SlideShare uma empresa Scribd logo

Ygoltsev dcg 21_08_wifiineapple

Transferir como PPTX, PDF
Y
ygoltsev

Ygoltsev dcg 21_08_wifiineapple

TurismoNegócios
1 de 28
Автономный сетевой шпион. WiFi Pineapple usage in the wild 21/08/2012 DCG #7812 г. Санкт-Петербург by @ygoltsev @d0znpp @d_olex
Few words about myself Security expert/ Penetration testing team Community member PHDays g00n Editor Defcon Russia (DCG #7812) 2
WiFi Pineapple by http://cloud.wifipineapple.com/ Defcon Russia (DCG #7812) 3
Functionality • Stealth Access Point for Man-in-the-Middle attacks • Mobile Broadband connectivity (3g/4g via USB) • Manage from afar with persistent SSH tunnels and meterpreter • Relay or Deauth attack with auxiliary WiFi adapter • Web-based management simplify MITM attacks • Easily concealed and battery powered • Expandable with community modules Defcon Russia (DCG #7812) 4
Based on AP121U (http://bit.ly/NAvaq9) - 45 $ + Jasager (OpenWRT) (http://bit.ly/EgvNV) - free Defcon Russia (DCG #7812) 5
AP121U • 93 x 70 x 26mm • 74g • IEEE 802.11b/g/n • 2x Ethernet • USB 2.0 • 400 MHz Defcon Russia (DCG #7812) 6
Jasager - Linux (kernel 3.2) - hostapd (http://hostap.epitest.fi/hostapd/) hostapd is a user space daemon for access point and authentication servers. - Karma (http://www.digininja.org/karma/) Patch for hostapd. Set of patches to access point software to get it to respond to probe requests not just for itself but for any ESSID requested. Defcon Russia (DCG #7812) 7
Equalness = Defcon Russia (DCG #7812) 8
But • 93 x 70 x 26mm • 74g and 100 $... Defcon Russia (DCG #7812) 9
money - not so important Defcon Russia (DCG #7812) 10
Yammi!! Defcon Russia (DCG #7812) 11
Usage - As a home router - As a tool for penetration testing - As an energy independent network spy Defcon Russia (DCG #7812) 12
Some statistics • Location: Big Mall, Food Court • Wi-Fi SSID – ‘Ne_podkluchaytes_k_etoy_to4ke’ • Action: Respond to all probe request. Disconnect. Ignore MAC next time. Defcon Russia (DCG #7812) 13
Over 9000…. P.S. Over 100 Defcon Russia (DCG #7812) 14
More interesting ~ 189 minutes Defcon Russia (DCG #7812) 15
More interesting • Mobile Juice pack ~ More than 6 hours Defcon Russia (DCG #7812) 16
And what if? Defcon Russia (DCG #7812) 17
Other stuff • More than 20 add-ons (modules) • Build in web/dns/ssh services • tcpdump/air*/ettercap/sslstrip Defcon Russia (DCG #7812) 18
Cover story: fairy tale Defcon Russia (DCG #7812) 19
Cover story: legendary legend Defcon Russia (DCG #7812) 20
Cover story: box location Defcon Russia (DCG #7812) 21
Cover story: box location Defcon Russia (DCG #7812) 22
Cover story: packing the box • Pelican boxes – the best choice Defcon Russia (DCG #7812) 23
Cover story: setting up environment • Setting up SSH tunnel • … • Do the stuff Defcon Russia (DCG #7812) 24
Cover story: Catch me if you can • Wipe all shit! + Defcon Russia (DCG #7812) 25
Bonus track: Wipe video Defcon Russia (DCG #7812) 26
Bonus track: Wipe Defcon Russia (DCG #7812) 27
Thanks for your attention! @ygoltsev ygoltsev@ptsecuity.ru Defcon Russia (DCG #7812) 28

Recomendados

Hack.lu 2016
Hack.lu 2016 Hack.lu 2016
Hack.lu 2016 James Jara
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Sergey Gordeychik
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerFelipe Prado
 
