Wireless Pentesting: So Easy a Cave Man Can Do It

DEF CON 23

Presented by: Cyb3r-Assassin
Date: Friday August 07, 2015
Time: 00:00 - 00:00
Location:

Chris will discuss wireless penetration testing using the network management suite he has written called n4p. N4p takes the pain away from system network device management during wireless pentests (WPA2 WPS) and the lengthy command memorization while bringing the ease of a highly modularized framework based design for efficient offensive tasks.

N4p incorporates hashcat for cracking pcap handshakes by converting pcaps to hcaps and running your pre defined rules. Wireless enterprise radius hacking with hostapd is also included. N4p also brings you the only solution for more incognito minded individuals by controlling your VPN and device bridges on the fly. By doing this we provide your MITM attacks with a strong attack base you could take nearly anywhere from SSLstrip to pulling off elaborate phishing with SET and redirection in iptables.

N4p provides you with a well planned out comprehensive iptables base script that provides adapter and port limitations out of the box for your rogue AP. You could restrict your victim's activity onto specific ports for easy of monitor/sniffing and be alerted real time with the ip of any new victims connecting.

Cyb3r-Assassin

In 2000, Chris released his first commercial app, Advanced Timer, which was the most widely adopted time candle chart utility in the commodities day trading practice in the early 2000s. Chris also developed the first Instant Messaging proxy platform for the AIM protocol in 2001. These applications were designed as early remote social engineering tools functioning as communication drop bots and incognito mail platforms. In 2007, Chris was an early adopter of smart phone development where he built custom ROMs for the windows PPC platform. More recently, Chris has spent time working in cryptography with the goal of ensuring the protection of sensitive information no matter where it travels, and focusing on internal IT architectural and administration vulnerabilities. Chris's passion for network intrusion and coding expertise led him to develop a comprehensive framework for wireless network intrusion, N4P, which is featured in the repository of Pentoo Linux. In addition to his technical expertise, Chris is a noted writer, and was recognized as a finalist for best new security blogger by the Security Bloggers Council at the 2014 RSA Security conference. Chris has also enjoyed speaking at national security events. Prior to his career in InfoSec, Chris spent 11 years at a national level and 8 as professional competitor in Motocross before retiring as a competitor to focus on his InfoSec career. He still serves as a mentor and trainer in the motocross community.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats