DEF CON 22 [Materials] Speeches from the Hacker Convention.
DEF CON
113 episodes
8 months ago
The DEF CON series of hacking conferences were started in 1993 to focus on both the technical and social trends in hacking, and has grown to be world known event. Video, audio and supporting materials from past conferences are available on our new media server at: https://media.defcon.org
All content for DEF CON 22 [Materials] Speeches from the Hacker Convention. is the property of DEF CON and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
The DEF CON series of hacking conferences were started in 1993 to focus on both the technical and social trends in hacking, and has grown to be world known event. Video, audio and supporting materials from past conferences are available on our new media server at: https://media.defcon.org
Dominic White and Ian de Villiers - Manna from Heaven: Improving the state of wireless rogue AP attacks
DEF CON 22 [Materials] Speeches from the Hacker Convention.
10 years ago
Dominic White and Ian de Villiers - Manna from Heaven: Improving the state of wireless rogue AP attacks
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/White-deVilliers/DEFCON-22-Dominic-White-Ian-de-Villiers-Manna-from-Heaven-Detailed-UPDATED.pdf
Manna from Heaven: Improving the state of wireless rogue AP attacks
Dominic White CTO, SENSEPOST
Ian de Villiers SENIOR ANALYST, SENSEPOST
The current state of theoretical attacks against wireless networks should allow this wireless world to be fully subverted for all but some edge cases. Devices can be fooled into connecting to spoofed networks, authentication to wireless networks can either be cracked or intercepted, and our ability to capture credentials at a network level has long been established. Often, the most significant protection users have are hitting the right button on an error message they rarely understand. Worse for the user, these attacks can be repeated per wireless network allowing an attacker to target the weakest link.
This combination of vulnerable and heavily used communications should mean that an attacker needs just arrive at a location and setup for credentials and access to start dropping from the sky. However, the reality is far from this; karma attacks work poorly against modern devices, network authentication of the weakest sort defeats rogue APs and interception tools struggle to find useful details.
This talk is the result of our efforts to bring rogue AP attacks into the modern age. The talk will provides details of our research into increasing the effectiveness of spoofing wireless networks, and the benefits of doing so (i.e. gaining access). It includes the release of a new rogue access point toolkit implementing this research.
Dominic is the CTO of SensePost, an information security company based in South Africa and London. He has worked in the industry for 10 years. He is responsible for SensePost's wireless hacking course, Unplugged. He tweets as @singe.
Ian de Villiers is a security analyst at SensePost. Coming from a development background, his areas of expertise are in application and web application assessments. Ian has spent considerable time researching application frameworks, and has published a number of advisories relating to portal platforms. He has also provided security training and spoken at security conferences internationally.
Ian previously published numerous tools, such as reDuh http://research.sensepost.com/tools/web/reduh, but more recently, SapProxy http://research.sensepost.com/cms/resources/tools/servers/sapprox/44con_2011_release.pdf
DEF CON 22 [Materials] Speeches from the Hacker Convention.
The DEF CON series of hacking conferences were started in 1993 to focus on both the technical and social trends in hacking, and has grown to be world known event. Video, audio and supporting materials from past conferences are available on our new media server at: https://media.defcon.org