SD-WAN Internet Census, Zeronighst 2018
SD-WAN Internet Census, Zeronighst 2018SD-WAN Internet Census, Zeronighst 2018
SD-WAN Internet Census, Zeronighst 2018Sergey Gordeychik
 
Windows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresWindows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresShakacon
 
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPROIDEA
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Matthew McCullough
 
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CanSecWest
 

Recomendados

Hack.lu 2016
Hack.lu 2016 Hack.lu 2016
Hack.lu 2016 James Jara
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Sergey Gordeychik
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerFelipe Prado
 
SD-WAN Internet Census, Zeronighst 2018
SD-WAN Internet Census, Zeronighst 2018SD-WAN Internet Census, Zeronighst 2018
SD-WAN Internet Census, Zeronighst 2018Sergey Gordeychik
 
Windows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresWindows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresShakacon
 
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPROIDEA
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Matthew McCullough
 
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CanSecWest
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationTamas K Lengyel
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиPositive Hack Days
 
NDIS Packet of Death
NDIS Packet of DeathNDIS Packet of Death
NDIS Packet of Deathnitayart
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
 
Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Nate Lawson
 
Getting_Started_With_Docker
Getting_Started_With_DockerGetting_Started_With_Docker
Getting_Started_With_DockerJason Greathouse
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxPatricia Aas
 
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015CSO_Presentations
 
BSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesBSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesGuglielmo Scaiola
 
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectTamas K Lengyel
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]RootedCON
 
SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)Maarten Mulders
 
Openssl
OpensslOpenssl
OpensslAdam Moravcik
 
Qinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-finalQinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-finalPacSecJP
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Securitywremes
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesCyphort
 
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхSergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхDefconRussia
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]defconmoscow
 
Under the hood of modern HIPS-es and Windows access control mechanisms
Under the hood of modern HIPS-es and Windows access control mechanismsUnder the hood of modern HIPS-es and Windows access control mechanisms
Under the hood of modern HIPS-es and Windows access control mechanismsReCrypt
 

Mais conteúdo relacionado

Mais procurados

Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationTamas K Lengyel
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиPositive Hack Days
 
NDIS Packet of Death
NDIS Packet of DeathNDIS Packet of Death
NDIS Packet of Deathnitayart
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
 
Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Nate Lawson
 
Getting_Started_With_Docker
Getting_Started_With_DockerGetting_Started_With_Docker
Getting_Started_With_DockerJason Greathouse
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxPatricia Aas
 
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015CSO_Presentations
 
BSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesBSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesGuglielmo Scaiola
 
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectTamas K Lengyel
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]RootedCON
 
SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)Maarten Mulders
 
Qinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-finalQinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-finalPacSecJP
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Securitywremes
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesCyphort
 

Mais procurados (19)

Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware Virtualization
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атаки
 
NDIS Packet of Death
NDIS Packet of DeathNDIS Packet of Death
NDIS Packet of Death
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 
Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)
 
Getting_Started_With_Docker
Getting_Started_With_DockerGetting_Started_With_Docker
Getting_Started_With_Docker
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
 
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
 
BSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesBSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniques
 
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
 
SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)
 
Openssl
OpensslOpenssl
Openssl
 
Qinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-finalQinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-final
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
 

Semelhante a Ygoltsev dcg 21_08_wifiineapple

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхSergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхDefconRussia
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]defconmoscow
 
Under the hood of modern HIPS-es and Windows access control mechanisms
Under the hood of modern HIPS-es and Windows access control mechanismsUnder the hood of modern HIPS-es and Windows access control mechanisms
Under the hood of modern HIPS-es and Windows access control mechanismsReCrypt
 
nosymbols - defcon russia 20
nosymbols - defcon russia 20nosymbols - defcon russia 20
nosymbols - defcon russia 20DefconRussia
 
Scylla Summit 2018: The Short and Straight Road That Leads from Cassandra to ...
Scylla Summit 2018: The Short and Straight Road That Leads from Cassandra to ...Scylla Summit 2018: The Short and Straight Road That Leads from Cassandra to ...
Scylla Summit 2018: The Short and Straight Road That Leads from Cassandra to ...ScyllaDB
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureSergey Gordeychik
 
