SlideShare une entreprise Scribd logo

Wi Fish Finder Defcon 17 Ahmadand Dhyani

M
Md Sohail Ahmad

WiFish Finder is a tool written for Linux platform. This tool can be used to discover infected or vulnerable WiFi clients.

Technologie
1  sur  20
Md Sohail Ahmad Prabhash Dhyani AirTight Networks www.airtightnetworks.com Wi-Fish Finder : Who will bite the bait? There is >50 % chance that your laptop will!
Background ,[object Object],Financial Districts WiFi Scan Study (April, 2009) http://www.airtightnetworks.com/finance-wifi-study Airport WiFi Scan Study (March, 2008) http://www.airtightnetworks.com/airport-wifi-study
A Thought ,[object Object],[object Object]
Smart WiFi Study Scanning WiFi Clients Scanning WiFi APs So, a very interesting client based WiFi scan study was possible right there instead of us going to different locations
A Scan Sample of WiFi Clients Laptop is probing for SSIDs from preferred list (cached). Popular Hotspot WiFi Networks Client
Client Probes For WiFi Networks Present in PNL
The Problem Can Security Mode of Each Probed Network (OPEN, WEP, WPA or WPA2) be Determined?
Time To Do A Live Demo !!! Security of a Probed SSID Security posture Probed SSID
A Naïve Approach WiFi Discovery Authentication Association ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Laptop is probing for SSIDs from preferred list (cached). Client Probe Resp, “WXYZ” Authetication Authentication Assoc Request Probe Request, “WXYZ” Access Point Assoc Resp
Wi-Fish Finder Automates That For You Wi-Fish Finder running on a Laptop ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Handshakes Between client and WiFish Finder WiFish Finder simulates a virtual WiFi network environment around a probing client Laptop is probing for SSIDs from preferred list (cached). Client
Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, Open Probe Request, “WXYZ” Guess1 :Probed SSID is Open Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client
Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, WEP Probe Request, “WXYZ” Guess2 :Probed SSID is WEP Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client
Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, WPA Probe Request, “WXYZ” Guess3 :Probed SSID is WPA Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client
Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, RSN Assoc Request, RSN Probe Request, “WXYZ” Security settings of SSID “WXYZ” found Guess4 :Probed SSID is WPA2 Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client Authetication Authentication
Snippet of the Scan Study Done In This Conference From thousands of miles away, I knew So a WiFi scan study is possible using this tool, what else ? Home Network Default Config Insecure Profile In PNL Viral SSID or adhoc mode
Client Vulnerability Assessment Wi-Fish Finder can be used in identifying such vulnerable clients well in advance Dictionary Attack (if Weak Passphrase) Probed SSID -  WPA/WPA2 (Pre Shared Key) PEAP Attack (if Certificate Validation Uncheck) Probed SSID -  WPA/WPA2 (MGT, 802.1x) Caffe Latte Attack Probed SSID -  WEP It is possible to launch Security of a Probed SSID
PEAP Vulnerability Detection EAP Request/Identity EAP Response Identity EAP-Req(Fake Server Cert) EAP-Resp(Cert verified) Client with SSID “WXYZ” vulnerable To PEAP Attack Client is associated with Wi-Fish Finder, Probed SSID “WXYZ”, Security WPA2+.1x EAP Req EAP-Type=PEAP v0 EAP Response(TLS Client Hello) Laptop is probing for SSIDs from preferred list (cached). Client Wi-Fish Finder running on a Laptop
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],Download WiFish Finder: http://blog.airtightnetworks.com
Thanks ! Md Sohail Ahmad [email_address] [email_address] Prabhash Dhyani prabhash.dhyani@airtightnetworks.com AirTight Networks www.airtightnetworks.com
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommandé

Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
Gregory Hanis
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
Ashley Deuble
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Network Security fundamentals
Network Security fundamentalsNetwork Security fundamentals
Network Security fundamentals
Tariq kanher
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
Julia Yu-Chin Cheng
 

Recommandé

Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
Gregory Hanis
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
Ashley Deuble
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Network Security fundamentals
Network Security fundamentalsNetwork Security fundamentals
Network Security fundamentals
Tariq kanher
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
Julia Yu-Chin Cheng
 
Breaking the cyber kill chain!
Breaking the cyber kill chain!Breaking the cyber kill chain!
Breaking the cyber kill chain!
Nahidul Kibria
 
Wpa3
Wpa3Wpa3
Wpa3
Bhavya Dashora
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Luca Bongiorni
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber Attacks
Jermund Ottermo
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
Napier University
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
Xavier Mertens
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5
Ayush Goyal
 
G Data Retail 2011 English
G Data Retail 2011 EnglishG Data Retail 2011 English
G Data Retail 2011 English
Daniel Chee
 
