Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Wi Fish Finder Defcon 17 Ahmadand Dhyani
1. Md Sohail Ahmad Prabhash Dhyani AirTight Networks www.airtightnetworks.com Wi-Fish Finder : Who will bite the bait? There is >50 % chance that your laptop will!
2.
3.
4. Smart WiFi Study Scanning WiFi Clients Scanning WiFi APs So, a very interesting client based WiFi scan study was possible right there instead of us going to different locations
5. A Scan Sample of WiFi Clients Laptop is probing for SSIDs from preferred list (cached). Popular Hotspot WiFi Networks Client
7. The Problem Can Security Mode of Each Probed Network (OPEN, WEP, WPA or WPA2) be Determined?
8. Time To Do A Live Demo !!! Security of a Probed SSID Security posture Probed SSID
9.
10.
11. Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, Open Probe Request, “WXYZ” Guess1 :Probed SSID is Open Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client
12. Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, WEP Probe Request, “WXYZ” Guess2 :Probed SSID is WEP Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client
13. Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, WPA Probe Request, “WXYZ” Guess3 :Probed SSID is WPA Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client
14. Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, RSN Assoc Request, RSN Probe Request, “WXYZ” Security settings of SSID “WXYZ” found Guess4 :Probed SSID is WPA2 Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client Authetication Authentication
15. Snippet of the Scan Study Done In This Conference From thousands of miles away, I knew So a WiFi scan study is possible using this tool, what else ? Home Network Default Config Insecure Profile In PNL Viral SSID or adhoc mode
16. Client Vulnerability Assessment Wi-Fish Finder can be used in identifying such vulnerable clients well in advance Dictionary Attack (if Weak Passphrase) Probed SSID - WPA/WPA2 (Pre Shared Key) PEAP Attack (if Certificate Validation Uncheck) Probed SSID - WPA/WPA2 (MGT, 802.1x) Caffe Latte Attack Probed SSID - WEP It is possible to launch Security of a Probed SSID
17. PEAP Vulnerability Detection EAP Request/Identity EAP Response Identity EAP-Req(Fake Server Cert) EAP-Resp(Cert verified) Client with SSID “WXYZ” vulnerable To PEAP Attack Client is associated with Wi-Fish Finder, Probed SSID “WXYZ”, Security WPA2+.1x EAP Req EAP-Type=PEAP v0 EAP Response(TLS Client Hello) Laptop is probing for SSIDs from preferred list (cached). Client Wi-Fish Finder running on a Laptop