Building the World's Largest GPU
Building the World's Largest GPUBuilding the World's Largest GPU
Building the World's Largest GPURenee Yao
 
Testing CAN network with help of CANToolz
Testing CAN network with help of CANToolzTesting CAN network with help of CANToolz
Testing CAN network with help of CANToolzAlexey Sintsov
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depthyalegko
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
LinuxLabs 2017 talk: Container monitoring challenges
LinuxLabs 2017 talk: Container monitoring challengesLinuxLabs 2017 talk: Container monitoring challenges
LinuxLabs 2017 talk: Container monitoring challengesXavier Vello
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
Data Streaming Ecosystem Management at Booking.com
Data Streaming Ecosystem Management at Booking.com Data Streaming Ecosystem Management at Booking.com
Data Streaming Ecosystem Management at Booking.com confluent
 
Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Jiunn-Jer Sun
 
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobindingDefconRussia
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...viaForensics
 
Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015GregMefford
 

Semelhante a Ygoltsev dcg 21_08_wifiineapple (20)

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхSergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]
 
Under the hood of modern HIPS-es and Windows access control mechanisms
Under the hood of modern HIPS-es and Windows access control mechanismsUnder the hood of modern HIPS-es and Windows access control mechanisms
Under the hood of modern HIPS-es and Windows access control mechanisms
 
nosymbols - defcon russia 20
nosymbols - defcon russia 20nosymbols - defcon russia 20
nosymbols - defcon russia 20
 
Scylla Summit 2018: The Short and Straight Road That Leads from Cassandra to ...
Scylla Summit 2018: The Short and Straight Road That Leads from Cassandra to ...Scylla Summit 2018: The Short and Straight Road That Leads from Cassandra to ...
Scylla Summit 2018: The Short and Straight Road That Leads from Cassandra to ...
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructure
 
Building the World's Largest GPU
Building the World's Largest GPUBuilding the World's Largest GPU
Building the World's Largest GPU
 
Testing CAN network with help of CANToolz
Testing CAN network with help of CANToolzTesting CAN network with help of CANToolz
Testing CAN network with help of CANToolz
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depth
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
 
LinuxLabs 2017 talk: Container monitoring challenges
LinuxLabs 2017 talk: Container monitoring challengesLinuxLabs 2017 talk: Container monitoring challenges
LinuxLabs 2017 talk: Container monitoring challenges
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
Data Streaming Ecosystem Management at Booking.com
Data Streaming Ecosystem Management at Booking.com Data Streaming Ecosystem Management at Booking.com
Data Streaming Ecosystem Management at Booking.com
 
GR740 User day
GR740 User dayGR740 User day
GR740 User day
 
A Software Defined WAN Architecture
A Software Defined WAN ArchitectureA Software Defined WAN Architecture
A Software Defined WAN Architecture
 
Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014
 
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
 
Node.js
Node.jsNode.js
Node.js
 
Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015
 

Último

08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
08448380779 Call Girls In Bhikaji Cama Palace Women Seeking MenDelhi Call girls
 
best weekend places near delhi where you should visit.pdf
best weekend places near delhi where you should visit.pdfbest weekend places near delhi where you should visit.pdf
best weekend places near delhi where you should visit.pdftour guide
 
Dubai Call Girls O528786472 Call Girls Dubai Big Juicy
Dubai Call Girls O528786472 Call Girls Dubai Big JuicyDubai Call Girls O528786472 Call Girls Dubai Big Juicy
Dubai Call Girls O528786472 Call Girls Dubai Big Juicyhf8803863
 
visa consultant | 📞📞 03094429236 || Best Study Visa Consultant
visa consultant | 📞📞 03094429236 || Best Study Visa Consultantvisa consultant | 📞📞 03094429236 || Best Study Visa Consultant
visa consultant | 📞📞 03094429236 || Best Study Visa ConsultantSherazi Tours
 
A Comprehensive Guide to The Types of Dubai Residence Visas.pdf
A Comprehensive Guide to The Types of Dubai Residence Visas.pdfA Comprehensive Guide to The Types of Dubai Residence Visas.pdf
A Comprehensive Guide to The Types of Dubai Residence Visas.pdfDisha Global Tours
 
BERMUDA Triangle the mystery of life.pptx
BERMUDA Triangle the mystery of life.pptxBERMUDA Triangle the mystery of life.pptx
BERMUDA Triangle the mystery of life.pptxseribangash
 
08448380779 Call Girls In Chirag Enclave Women Seeking Men
08448380779 Call Girls In Chirag Enclave Women Seeking Men08448380779 Call Girls In Chirag Enclave Women Seeking Men
08448380779 Call Girls In Chirag Enclave Women Seeking MenDelhi Call girls
 
Akshay Mehndiratta Summer Special Light Meal Ideas From Across India.pptx
Akshay Mehndiratta Summer Special Light Meal Ideas From Across India.pptxAkshay Mehndiratta Summer Special Light Meal Ideas From Across India.pptx
Akshay Mehndiratta Summer Special Light Meal Ideas From Across India.pptxAkshay Mehndiratta
 
Exploring Sicily Your Comprehensive Ebook Travel Guide
Exploring Sicily Your Comprehensive Ebook Travel GuideExploring Sicily Your Comprehensive Ebook Travel Guide
Exploring Sicily Your Comprehensive Ebook Travel GuideTime for Sicily
 
08448380779 Call Girls In Shahdara Women Seeking Men
08448380779 Call Girls In Shahdara Women Seeking Men08448380779 Call Girls In Shahdara Women Seeking Men
08448380779 Call Girls In Shahdara Women Seeking MenDelhi Call girls
 
"Fly with Ease: Booking Your Flights with Air Europa"
"Fly with Ease: Booking Your Flights with Air Europa""Fly with Ease: Booking Your Flights with Air Europa"
"Fly with Ease: Booking Your Flights with Air Europa"flyn goo
 
9 Days Kenya Ultimate Safari Odyssey with Kibera Holiday Safaris
9 Days Kenya Ultimate Safari Odyssey with Kibera Holiday Safaris9 Days Kenya Ultimate Safari Odyssey with Kibera Holiday Safaris
9 Days Kenya Ultimate Safari Odyssey with Kibera Holiday SafarisKibera Holiday Safaris Safaris
 
How to Get Unpublished Flight Deals and Discounts?
How to Get Unpublished Flight Deals and Discounts?How to Get Unpublished Flight Deals and Discounts?
How to Get Unpublished Flight Deals and Discounts?FlyFairTravels
 
char Dham yatra, Uttarakhand tourism.pptx
char Dham yatra, Uttarakhand tourism.pptxchar Dham yatra, Uttarakhand tourism.pptx
char Dham yatra, Uttarakhand tourism.pptxpalakdigital7
 
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsxHoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsxChung Yen Chang
 
How can I fly with the British Airways Unaccompanied Minor Policy?
How can I fly with the British Airways Unaccompanied Minor Policy?How can I fly with the British Airways Unaccompanied Minor Policy?
How can I fly with the British Airways Unaccompanied Minor Policy?flightsvillacom
 
08448380779 Call Girls In Chhattarpur Women Seeking Men
08448380779 Call Girls In Chhattarpur Women Seeking Men08448380779 Call Girls In Chhattarpur Women Seeking Men
08448380779 Call Girls In Chhattarpur Women Seeking MenDelhi Call girls
 

Último (20)

08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
 
Call Girls Service !! Indirapuram!! @9999965857 Delhi 🫦 No Advance VVVIP 🍎 S...
Call Girls Service !! Indirapuram!! @9999965857 Delhi 🫦 No Advance VVVIP 🍎 S...Call Girls Service !! Indirapuram!! @9999965857 Delhi 🫦 No Advance VVVIP 🍎 S...
Call Girls Service !! Indirapuram!! @9999965857 Delhi 🫦 No Advance VVVIP 🍎 S...
 
best weekend places near delhi where you should visit.pdf
best weekend places near delhi where you should visit.pdfbest weekend places near delhi where you should visit.pdf
best weekend places near delhi where you should visit.pdf
 
Rohini Sector 18 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 18 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 18 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 18 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Dubai Call Girls O528786472 Call Girls Dubai Big Juicy
Dubai Call Girls O528786472 Call Girls Dubai Big JuicyDubai Call Girls O528786472 Call Girls Dubai Big Juicy
Dubai Call Girls O528786472 Call Girls Dubai Big Juicy
 
visa consultant | 📞📞 03094429236 || Best Study Visa Consultant
visa consultant | 📞📞 03094429236 || Best Study Visa Consultantvisa consultant | 📞📞 03094429236 || Best Study Visa Consultant
visa consultant | 📞📞 03094429236 || Best Study Visa Consultant
 
A Comprehensive Guide to The Types of Dubai Residence Visas.pdf
A Comprehensive Guide to The Types of Dubai Residence Visas.pdfA Comprehensive Guide to The Types of Dubai Residence Visas.pdf
A Comprehensive Guide to The Types of Dubai Residence Visas.pdf
 
Call Girls Service !! New Friends Colony!! @9999965857 Delhi 🫦 No Advance VV...
Call Girls Service !! New Friends Colony!! @9999965857 Delhi 🫦 No Advance VV...Call Girls Service !! New Friends Colony!! @9999965857 Delhi 🫦 No Advance VV...
Call Girls Service !! New Friends Colony!! @9999965857 Delhi 🫦 No Advance VV...
 
BERMUDA Triangle the mystery of life.pptx
BERMUDA Triangle the mystery of life.pptxBERMUDA Triangle the mystery of life.pptx
BERMUDA Triangle the mystery of life.pptx
 
08448380779 Call Girls In Chirag Enclave Women Seeking Men
08448380779 Call Girls In Chirag Enclave Women Seeking Men08448380779 Call Girls In Chirag Enclave Women Seeking Men
08448380779 Call Girls In Chirag Enclave Women Seeking Men
 
Akshay Mehndiratta Summer Special Light Meal Ideas From Across India.pptx
Akshay Mehndiratta Summer Special Light Meal Ideas From Across India.pptxAkshay Mehndiratta Summer Special Light Meal Ideas From Across India.pptx
Akshay Mehndiratta Summer Special Light Meal Ideas From Across India.pptx
 
Exploring Sicily Your Comprehensive Ebook Travel Guide
Exploring Sicily Your Comprehensive Ebook Travel GuideExploring Sicily Your Comprehensive Ebook Travel Guide
Exploring Sicily Your Comprehensive Ebook Travel Guide
 
08448380779 Call Girls In Shahdara Women Seeking Men
08448380779 Call Girls In Shahdara Women Seeking Men08448380779 Call Girls In Shahdara Women Seeking Men
08448380779 Call Girls In Shahdara Women Seeking Men
 
"Fly with Ease: Booking Your Flights with Air Europa"
"Fly with Ease: Booking Your Flights with Air Europa""Fly with Ease: Booking Your Flights with Air Europa"
"Fly with Ease: Booking Your Flights with Air Europa"
 
9 Days Kenya Ultimate Safari Odyssey with Kibera Holiday Safaris
9 Days Kenya Ultimate Safari Odyssey with Kibera Holiday Safaris9 Days Kenya Ultimate Safari Odyssey with Kibera Holiday Safaris
9 Days Kenya Ultimate Safari Odyssey with Kibera Holiday Safaris
 
How to Get Unpublished Flight Deals and Discounts?
How to Get Unpublished Flight Deals and Discounts?How to Get Unpublished Flight Deals and Discounts?
How to Get Unpublished Flight Deals and Discounts?
 
char Dham yatra, Uttarakhand tourism.pptx
char Dham yatra, Uttarakhand tourism.pptxchar Dham yatra, Uttarakhand tourism.pptx
char Dham yatra, Uttarakhand tourism.pptx
 
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsxHoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
 
How can I fly with the British Airways Unaccompanied Minor Policy?
How can I fly with the British Airways Unaccompanied Minor Policy?How can I fly with the British Airways Unaccompanied Minor Policy?
How can I fly with the British Airways Unaccompanied Minor Policy?
 
