, 07 Mar 2012 06:55:09 +0100

Authors: Travis Goodspeed
Tags: WiFi
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: New to 2011, Packet-in-Packet exploits allow for injection of raw radio frames into remote wireless networks. In these exploits, an attacker crafts a string that when transmitted over the air creates the symbols of a complete and valid radio packet. When radio interference damages the beginning of the outer packet, the receiver is tricked into seeing only the inner packet, allowing a frame to be remotely injected. The attacker requires no radio, and injection occurs without a software or hardware bug. This lecture presents the first implementation of Packet-in-Packet injection for 802.11B, allowing malicious PHY-Layer frames to be remotely injected. The attack is standards-compliant and compatible with all vendors and drivers. Unlike the simpler implementations for 802.15.4 and 2FSK, 802.11B presents a number of unique challenges to the PIP implementer. A single packet can use up to three symbol sets and three data-rates, switching rates once within the header and a second time for the beginning of the body. Additionally, a 7-bit scrambler randomizes the encoding of each packet, so the same string of text can be represented 128 different ways at the exact same rate and encoding. This lecture presents the first implementation of Packet-in-Packet injection for 802.11B, allowing malicious PHY-Layer frames to be remotely injected. The attack is standards-compliant and compatible with all vendors and drivers. As a demo, we intend to present a malicious string which can be embedded in any file with lots of slack space, such as an ISO image. When this image is downloaded over HTTP on 802.11B, beacon frames will be injected. For the demo, we will be injecting the SSID stack buffer overflow frames from Uninformed Volume 6.

[Video] 802.11 Packets in Packets

Wed, 07 Mar 2012 06:55:09 +0100

[Audio] 802.11 Packets in Packets

Tue, 06 Mar 2012 06:27:49 +0100

[Slides] WORKSHOP: Advanced Wi-Fi Security Penetration Testing

Mon, 06 Feb 2012 23:40:08 +0100

Authors: Vivek Ramachandran
Tags: WiFi
Event: Black Hat Abu Dhabi 2011
Abstract: This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks and taking on the live Wi-Fi CTF!

[Slides] Wi-Fi Advanced Stealth

Thu, 12 Jan 2012 06:47:19 +0100

Authors: Franck Veysset Laurent Butti
Tags: WiFi
Event: Black Hat USA 2006

[Slides] $30, 30 minutes, 30 networks (Project Cowbird)

Thu, 12 Jan 2012 06:47:18 +0100

Authors: Jonathan Squire
Tags: WiFi
Event: Black Hat USA 2006

[Slides] Rogue Squadron: Evil Twins, 802.11intel, Radical RADIUS, and Wireless Weaponry for Windows

