BYOD PEAP Show

DEF CON 21

Presented by: Josh Yavor
Date: Sunday August 04, 2013
Time: 15:00 - 15:45
Location: Track 3
Track: Track 3

The onslaught of Bring Your Own Device(s) in recent years places a new focus on the security of wireless networks. In "The BYOD PEAP Show", Josh Yavor explores fundamental flaws in one of the most common and widely supported 802.1x authentication protocols used by countless corporate WPA2-Enterprise networks today. A series of events in the recent past created a situation in which PEAP can no longer be used safely. In this talk, we will re-trace this path and investigate how the combination of BYOD, new technology and new tools led to this situation. A live demonstration with audience participation will punctuate the danger of supporting PEAP. Attendees will leave with an understanding of the underlying flaws, methods of exploitation, a set of tools and most importantly, how to secure WPA2-Enterprise networks that currently support PEAP. A new tool, peapshow, will be released after DEF CON and will make testing and exploitation of this issue truly trivial.

Besides, this is DEF CON. Someone has to mess with the WiFi.

Josh Yavor

Josh Yavor (@schwascore) is a Security Engineer at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Josh specializes in web application security and network penetration testing. Josh holds a MS in Computer, Information and Network Security from DePaul University. At DePaul, he focused on network security while also developing an interest in incident response and SCADA/ICS. Prior to working at iSEC, Josh operated an independent IT consulting and managed services business with a special focus on security related projects.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats