SlideShare une entreprise Scribd logo

Sergio González - WiFiSlax 4.0 [RootedCON 2010]

RootedCON
RootedCON

WiFiSlax es una distribución GNU/Linux diseñada y estructurada para la auditoría de seguridad, especializada en evaluaciones de seguridad inalámbrica. Contiene una amplia lista de herramientas de seguridad y auditoría donde se incluyen escáneres de puertos, de servicios y de vulnerabilidades, herramientas para creación y diseño de exploits, ‘sniffers’, herramientas de análisis forense y herramientas para la evaluación de la seguridad de dispositivos wíreless. En esta presentación oficial de la versión 4.0 se mostrarán una serie de importantes cambios estructurales que han permitido al grupo de desarrolladores continuar innovando en cuanto al soporte hardware tal y como han hecho en sus anteriores versiones anticipándose al resto de distribuciones. Estos cambios les han permitido mantenerse en la vanguardia en las tecnologías inalámbricas.

Technologie
1  sur  29
Télécharger pour lire hors ligne
WiFiSlax 4.0 beta Advances and improvements Congreso de Seguridad ~ Rooted CON’2010
What was? • Focused on Wireless Audit • Latest tools for Wireless Audit • Drivers of the most common chipsets in our laptops (innovating with packet injection support) • Ease of use for the uninitiated in GNU/Linux • Launchers and GUI tools • Basic help in spanish Congreso de Seguridad ~ Rooted CON’2010 2
WiFiSlax 4.0 beta Congreso de Seguridad ~ Rooted CON’2010 3
What? • GNU/Linux distribution • Debian Stable based • Nowadays, not only Wireless Security: /NETWORK VULNERABILITY & PENTESTING /BLUETOOTH /RFID /IRDA /SERIAL PORT /CRACKING /REVERSING /FORENSIC • Compatible with other system • GRUB as boot loader Congreso de Seguridad ~ Rooted CON’2010 4
What? • Live CD/DVD/USB • Kernel 2.6.32.5 SMP • KDE 3.5.10|¿KDE 4? – Compiz Fusion included – Drivers ATI / Drivers NVIDIA • Automount new drives – RO/RW over NTFS, HFS and NAS • Automount new devices – Wireless devices / mouse / etc Congreso de Seguridad ~ Rooted CON’2010 5
Which support? • Ease of use regardless of driver • Launch GUI: – Broadcom bcm43xx – Intel IPW2200, IPW3945, IPW4965 – Ralink rt2570, rt73 – Prism, Prism2 – Realtek rt8180/rt8185, rt8187 – Atheros mode managed, monitor, master • Problems with your chipset? – usbview, lsusb, lspci, dmesg, etc... Congreso de Seguridad ~ Rooted CON’2010 6
Which support?  Prism54  IPW2100  Madwifi-ng  IPW2200  Wlan-ng  IPW3945  HostAP  IPW4965  Ralink rt2570  Intel WiFi Link 5X000  Ralink rt61  Zydas ZD1201  Ralink rt73  Zydas ZD1211rw  Ralink rt2X00  Zydas ZD1211b  Ralink rt2860  Realtek rtl8180  Ralink rt2870  Realtek rtl8185  Ralink rt8187  Realtek rtl8187B/L  Ralink rt3070  Atheros AR5007EG  Broadcom Congreso de Seguridad ~ Rooted CON’2010 7
What included? • Konqueror 3.5.9 • Iceweasel 3.6 – NoScript – Live HTTP headers – ShowIP – Tamper Data – Firebug – HackBar – etc Congreso de Seguridad ~ Rooted CON’2010 8
What include? • Audit & security tools • Wireless chipsets for auditing & pentesting • Wireless tools – Kismet, machanger, aircrack-ng, aircrack-ptw, etc • Cryptanalysis tools (WEP/WPA/WPA2, cookie entropy, etc) Congreso de Seguridad ~ Rooted CON’2010 9
What included? • Wi-Spy – Channels spectrum analyzer Congreso de Seguridad ~ Rooted CON’2010 1 0
Aircrack-ng-patch • Anticipating the next speaker: • WiFiSlax 4.0 is the only distribution that is not vulnerable to 0-day of Airodump-ng 1.0 [No more details, yet] – Thanks to Iñaki L. ;-) Congreso de Seguridad ~ Rooted CON’2010 1 1
What included? • More audit tools: – Zenmap – Wireshark – ettercap – asleap – Scapy – Etc. Congreso de Seguridad ~ Rooted CON’2010 1 2
What included? • wesside-ng – Automatic cracking WEP • WifiZoo v1.3 – WEP/WPA support (only in WiFiSlax 4) Congreso de Seguridad ~ Rooted CON’2010 1 3
Other attacks • Karma • Airbase-ng • Fake APs (MitM and hirte attack) auto-connect for Windows & MacOS clients & ¿mobile devices? ;-) Congreso de Seguridad ~ Rooted CON’2010 1 4
What included? • Bluetooth support: • airotooth.sh • Bluetooth Sniffing • BTSniff for chipsets CSR BC4 Flash/RAM • BTCrack for Linux Congreso de Seguridad ~ Rooted CON’2010 1 5
What included? • RFID tools: • IrDA & Serial port: • 3-G support: • Vodafone  • Yoigo  • Movistar ? Congreso de Seguridad ~ Rooted CON’2010 1 6
What included? • Cracking: • Reversing: Congreso de Seguridad ~ Rooted CON’2010 1 7
What included? • Forensic: Congreso de Seguridad ~ Rooted CON’2010 1 8
What included? • Recomposition of TCP sessions: • airdecap-ng • Form Fields without SSL encryption • Uncipher, WEP, WPA, WPA2 connections • Xplico – Data mining and network forensic • Wireshark • Uncipher, WEP and WPA connections • VoIP Congreso de Seguridad ~ Rooted CON’2010 1 9
What included? • Karmetasploit • Rogue AP attacks for e-mail and web password interception, cookie stealing and insecure services (POP3, FTP, SMB, etc) • Lorcon • Packet injection library for IEEE 802.11 • Lorcon2 • Packet and shellcode injection with Metasploit Congreso de Seguridad ~ Rooted CON’2010 2 0
What included? • Network security & Information gathering: Congreso de Seguridad ~ Rooted CON’2010 2 1
What included? • DNS: • WEB: …and DioNiSio Congreso de Seguridad ~ Rooted CON’2010 2 2
What do you expect? • For n-th time: WEP IS INSECURE BY DESING! – Vendors such as Ubiquiti don’t support • Forget poorly implemented ciphers – Don't exist strong passwords – Security must be transparent for the user Congreso de Seguridad ~ Rooted CON’2010 2 3
What do you expect? • Efficient alternative to another distributions • Abandon WEP and WPA • Improving wireless security • Automate and collect audit tools • Promote new security standards • Fostering interest in security Congreso de Seguridad ~ Rooted CON’2010 2 4
Updates? • Update packages : – apt-get / aptitude • WiFiSlax 4.0 repository: – Valid for all Debian Congreso de Seguridad ~ Rooted CON’2010 2 5
Who? • Staff elhacker.net ? • Staff Seguridadwireless.net ? pers ve l o g s of de thin roup make and ght g w to ry ti ho A ve know se, effe ctive • who r, conci clea ient. effic Congreso de Seguridad ~ Rooted CON’2010 2 6
Where? • WiFiSlax.com Oficial Webpage: http://www.wifislax.com/ • WiFiSlax @ LinkedIn Oficial Group: http://www.linkedin.com/groups?gid=2066315 Congreso de Seguridad ~ Rooted CON’2010 2 7
Questions? • Thanks to: – SeguridadWireless.net – BrutalSec.net – …anyone wishing to include their tools!  Congreso de Seguridad ~ Rooted CON’2010 2 8
www.wifislax.com Sergio González Congreso de Seguridad ~ Rooted CON’2010