WPA 3
WPA 3WPA 3
WPA 3
diggu22
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Edureka!
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov
OWASP Russia
 
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
RootedCON
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Pantheon
 
Network ssecurity toolkit
Network ssecurity toolkitNetwork ssecurity toolkit
Network ssecurity toolkit
أحلام انصارى
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
Kory Kyzar
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Pa or die
Pa or diePa or die
Pa or die
Setia Juli Irzal Ismail
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
Setia Juli Irzal Ismail
 
Nitya Marine, Bhavnagar, Navigation Equipment
Nitya Marine, Bhavnagar, Navigation EquipmentNitya Marine, Bhavnagar, Navigation Equipment
Nitya Marine, Bhavnagar, Navigation Equipment
IndiaMART InterMESH Limited
 
A Small Number of Pluses and Minuses of the Fishin' Buddy Depth Finders
A Small Number of Pluses and Minuses of the Fishin' Buddy Depth FindersA Small Number of Pluses and Minuses of the Fishin' Buddy Depth Finders
A Small Number of Pluses and Minuses of the Fishin' Buddy Depth Finders
Bill Ulbrik
 

Contenu connexe

Tendances

Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Edureka!
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Pantheon
 

Tendances (20)

Breaking the cyber kill chain!
Breaking the cyber kill chain!Breaking the cyber kill chain!
Breaking the cyber kill chain!
 
Wpa3
Wpa3Wpa3
Wpa3
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber Attacks
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5
 
G Data Retail 2011 English
G Data Retail 2011 EnglishG Data Retail 2011 English
G Data Retail 2011 English
 
WPA 3
WPA 3WPA 3
WPA 3
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov
 
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
 
Network ssecurity toolkit
Network ssecurity toolkitNetwork ssecurity toolkit
Network ssecurity toolkit
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
 
Pa or die
Pa or diePa or die
Pa or die
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 

En vedette

20140616 19 depestele-physical_impact_vfinalpresented
20140616 19 depestele-physical_impact_vfinalpresented20140616 19 depestele-physical_impact_vfinalpresented
20140616 19 depestele-physical_impact_vfinalpresented
Jochen Depestele
 
Fish Finder Marine Shellfish Study
Fish Finder Marine Shellfish StudyFish Finder Marine Shellfish Study
Fish Finder Marine Shellfish Study
Stockysmith
 
4 3-3 frequency-modulation
4 3-3 frequency-modulation4 3-3 frequency-modulation
4 3-3 frequency-modulation
lcborja57
 

En vedette (19)

Nitya Marine, Bhavnagar, Navigation Equipment
Nitya Marine, Bhavnagar, Navigation EquipmentNitya Marine, Bhavnagar, Navigation Equipment
Nitya Marine, Bhavnagar, Navigation Equipment
 
A Small Number of Pluses and Minuses of the Fishin' Buddy Depth Finders
A Small Number of Pluses and Minuses of the Fishin' Buddy Depth FindersA Small Number of Pluses and Minuses of the Fishin' Buddy Depth Finders
A Small Number of Pluses and Minuses of the Fishin' Buddy Depth Finders
 
Angling for the Prize: A Look at Fish Finders
Angling for the Prize: A Look at Fish FindersAngling for the Prize: A Look at Fish Finders
Angling for the Prize: A Look at Fish Finders
 
Echo
EchoEcho
Echo
 
20140616 19 depestele-physical_impact_vfinalpresented
20140616 19 depestele-physical_impact_vfinalpresented20140616 19 depestele-physical_impact_vfinalpresented
20140616 19 depestele-physical_impact_vfinalpresented
 
Cables
CablesCables
Cables
 
Marine Products In India
Marine Products In IndiaMarine Products In India
Marine Products In India
 
Fish Finder Marine Shellfish Study
Fish Finder Marine Shellfish StudyFish Finder Marine Shellfish Study
Fish Finder Marine Shellfish Study
 
Procesos de Biblioteca Automatizados
Procesos de Biblioteca AutomatizadosProcesos de Biblioteca Automatizados
Procesos de Biblioteca Automatizados
 
Expert on thermal camera and ptz laser camera from sheenrun
Expert on thermal camera and ptz laser camera from sheenrunExpert on thermal camera and ptz laser camera from sheenrun
Expert on thermal camera and ptz laser camera from sheenrun
 
Marine radar
Marine radarMarine radar
Marine radar
 
STUDY OF RADAR
STUDY OF RADARSTUDY OF RADAR
STUDY OF RADAR
 
4 3-3 frequency-modulation
4 3-3 frequency-modulation4 3-3 frequency-modulation
4 3-3 frequency-modulation
 
Digital Radar Processing and the New Low Power Radars
Digital Radar Processing and the New Low Power RadarsDigital Radar Processing and the New Low Power Radars
Digital Radar Processing and the New Low Power Radars
 