Mon, 26 Dec 2011 06:49:47 +0100

Authors: Bruce Potter
Tags: WiFi
Event: Black Hat USA 2005

[Slides] Identifying and Responding to Wireless Attacks

Sat, 17 Dec 2011 14:43:35 +0100

Authors: Chris Hurley
Tags: WiFi
Event: Black Hat Asia 2005

[Slides] Tracking Prey in the Cyberforest

Sun, 04 Dec 2011 06:28:33 +0100

Authors: Brian Wotring Bruce Potter
Tags: WiFi
Event: Black Hat USA 2004

[Slides] WorldWide WarDrive 4

Fri, 02 Dec 2011 21:32:00 +0100

Authors: Chris Hurley
Tags: WiFi
Event: Black Hat USA 2004

[Slides] The Need for an 802.11b Toolkit

Tue, 22 Nov 2011 06:48:47 +0100

Authors: Mike Schiffman
Tags: WiFi
Event: Black Hat USA 2002

[Slides] Wireless Overview: Protocols & Threat Models

Tue, 22 Nov 2011 06:48:47 +0100

Authors: Dan Veeneman
Tags: WiFi
Event: Black Hat USA 2002

[Slides] Advanced 802.11b Attack

Mon, 21 Nov 2011 06:30:47 +0100

Authors: Mike Lynn Robert Baird
Tags: WiFi
Event: Black Hat USA 2002

[Slides] Wireless LAN Security

Sun, 06 Nov 2011 06:44:57 +0100

Authors: Mandy Andress
Tags: WiFi
Event: Black Hat USA 2001

[Slides] Cracking WEP Keys

Fri, 04 Nov 2011 06:46:37 +0100

Authors: Tim Newsham
Tags: WiFi
Event: Black Hat USA 2001

[Slides] Breaking 802.11 WEP

Thu, 03 Nov 2011 06:43:26 +0100

Authors: Ian Goldberg
Tags: WiFi
Event: Black Hat USA 2001

[Slides] Securing Wireless Networks with 802.1x, EAP-TLS and PEAP

Fri, 21 Oct 2011 09:00:33 +0200

Authors: Steve Riley
Tags: WiFi
Event: Black Hat Windows Security 2003

[Paper] Securing Wireless Networks with 802.1x, EAP-TLS and PEAP

Fri, 21 Oct 2011 09:00:33 +0200

Authors: Steve Riley
Tags: WiFi
Event: Black Hat Windows Security 2003

[Slides] Rogue AP 101

Sat, 01 Oct 2011 13:49:16 +0200

Authors: Bruce Potter
Tags: WiFi
Event: Black Hat Federal 2003

[Paper] WPA Migration Mode: WEP is back to haunt you...

Sat, 17 Sep 2011 22:53:20 +0200

Authors: Diego Sor Leandro Meiners
Tags: WiFi
Event: Black Hat USA 2010
Abstract: Cisco access points support WPA migration mode, which enables both WPA and WEP clients to associate to an access point using the same Service Set Identifier (SSID). If WEP clients are still around, we can use the traditional WEP cracking arsenal against them. Therefore, we focused on analyzing the consequences of having this feature enabled when no WEP clients are present; for example after the migration to WPA has been carried out but this feature has been left enabled. We found that it is possible for an attacker to crack the WEP key under this scenario (i.e. no WEP clients). Once the key is recovered, it is possible to connect to the access point using this key (as it is operating in WPA migration mode) and access the network.

[Slides] WPA Migration Mode: WEP is back to haunt you...

Sat, 17 Sep 2011 22:53:01 +0200

[Paper] Wi-Fi Advanced Fuzzing

Mon, 04 Jul 2011 22:00:35 +0200

Authors: Laurent Butti
Tags: WiFi
Event: Black Hat EU 2007

[Slides] Wi-Fi Advanced Fuzzing

Mon, 04 Jul 2011 22:00:07 +0200

Authors: Laurent Butti
Tags: WiFi
Event: Black Hat EU 2007

[Paper] Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones

Sat, 21 May 2011 07:54:46 +0200

Authors: Krishna Kurapati
Tags: WiFi
Event: Black Hat USA 2007

[Slides] Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones

Sat, 21 May 2011 07:54:25 +0200

Authors: Krishna Kurapati
Tags: WiFi
Event: Black Hat USA 2007

[Slides] Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios

Thu, 10 Mar 2011 05:25:24 +0100

Authors: Nathan Keltner Shawn Moyer
Tags: WiFi
Event: DEFCON 18

[Video] Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios

Thu, 10 Mar 2011 05:25:24 +0100

Authors: Nathan Keltner Shawn Moyer
Tags: WiFi
Event: DEFCON 18

[Audio] Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios

Thu, 10 Mar 2011 05:25:21 +0100

Authors: Nathan Keltner Shawn Moyer
Tags: WiFi
Event: DEFCON 18

[Audio] WPA Too!

Sat, 15 Jan 2011 19:32:22 +0100

Authors: MD Sohail Ahmad
Tags: WiFi
Event: DEFCON 18

[Video] WPA Too!