Recommandé

Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Positive Hack Days
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
Priyanka Aash
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Wireless security
Wireless securityWireless security
Wireless security
Aurobindo Nayak
 
Буткит через СМС: оценка безопасности сети 4G
Буткит через СМС: оценка безопасности сети 4GБуткит через СМС: оценка безопасности сети 4G
Буткит через СМС: оценка безопасности сети 4G
Positive Hack Days
 

Recommandé

Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Positive Hack Days
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
Priyanka Aash
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Wireless security
Wireless securityWireless security
Wireless security
Aurobindo Nayak
 
Буткит через СМС: оценка безопасности сети 4G
Буткит через СМС: оценка безопасности сети 4GБуткит через СМС: оценка безопасности сети 4G
Буткит через СМС: оценка безопасности сети 4G
Positive Hack Days
 
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on..." Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
PROIDEA
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
RootedCON
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
CODE BLUE
 
Forti gate 90d
Forti gate 90dForti gate 90d
Forti gate 90d
hape01
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd
 
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald..."Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
PROIDEA
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Fatih Ozavci
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
ShilaThak
 
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Priyanka Aash
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
Priyanka Aash
 
wifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slideswifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slides
guest1c1a9a
 
Introduction to epid
Introduction to epidIntroduction to epid
Introduction to epid
BeMyApp
 
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
Martin Schütte
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
Cisco Russia
 
Fortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-seriesFortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-series
Julian Ernesto Martinez Oliva
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Introduction ciot workshop premeetup
Introduction ciot workshop premeetupIntroduction ciot workshop premeetup
Introduction ciot workshop premeetup
BeMyApp
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
PROIDEA
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
Aleksandr Timorin
 

Contenu connexe

Tendances

" Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on..." Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
PROIDEA
 
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald..."Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
PROIDEA
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Fatih Ozavci
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
ShilaThak
 
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Priyanka Aash
 
wifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slideswifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slides
guest1c1a9a
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 

Tendances (19)

" Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on..." Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
 
Forti gate 90d
Forti gate 90dForti gate 90d
Forti gate 90d
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster Forward
 
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald..."Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
 
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
 
wifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slideswifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slides
 
Introduction to epid
Introduction to epidIntroduction to epid
Introduction to epid
 
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
Fortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-seriesFortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-series
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Introduction ciot workshop premeetup
Introduction ciot workshop premeetupIntroduction ciot workshop premeetup
Introduction ciot workshop premeetup
 

Similaire à Sergio González - WiFiSlax 4.0 [RootedCON 2010]

Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Stéphanie Roger
 
Scada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanismsScada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanisms
Aleksandr Timorin
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
Brian Knopf
 

Similaire à Sergio González - WiFiSlax 4.0 [RootedCON 2010] (20)

OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
 
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITBHow to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
 
Why choose pan
Why choose panWhy choose pan
Why choose pan
 
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)
 
PicoScenes Tutorial @ CPS-IOT Week 2022
PicoScenes Tutorial @ CPS-IOT Week 2022PicoScenes Tutorial @ CPS-IOT Week 2022
PicoScenes Tutorial @ CPS-IOT Week 2022
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
Scada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanismsScada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanisms
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...
 
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
Make Your Own IoT Device by ZigBee
Make Your Own IoT Device by ZigBeeMake Your Own IoT Device by ZigBee
Make Your Own IoT Device by ZigBee
 
Cybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitzCybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitz
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORT
 

Plus de RootedCON

Plus de RootedCON (20)

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
 
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amado
 
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
 
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
 
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
 
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
 
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
 
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
 
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molina
 
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
 
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopez
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
 
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jara
 
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
 
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
 
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
 
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
 

Dernier

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Sergio González - WiFiSlax 4.0 [RootedCON 2010]

  • 1. WiFiSlax 4.0 beta Advances and improvements Congreso de Seguridad ~ Rooted CON’2010
  • 2. What was? • Focused on Wireless Audit • Latest tools for Wireless Audit • Drivers of the most common chipsets in our laptops (innovating with packet injection support) • Ease of use for the uninitiated in GNU/Linux • Launchers and GUI tools • Basic help in spanish Congreso de Seguridad ~ Rooted CON’2010 2
  • 3. WiFiSlax 4.0 beta Congreso de Seguridad ~ Rooted CON’2010 3
  • 4. What? • GNU/Linux distribution • Debian Stable based • Nowadays, not only Wireless Security: /NETWORK VULNERABILITY & PENTESTING /BLUETOOTH /RFID /IRDA /SERIAL PORT /CRACKING /REVERSING /FORENSIC • Compatible with other system • GRUB as boot loader Congreso de Seguridad ~ Rooted CON’2010 4
  • 5. What? • Live CD/DVD/USB • Kernel 2.6.32.5 SMP • KDE 3.5.10|¿KDE 4? – Compiz Fusion included – Drivers ATI / Drivers NVIDIA • Automount new drives – RO/RW over NTFS, HFS and NAS • Automount new devices – Wireless devices / mouse / etc Congreso de Seguridad ~ Rooted CON’2010 5
  • 6. Which support? • Ease of use regardless of driver • Launch GUI: – Broadcom bcm43xx – Intel IPW2200, IPW3945, IPW4965 – Ralink rt2570, rt73 – Prism, Prism2 – Realtek rt8180/rt8185, rt8187 – Atheros mode managed, monitor, master • Problems with your chipset? – usbview, lsusb, lspci, dmesg, etc... Congreso de Seguridad ~ Rooted CON’2010 6
  • 7. Which support?  Prism54  IPW2100  Madwifi-ng  IPW2200  Wlan-ng  IPW3945  HostAP  IPW4965  Ralink rt2570  Intel WiFi Link 5X000  Ralink rt61  Zydas ZD1201  Ralink rt73  Zydas ZD1211rw  Ralink rt2X00  Zydas ZD1211b  Ralink rt2860  Realtek rtl8180  Ralink rt2870  Realtek rtl8185  Ralink rt8187  Realtek rtl8187B/L  Ralink rt3070  Atheros AR5007EG  Broadcom Congreso de Seguridad ~ Rooted CON’2010 7
  • 8. What included? • Konqueror 3.5.9 • Iceweasel 3.6 – NoScript – Live HTTP headers – ShowIP – Tamper Data – Firebug – HackBar – etc Congreso de Seguridad ~ Rooted CON’2010 8
  • 9. What include? • Audit & security tools • Wireless chipsets for auditing & pentesting • Wireless tools – Kismet, machanger, aircrack-ng, aircrack-ptw, etc • Cryptanalysis tools (WEP/WPA/WPA2, cookie entropy, etc) Congreso de Seguridad ~ Rooted CON’2010 9
  • 10. What included? • Wi-Spy – Channels spectrum analyzer Congreso de Seguridad ~ Rooted CON’2010 1 0
  • 11. Aircrack-ng-patch • Anticipating the next speaker: • WiFiSlax 4.0 is the only distribution that is not vulnerable to 0-day of Airodump-ng 1.0 [No more details, yet] – Thanks to Iñaki L. ;-) Congreso de Seguridad ~ Rooted CON’2010 1 1
  • 12. What included? • More audit tools: – Zenmap – Wireshark – ettercap – asleap – Scapy – Etc. Congreso de Seguridad ~ Rooted CON’2010 1 2
  • 13. What included? • wesside-ng – Automatic cracking WEP • WifiZoo v1.3 – WEP/WPA support (only in WiFiSlax 4) Congreso de Seguridad ~ Rooted CON’2010 1 3
  • 14. Other attacks • Karma • Airbase-ng • Fake APs (MitM and hirte attack) auto-connect for Windows & MacOS clients & ¿mobile devices? ;-) Congreso de Seguridad ~ Rooted CON’2010 1 4
  • 15. What included? • Bluetooth support: • airotooth.sh • Bluetooth Sniffing • BTSniff for chipsets CSR BC4 Flash/RAM • BTCrack for Linux Congreso de Seguridad ~ Rooted CON’2010 1 5
  • 16. What included? • RFID tools: • IrDA & Serial port: • 3-G support: • Vodafone  • Yoigo  • Movistar ? Congreso de Seguridad ~ Rooted CON’2010 1 6
  • 17. What included? • Cracking: • Reversing: Congreso de Seguridad ~ Rooted CON’2010 1 7
  • 18. What included? • Forensic: Congreso de Seguridad ~ Rooted CON’2010 1 8
  • 19. What included? • Recomposition of TCP sessions: • airdecap-ng • Form Fields without SSL encryption • Uncipher, WEP, WPA, WPA2 connections • Xplico – Data mining and network forensic • Wireshark • Uncipher, WEP and WPA connections • VoIP Congreso de Seguridad ~ Rooted CON’2010 1 9
  • 20. What included? • Karmetasploit • Rogue AP attacks for e-mail and web password interception, cookie stealing and insecure services (POP3, FTP, SMB, etc) • Lorcon • Packet injection library for IEEE 802.11 • Lorcon2 • Packet and shellcode injection with Metasploit Congreso de Seguridad ~ Rooted CON’2010 2 0
  • 21. What included? • Network security & Information gathering: Congreso de Seguridad ~ Rooted CON’2010 2 1
  • 22. What included? • DNS: • WEB: …and DioNiSio Congreso de Seguridad ~ Rooted CON’2010 2 2
  • 23. What do you expect? • For n-th time: WEP IS INSECURE BY DESING! – Vendors such as Ubiquiti don’t support • Forget poorly implemented ciphers – Don't exist strong passwords – Security must be transparent for the user Congreso de Seguridad ~ Rooted CON’2010 2 3
  • 24. What do you expect? • Efficient alternative to another distributions • Abandon WEP and WPA • Improving wireless security • Automate and collect audit tools • Promote new security standards • Fostering interest in security Congreso de Seguridad ~ Rooted CON’2010 2 4
  • 25. Updates? • Update packages : – apt-get / aptitude • WiFiSlax 4.0 repository: – Valid for all Debian Congreso de Seguridad ~ Rooted CON’2010 2 5
  • 26. Who? • Staff elhacker.net ? • Staff Seguridadwireless.net ? pers ve l o g s of de thin roup make and ght g w to ry ti ho A ve know se, effe ctive • who r, conci clea ient. effic Congreso de Seguridad ~ Rooted CON’2010 2 6
  • 27. Where? • WiFiSlax.com Oficial Webpage: http://www.wifislax.com/ • WiFiSlax @ LinkedIn Oficial Group: http://www.linkedin.com/groups?gid=2066315 Congreso de Seguridad ~ Rooted CON’2010 2 7
  • 28. Questions? • Thanks to: – SeguridadWireless.net – BrutalSec.net – …anyone wishing to include their tools!  Congreso de Seguridad ~ Rooted CON’2010 2 8
  • 29. www.wifislax.com Sergio González Congreso de Seguridad ~ Rooted CON’2010