Just a Reminder….
I am giving away a FREE copy of “Wireless Hacking Exposed”. All you have to do is submit a comment to the post about the book stating your favorite wireless pen testing tip or trick. Technical or non-technical.
I am going to choose the best comment at the close of business tomorrow (July 1st). There are only two submissions right now, so if you enter with less than 24 hours left, I’d say that you have a decent chance of winning. 🙂
Here are even a few ideas to get you started:
- What’s your favorite wireless card for pen testing? Why?
- What’s the best application / piece of software for wireless pen testing? Why?
- What a common myth about wireless security that you can dispel through pen testing?
- Tell me about your favorite pen testing experience. (Mine is below….)
Personally, my favorite part of wireless pen testing is social engineering. For example, one time I was assigned to do a security assessment for an oil & gas company. I targeted the IT department of the company, figuring the report would hit home if it contained *their* passwords, sensitive data, etc.
The IT department of this company was on the 5th and 6th floors of a multistory building. Part of the social engineering I utilized was implemented when I checked into my hotel for the project. You see, the hotel I checked into was in a building adjacent to my customer / target. When I checked in, I specifically requested a room on the side of the building closest to “ABC Company”, that had a balcony, and was on either the 5th or 6th floor. Do you think the hotel clerk hesitated one second before they fulfilled my request? Of course not.
On top of that, when I checked into my room, I set up 2 different computers, each with multiple wireless cards, spectrum analyzers, and external antenna connected to them. Even to the point where I had a tripod mounted -13.5 dB Yagi antenna with a laser pointer on the balcony pointed at my customer / target company. The maids came in and out of my room, and if anyone ever said anything, it certainly wasn’t filtered back to me.
Could I still have done the pen test without this? Yes. But did having this location make it more convenient to collect packets, circumvent authentication & encryption, redirect/attack wireless clients, etc.? Of course it did.