Sat, 15 Jan 2011 05:25:10 +0100

Authors: MD Sohail Ahmad
Tags: WiFi
Event: DEFCON 18

[Paper] WPA Too!

Fri, 14 Jan 2011 05:25:16 +0100

Authors: MD Sohail Ahmad
Tags: WiFi
Event: DEFCON 18

[Slides] WPA Too!

Fri, 14 Jan 2011 05:25:13 +0100

Authors: MD Sohail Ahmad
Tags: WiFi
Event: DEFCON 18

[Video] Building the DEFCON network, making a sandbox for 10,000 hackers

Thu, 25 Nov 2010 19:52:41 +0100

Authors: David Bryan Luiz Eduardo
Tags: WiFi
Event: SecTor 2010

[Slides] Building the DEFCON network, making a sandbox for 10,000 hackers

Thu, 25 Nov 2010 19:35:17 +0100

Authors: David Bryan Luiz Eduardo
Tags: WiFi
Event: SecTor 2010

[Video] Presentation of Awards for Wifi Race and Scavenger Hunt

Sat, 20 Nov 2010 12:45:41 +0100

Tags: WiFi
Event: PhreakNIC 11
Abstract: Presentation of awards for the Wifi Race and the Scavenger Hunt at PhreakNIC 0x0b.

[Video] Stupid WiFi Tricks

Fri, 19 Nov 2010 10:16:34 +0100

Tags: WiFi
Event: PhreakNIC 11
Abstract: Wireless networks have been around for a few years, however the ways to extend, use and abuse them haven't changed too much. While not a completely new look at things, this presentation will touch on some previously undiscovered territory which should be of interest to any wireless security researcher, as well as discuss a few ideas on unusual uses of antennas and dishes, oddball antennas and just general wi-phun.

[Video] DD-WRT

Sun, 14 Nov 2010 12:17:25 +0100

Authors: Brian Blankership
Tags: WiFi
Event: PhreakNIC 13

[Video] Wi-Fi Basics for Geeks How Wireless Really Works

Fri, 12 Nov 2010 06:13:26 +0100

Authors: Stan Brooks
Tags: WiFi
Event: ShoeCon 2010

[Video] Breaking WiFi Faster

Wed, 03 Nov 2010 15:11:36 +0100

Authors: David Hulton Johnny Cache
Tags: WiFi
Event: LayerOne 2006

[Slides] Breaking WiFi Faster

Wed, 03 Nov 2010 15:10:29 +0100

Authors: David Hulton Johnny Cache
Tags: WiFi
Event: LayerOne 2006

[Video] Seattle Wireless

Mon, 01 Nov 2010 13:11:12 +0100

Authors: Ken Caruso
Tags: WiFi
Event: LayerOne 2006

[Slides] Seattle Wireless

Mon, 01 Nov 2010 13:10:56 +0100

Authors: Ken Caruso
Tags: WiFi
Event: LayerOne 2006

[Video] Echo )) WiFi (( Location

Fri, 29 Oct 2010 19:58:19 +0200

Authors: Luiz Eduardo
Tags: WiFi
Event: LayerOne 2008

[Slides] Echo )) WiFi (( Location

Fri, 29 Oct 2010 19:57:55 +0200

Authors: Luiz Eduardo
Tags: WiFi
Event: LayerOne 2008

[Video] Reversing and Exploiting Wireless Sensors

Mon, 30 Aug 2010 09:07:00 +0200

Authors: Travis Goodspeed
Tags: WiFi
Event: Black Hat DC 2009

[Audio] Reversing and Exploiting Wireless Sensors

Thu, 19 Aug 2010 06:15:01 +0200

Authors: Travis Goodspeed
Tags: WiFi
Event: Black Hat DC 2009

[Audio] Active 802.11 Fingerpinting: a "Secret Handshake" to Know Your APs

Mon, 28 Jun 2010 12:58:00 +0200

Authors: Sergey Bratus
Tags: WiFi
Event: Black Hat USA 2008