SniffAir – An Open-Source Framework for Wireless Security Assessments

DerbyCon 7.0 - Legacy

Presented by: Steven Darracott, Matthew Eidelberg
Date: Sunday September 24, 2017
Time: 12:00 - 12:50
Location: Track 3 - Teach Me

SniffAir is an open-source wireless security framework. Its primary purpose is to provide pentesters, systems admins, or others eager about wireless security a way to collect, manage, and analyze wireless traffic. SniffAir was born out of the hassle of managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws or malicious traffic.

We created SniffAir to collect all the traffic broadcasted, grouping them by Client or Access Point. SniffAir can be instructed to parse the information based on rules created by the user. These rules help define the scope. Using these rules, SniffAir moves the in-scope data to a new set of tables, allowing the framework to compare against the original table for anomalies. The user can then perform queries, which display the information required in a clear and concise manner – perfect for facilitating attacks.

Matthew Eidelberg

Matthew Eidelberg is a husband, father, and big security fanatic. Matthew works as a Security Consultant on Optiv’s Attack and Penetration team. Matthew’s primary role is to conduct security penetration testing and red teaming assessments for Optiv’s clients, while also developing detailed remediation procedures in order to provide the best value to Optiv’s clients. Previously, Matthew worked as a Security Consultant for the Herjavec Group in Canada, providing the same type of work for clients in Canada, the United States and Asia. Matthew received his Bachelor of Technology in Informatics and Security, Seneca@York University in 2012 and was certified as an Offensive Security Certified Professional in March of 2015. @Tyl0us

Steven Darracott


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats