SlideShare uma empresa Scribd logo
1 de 17
Baixar para ler offline
8/6/16
The State of WiFi Security
Another presentation in the
“Why specifically does it suck”
seminar series
8/6/16
●
Open
●
WEP
●
WPA
●
WPA2
●
WPA2 Enterprise
●
…?
8/6/16
WEP is dead lets not talk about it
8/6/16
WPA vs WPA2
●
Auth: TKIP (RC4)
●
Cipher: RC4
●
Enterprise: EAP, TKIP,
RC4
●
CCMP (AES+MAC)
●
AES (optionally RC4)
●
EAP, CCMP, AES
8/6/16
WPA and Rainbows
●
Can you make WPA rainbow tables?
– Yes but you’d be an idiot
●
Why?
– Glad you asked!
– WPA[1,2] takes a string as the password and salts it with the SSID
– “password” + “Linksys” == “passwordLinksys”
– Actually this is how you make the pair-wise master key
pwmk = PBKDF2(HMAC-SHA1, “password”, “Linksys”, 4096 rounds, 256
bit)
– Therefore, only pre-compute words for common SSIDs
8/6/16
Latest Rage
●
Shared Wifi: “We are all secure because we
have WPA2 and a strong password”
– WRONG
8/6/16
Demo?
●
Play along at home:
http://www.lovemytool.com/files/test.pcap
●
Precompute WPA key
– https://www.wireshark.org/tools/wpa-psk.html
●
Open wireshark preferences
●
Got to IEEE 802.11 and add key
●
…
●
Magic
8/6/16
Old Rage
●
“Well I use HTTPS and that’s just passive
interception”
– Mostly true
●
We still have ARP and DHCP and DNS servers
that are skiddy hackable
●
Can’t trust any shared networks
8/6/16
Example: Interlock
●
Interlock-Members:
Password changes every 2
years at most, everyone
knows the password
– Passive interception and
decryption
– Let me save you some time
●
Interlock-Guest: open wifi,
no security
8/6/16
Enterprise Environments
●
WPA2 Personal: Everyone gets the same key
●
WPA2 Enterprise: Everyone makes their own
key based on their authentication (credentials,
certificate, etc)
●
No more wireshark decrypt
8/6/16
Attacking WPA2 Enterprise
●
Setup Rogue AP
●
Have the client connect to it
●
Receive the EAP protected credentials
●
Use `asleap` to crack protected credentials
8/6/16
Fuck Defending Enterprise
8/6/16
Defending Home/Hackerspace
●
No one wants to maintain a RADIUS server just
to do authentication over wifi
– Ok except for Pee
●
A RADIUS service is a target
●
What if you don’t care about authentication but
just care about making a single session key?
8/6/16
Setup
●
Setup FreeRADIUS server to authenticate your
wireless network
●
Add the following lines
– DEFAULT Auth-Type := Accept
– log_auth = yes
– log_auth_badpass = yes
– log_auth_goodpass = yes
●
Bonus: This will collect all usernames and
passwords that people enter.
– “Please log in with your Gmail or Yahoo passwords”
8/6/16
Conclusion
●
This is super hacky but effective
●
WPA crypto primitives are getting old:
– SHA1
– PBKDF2 with only 4096 bit
– No PFS
●
WPA is old: 2004
●
There are no plans AFAIK to change them
●
WPA3: SHA256, PSK, DH temporal key exchange
8/6/16
The Bill Slide
●
No, your WiFi isn’t secure enough
●
WPA2 Enterprise + EAP + Any username is
more secure
●
Google “radius docker wpa” done.
●
Tell management that wifi sucks because it
doesn’t have Diffie-Hellman. Seriously.
8/6/16

Mais conteúdo relacionado

Mais procurados

Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web HostingOVHcloud
 
Information Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsInformation Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsDave sirof
 
[Greach 2016] Down The RabbitMQ Hole
[Greach 2016] Down The RabbitMQ Hole[Greach 2016] Down The RabbitMQ Hole
[Greach 2016] Down The RabbitMQ HoleAlonso Torres
 
Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Puppet
 
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesJoomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesNicholas Dionysopoulos
 
WordPress Security - A Top Down Approach
WordPress Security - A Top Down ApproachWordPress Security - A Top Down Approach
WordPress Security - A Top Down ApproachBrecht Ryckaert
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeDhruv Sharma
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linuxJames Jara
 
Best forex vps
Best forex vpsBest forex vps
Best forex vpsBestFXVPS
 
Jassa la GeekMeet Bucuresti
Jassa la GeekMeet BucurestiJassa la GeekMeet Bucuresti
Jassa la GeekMeet Bucurestialexnovac
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
Get a vpn for business
Get a vpn for businessGet a vpn for business
Get a vpn for businessAmyhm
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadMehtabRohela
 
Passwordless login with unix auth_socket
Passwordless login with unix auth_socketPasswordless login with unix auth_socket
Passwordless login with unix auth_socketOtto Kekäläinen
 
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups OVHcloud
 
SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017Ales Lichtenberg
 
Installing OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
Installing OpenSim (Diva Distro) to Create Your Own Private Sim SandboxInstalling OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
Installing OpenSim (Diva Distro) to Create Your Own Private Sim SandboxFleep Tuque
 

Mais procurados (20)

Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure Security
 
Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web Hosting
 
Information Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsInformation Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple Steps
 
[Greach 2016] Down The RabbitMQ Hole
[Greach 2016] Down The RabbitMQ Hole[Greach 2016] Down The RabbitMQ Hole
[Greach 2016] Down The RabbitMQ Hole
 
Windows web-hosting
Windows web-hostingWindows web-hosting
Windows web-hosting
 
Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014
 
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesJoomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
 
WordPress Security - A Top Down Approach
WordPress Security - A Top Down ApproachWordPress Security - A Top Down Approach
WordPress Security - A Top Down Approach
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linux
 
Best forex vps
Best forex vpsBest forex vps
Best forex vps
 
Jassa la GeekMeet Bucuresti
Jassa la GeekMeet BucurestiJassa la GeekMeet Bucuresti
Jassa la GeekMeet Bucuresti
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
 
Get a vpn for business
Get a vpn for businessGet a vpn for business
Get a vpn for business
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
 
Passwordless login with unix auth_socket
Passwordless login with unix auth_socketPasswordless login with unix auth_socket
Passwordless login with unix auth_socket
 
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
 
SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017
 
Installing OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
Installing OpenSim (Diva Distro) to Create Your Own Private Sim SandboxInstalling OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
Installing OpenSim (Diva Distro) to Create Your Own Private Sim Sandbox
 
Overdracht
OverdrachtOverdracht
Overdracht
 

Destaque

Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_publicantitree
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Initantitree
 
Docker Security
Docker SecurityDocker Security
Docker Securityantitree
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpnantitree
 
Salander v bond 2600
Salander v bond 2600Salander v bond 2600
Salander v bond 2600antitree
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
A brief history of teledildonics
A brief history of teledildonicsA brief history of teledildonics
A brief history of teledildonicsDb Cooper
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpadantitree
 
Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014Db Cooper
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuceDb Cooper
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting publicantitree
 
How [not] to throw a b sides
How [not] to throw a b sidesHow [not] to throw a b sides
How [not] to throw a b sidesantitree
 
Image based automation
Image based automationImage based automation
Image based automationantitree
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15antitree
 
Dapps for Web Developers Aberdeen Techmeetup
Dapps for Web Developers Aberdeen TechmeetupDapps for Web Developers Aberdeen Techmeetup
Dapps for Web Developers Aberdeen TechmeetupJames Littlejohn
 
日本のIT市場のトピックス
日本のIT市場のトピックス日本のIT市場のトピックス
日本のIT市場のトピックスHiroyasu NOHATA
 
Etherem ~ agvm
Etherem ~ agvmEtherem ~ agvm
Etherem ~ agvmgha sshee
 
Vision for a health blockchain
Vision for a health blockchainVision for a health blockchain
Vision for a health blockchainJames Littlejohn
 

Destaque (20)

Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_public
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Init
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpn
 
Salander v bond 2600
Salander v bond 2600Salander v bond 2600
Salander v bond 2600
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
A brief history of teledildonics
A brief history of teledildonicsA brief history of teledildonics
A brief history of teledildonics
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
 
Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting public
 
How [not] to throw a b sides
How [not] to throw a b sidesHow [not] to throw a b sides
How [not] to throw a b sides
 
Image based automation
Image based automationImage based automation
Image based automation
 
0x20 hack
0x20 hack0x20 hack
0x20 hack
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
 
Dapps for Web Developers Aberdeen Techmeetup
Dapps for Web Developers Aberdeen TechmeetupDapps for Web Developers Aberdeen Techmeetup
Dapps for Web Developers Aberdeen Techmeetup
 
Ethereum @ descon 2016
Ethereum @ descon 2016Ethereum @ descon 2016
Ethereum @ descon 2016
 
日本のIT市場のトピックス
日本のIT市場のトピックス日本のIT市場のトピックス
日本のIT市場のトピックス
 
Etherem ~ agvm
Etherem ~ agvmEtherem ~ agvm
Etherem ~ agvm
 
Vision for a health blockchain
Vision for a health blockchainVision for a health blockchain
Vision for a health blockchain
 

Semelhante a State of wifi_2016

SSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverSSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverhannob
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Daniele Albrizio
 
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linaro
 
Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015Netgate
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hackingPranshu Pareek
 
Securing your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataSecuring your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataColin Charles
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015Netgate
 
IPv6 networking training sduffy v3
IPv6 networking training   sduffy v3IPv6 networking training   sduffy v3
IPv6 networking training sduffy v3Shane Duffy
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteHostedGraphite
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
What’s new in cas 4.2
What’s new in cas 4.2 What’s new in cas 4.2
What’s new in cas 4.2 Misagh Moayyed
 
Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019Alkin Tezuysal
 

Semelhante a State of wifi_2016 (20)

SSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverSSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS server
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
 
Is Wi-Fi Enterprise so perfect?
Is Wi-Fi Enterprise so perfect?Is Wi-Fi Enterprise so perfect?
Is Wi-Fi Enterprise so perfect?
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick graziani
 
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
 
Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
 
Run Your Own 6LoWPAN Based IoT Network
Run Your Own 6LoWPAN Based IoT NetworkRun Your Own 6LoWPAN Based IoT Network
Run Your Own 6LoWPAN Based IoT Network
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
Securing your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataSecuring your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server data
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
 
IPv6 networking training sduffy v3
IPv6 networking training   sduffy v3IPv6 networking training   sduffy v3
IPv6 networking training sduffy v3
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Wireless LAN Security Fundamentals
Wireless LAN Security FundamentalsWireless LAN Security Fundamentals
Wireless LAN Security Fundamentals
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
What’s new in cas 4.2
What’s new in cas 4.2 What’s new in cas 4.2
What’s new in cas 4.2
 
Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019
 

Mais de antitree

Hardening ssh configurations
Hardening ssh configurationsHardening ssh configurations
Hardening ssh configurationsantitree
 
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3antitree
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Android Hacking
Android HackingAndroid Hacking
Android Hackingantitree
 
Lock picking barcamp
Lock picking barcampLock picking barcamp
Lock picking barcampantitree
 
Lock picking 2600
Lock picking 2600Lock picking 2600
Lock picking 2600antitree
 
Anti tree firesheep
Anti tree firesheepAnti tree firesheep
Anti tree firesheepantitree
 
Hackerspaces
HackerspacesHackerspaces
Hackerspacesantitree
 
Intro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben WoodruffIntro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben Woodruffantitree
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Torantitree
 
Dll hijacking
Dll hijackingDll hijacking
Dll hijackingantitree
 

Mais de antitree (13)

Hardening ssh configurations
Hardening ssh configurationsHardening ssh configurations
Hardening ssh configurations
 
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
 
Tor
TorTor
Tor
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
Lock picking barcamp
Lock picking barcampLock picking barcamp
Lock picking barcamp
 
Lock picking 2600
Lock picking 2600Lock picking 2600
Lock picking 2600
 
Anti tree firesheep
Anti tree firesheepAnti tree firesheep
Anti tree firesheep
 
Hackerspaces
HackerspacesHackerspaces
Hackerspaces
 
Intro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben WoodruffIntro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben Woodruff
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Tor
 
Dll hijacking
Dll hijackingDll hijacking
Dll hijacking
 

Último

Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 

Último (20)

Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 

State of wifi_2016

  • 1. 8/6/16 The State of WiFi Security Another presentation in the “Why specifically does it suck” seminar series
  • 3. 8/6/16 WEP is dead lets not talk about it
  • 4. 8/6/16 WPA vs WPA2 ● Auth: TKIP (RC4) ● Cipher: RC4 ● Enterprise: EAP, TKIP, RC4 ● CCMP (AES+MAC) ● AES (optionally RC4) ● EAP, CCMP, AES
  • 5. 8/6/16 WPA and Rainbows ● Can you make WPA rainbow tables? – Yes but you’d be an idiot ● Why? – Glad you asked! – WPA[1,2] takes a string as the password and salts it with the SSID – “password” + “Linksys” == “passwordLinksys” – Actually this is how you make the pair-wise master key pwmk = PBKDF2(HMAC-SHA1, “password”, “Linksys”, 4096 rounds, 256 bit) – Therefore, only pre-compute words for common SSIDs
  • 6. 8/6/16 Latest Rage ● Shared Wifi: “We are all secure because we have WPA2 and a strong password” – WRONG
  • 7. 8/6/16 Demo? ● Play along at home: http://www.lovemytool.com/files/test.pcap ● Precompute WPA key – https://www.wireshark.org/tools/wpa-psk.html ● Open wireshark preferences ● Got to IEEE 802.11 and add key ● … ● Magic
  • 8. 8/6/16 Old Rage ● “Well I use HTTPS and that’s just passive interception” – Mostly true ● We still have ARP and DHCP and DNS servers that are skiddy hackable ● Can’t trust any shared networks
  • 9. 8/6/16 Example: Interlock ● Interlock-Members: Password changes every 2 years at most, everyone knows the password – Passive interception and decryption – Let me save you some time ● Interlock-Guest: open wifi, no security
  • 10. 8/6/16 Enterprise Environments ● WPA2 Personal: Everyone gets the same key ● WPA2 Enterprise: Everyone makes their own key based on their authentication (credentials, certificate, etc) ● No more wireshark decrypt
  • 11. 8/6/16 Attacking WPA2 Enterprise ● Setup Rogue AP ● Have the client connect to it ● Receive the EAP protected credentials ● Use `asleap` to crack protected credentials
  • 13. 8/6/16 Defending Home/Hackerspace ● No one wants to maintain a RADIUS server just to do authentication over wifi – Ok except for Pee ● A RADIUS service is a target ● What if you don’t care about authentication but just care about making a single session key?
  • 14. 8/6/16 Setup ● Setup FreeRADIUS server to authenticate your wireless network ● Add the following lines – DEFAULT Auth-Type := Accept – log_auth = yes – log_auth_badpass = yes – log_auth_goodpass = yes ● Bonus: This will collect all usernames and passwords that people enter. – “Please log in with your Gmail or Yahoo passwords”
  • 15. 8/6/16 Conclusion ● This is super hacky but effective ● WPA crypto primitives are getting old: – SHA1 – PBKDF2 with only 4096 bit – No PFS ● WPA is old: 2004 ● There are no plans AFAIK to change them ● WPA3: SHA256, PSK, DH temporal key exchange
  • 16. 8/6/16 The Bill Slide ● No, your WiFi isn’t secure enough ● WPA2 Enterprise + EAP + Any username is more secure ● Google “radius docker wpa” done. ● Tell management that wifi sucks because it doesn’t have Diffie-Hellman. Seriously.