Basics of radio frequency techniques in pain management jadon.a
Basics of radio frequency techniques in pain management jadon.aBasics of radio frequency techniques in pain management jadon.a
Basics of radio frequency techniques in pain management jadon.a
 
MBES_ Taicheng Report
MBES_ Taicheng ReportMBES_ Taicheng Report
MBES_ Taicheng Report
 
ECDIS - A change in direction
ECDIS - A change in directionECDIS - A change in direction
ECDIS - A change in direction
 
Theory of Gyrocompass
Theory of GyrocompassTheory of Gyrocompass
Theory of Gyrocompass
 
Time lrg
Time lrgTime lrg
Time lrg
 

Similaire à Wi Fish Finder Defcon 17 Ahmadand Dhyani

Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
inventy
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
ijceronline
 
謝續平
謝續平謝續平
謝續平
9577601
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security Software
BRNSSPublicationHubI
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
Mihir Shah
 

Similaire à Wi Fish Finder Defcon 17 Ahmadand Dhyani (20)

Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan Analysis
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
 
Financial Districs Wi Fi Scan
Financial Districs Wi Fi ScanFinancial Districs Wi Fi Scan
Financial Districs Wi Fi Scan
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network Security
 
謝續平
謝續平謝續平
謝續平
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
 
Wi Fi
Wi FiWi Fi
Wi Fi
 
Wireless security
Wireless securityWireless security
Wireless security
 
Wireless hacking tools.jpeg
Wireless hacking tools.jpegWireless hacking tools.jpeg
Wireless hacking tools.jpeg
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security Software
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and Privacy
 
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfWireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
 
Public wifi
Public wifiPublic wifi
Public wifi
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Dernier (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

Wi Fish Finder Defcon 17 Ahmadand Dhyani

  • 1. Md Sohail Ahmad Prabhash Dhyani AirTight Networks www.airtightnetworks.com Wi-Fish Finder : Who will bite the bait? There is >50 % chance that your laptop will!
  • 2.
  • 3.
  • 4. Smart WiFi Study Scanning WiFi Clients Scanning WiFi APs So, a very interesting client based WiFi scan study was possible right there instead of us going to different locations
  • 5. A Scan Sample of WiFi Clients Laptop is probing for SSIDs from preferred list (cached). Popular Hotspot WiFi Networks Client
  • 6. Client Probes For WiFi Networks Present in PNL
  • 7. The Problem Can Security Mode of Each Probed Network (OPEN, WEP, WPA or WPA2) be Determined?
  • 8. Time To Do A Live Demo !!! Security of a Probed SSID Security posture Probed SSID
  • 9.
  • 10.
  • 11. Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, Open Probe Request, “WXYZ” Guess1 :Probed SSID is Open Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client
  • 12. Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, WEP Probe Request, “WXYZ” Guess2 :Probed SSID is WEP Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client
  • 13. Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, WPA Probe Request, “WXYZ” Guess3 :Probed SSID is WPA Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client
  • 14. Implementation: Wi-Fish Finder Probe Resp, “WXYZ”, RSN Assoc Request, RSN Probe Request, “WXYZ” Security settings of SSID “WXYZ” found Guess4 :Probed SSID is WPA2 Wi-Fish Finder running on a Laptop Laptop is probing for SSIDs from preferred list (cached). Client Authetication Authentication
  • 15. Snippet of the Scan Study Done In This Conference From thousands of miles away, I knew So a WiFi scan study is possible using this tool, what else ? Home Network Default Config Insecure Profile In PNL Viral SSID or adhoc mode
  • 16. Client Vulnerability Assessment Wi-Fish Finder can be used in identifying such vulnerable clients well in advance Dictionary Attack (if Weak Passphrase) Probed SSID -  WPA/WPA2 (Pre Shared Key) PEAP Attack (if Certificate Validation Uncheck) Probed SSID -  WPA/WPA2 (MGT, 802.1x) Caffe Latte Attack Probed SSID -  WEP It is possible to launch Security of a Probed SSID
  • 17. PEAP Vulnerability Detection EAP Request/Identity EAP Response Identity EAP-Req(Fake Server Cert) EAP-Resp(Cert verified) Client with SSID “WXYZ” vulnerable To PEAP Attack Client is associated with Wi-Fish Finder, Probed SSID “WXYZ”, Security WPA2+.1x EAP Req EAP-Type=PEAP v0 EAP Response(TLS Client Hello) Laptop is probing for SSIDs from preferred list (cached). Client Wi-Fish Finder running on a Laptop
  • 18.
  • 19. Thanks ! Md Sohail Ahmad [email_address] [email_address] Prabhash Dhyani prabhash.dhyani@airtightnetworks.com AirTight Networks www.airtightnetworks.com
  • 20.