There is an ever-increasing trend with Internet Service Providers of all sizes providing open wireless hotspots nationwide, many of which are bridged off of existing customers personal access points and others are made available through restaurants, hotels, and other businesses. Many of these guest networks have recently spurred discussion within the security community over the insecurity of open access points in general and the ethics of their deployment methods. The talk will cover the many gaping insecurities of wireless hotspots and dive in to how these can be leveraged to attack clients, gain free Internet access, hijack accounts, steal sensitive information, and more. This will progress into how web penetration testers can leverage their existing skill-sets to design, build, and deploy malicious targeted access points. All of the attacks that will be demonstrated live during the talk can be deployed on various platforms, making it easy for the audience to reproduce regardless of hardware available.
Greg Foss is a Senior Security Research Engineer with the LogRhythm Labs Threat Intelligence Team, where he focuses on developing defensive strategies, tools, and methodologies to counteract advanced attack scenarios. He has nearly a decade of experience in the Information Security industry with an extensive background in Security Operations; focusing on Penetration Testing and Web Application Security. Greg currently runs the Incident Response and Red Team practices at LogRhythm and holds multiple industry certifications including the OSCP, GAWN, GPEN, GWAPT, GCIH, and C|EH, among others.