08448380779 Call Girls In Chhattarpur Women Seeking Men
08448380779 Call Girls In Chhattarpur Women Seeking Men08448380779 Call Girls In Chhattarpur Women Seeking Men
08448380779 Call Girls In Chhattarpur Women Seeking Men
 

Ygoltsev dcg 21_08_wifiineapple

  • 1. Автономный сетевой шпион. WiFi Pineapple usage in the wild 21/08/2012 DCG #7812 г. Санкт-Петербург by @ygoltsev @d0znpp @d_olex
  • 2. Few words about myself Security expert/ Penetration testing team Community member PHDays g00n Editor Defcon Russia (DCG #7812) 2
  • 3. WiFi Pineapple by http://cloud.wifipineapple.com/ Defcon Russia (DCG #7812) 3
  • 4. Functionality • Stealth Access Point for Man-in-the-Middle attacks • Mobile Broadband connectivity (3g/4g via USB) • Manage from afar with persistent SSH tunnels and meterpreter • Relay or Deauth attack with auxiliary WiFi adapter • Web-based management simplify MITM attacks • Easily concealed and battery powered • Expandable with community modules Defcon Russia (DCG #7812) 4
  • 5. Based on AP121U (http://bit.ly/NAvaq9) - 45 $ + Jasager (OpenWRT) (http://bit.ly/EgvNV) - free Defcon Russia (DCG #7812) 5
  • 6. AP121U • 93 x 70 x 26mm • 74g • IEEE 802.11b/g/n • 2x Ethernet • USB 2.0 • 400 MHz Defcon Russia (DCG #7812) 6
  • 7. Jasager - Linux (kernel 3.2) - hostapd (http://hostap.epitest.fi/hostapd/) hostapd is a user space daemon for access point and authentication servers. - Karma (http://www.digininja.org/karma/) Patch for hostapd. Set of patches to access point software to get it to respond to probe requests not just for itself but for any ESSID requested. Defcon Russia (DCG #7812) 7
  • 8. Equalness = Defcon Russia (DCG #7812) 8
  • 9. But • 93 x 70 x 26mm • 74g and 100 $... Defcon Russia (DCG #7812) 9
  • 10. money - not so important Defcon Russia (DCG #7812) 10
  • 12. Usage - As a home router - As a tool for penetration testing - As an energy independent network spy Defcon Russia (DCG #7812) 12
  • 13. Some statistics • Location: Big Mall, Food Court • Wi-Fi SSID – ‘Ne_podkluchaytes_k_etoy_to4ke’ • Action: Respond to all probe request. Disconnect. Ignore MAC next time. Defcon Russia (DCG #7812) 13
  • 14. Over 9000…. P.S. Over 100 Defcon Russia (DCG #7812) 14
  • 15. More interesting ~ 189 minutes Defcon Russia (DCG #7812) 15
  • 16. More interesting • Mobile Juice pack ~ More than 6 hours Defcon Russia (DCG #7812) 16
  • 17. And what if? Defcon Russia (DCG #7812) 17
  • 18. Other stuff • More than 20 add-ons (modules) • Build in web/dns/ssh services • tcpdump/air*/ettercap/sslstrip Defcon Russia (DCG #7812) 18
  • 19. Cover story: fairy tale Defcon Russia (DCG #7812) 19
  • 20. Cover story: legendary legend Defcon Russia (DCG #7812) 20
  • 21. Cover story: box location Defcon Russia (DCG #7812) 21
  • 22. Cover story: box location Defcon Russia (DCG #7812) 22
  • 23. Cover story: packing the box • Pelican boxes – the best choice Defcon Russia (DCG #7812) 23
  • 24. Cover story: setting up environment • Setting up SSH tunnel • … • Do the stuff Defcon Russia (DCG #7812) 24
  • 25. Cover story: Catch me if you can • Wipe all shit! + Defcon Russia (DCG #7812) 25
  • 26. Bonus track: Wipe video Defcon Russia (DCG #7812) 26
  • 27. Bonus track: Wipe Defcon Russia (DCG #7812) 27
  • 28. Thanks for your attention! @ygoltsev ygoltsev@ptsecuity.ru Defcon Russia (DCG #7812) 28