Archive for the ‘Joshua Wright’ Tag
Shmoocon 2011 Announced
The dates for Shmoocon 2011 were recently announced. The annual East-coast hackers convention will be held January 28th – 30th (Friday, Saturday, Sunday) 2011.
It appears that the convention will take place at a different venue this year, the Washington Hilton Hotel. As a Platinum Marriott member, I am a little disappointed that it won’t take place at the Wardman Park Marriott as it had in years past.
If I could tell you one thing, it’s that attendance to this event sells out FAST (literally, within minutes), so keep watching the Shmoocon website on dates and times to get your tickets. You will have to jump on them immediately. That being said, the majority of the weekend passes are usually available for around $75, so it’s not hard to see why they sell out so fast.
One of the best things about Shmoocon is the high quality speakers they bring in each year. Speakers that have stuck out to me in the past include Joshua Wright and Simple Nomad.
Besides the quality content, another great reason to attend is that it is FUN. They have lots of ancillary activities to include a “Hack or Halo” contest (hackers compete in a capture the flag contest and gamers participate in a Halo contest on the XBox 360), as well as an off-site party.
Bottom line, Shmoocon is definitely worth both your time and your money.
Just a Reminder….
I am giving away a FREE copy of “Wireless Hacking Exposed”. All you have to do is submit a comment to the post about the book stating your favorite wireless pen testing tip or trick. Technical or non-technical.
I am going to choose the best comment at the close of business tomorrow (July 1st). There are only two submissions right now, so if you enter with less than 24 hours left, I’d say that you have a decent chance of winning. 🙂
Here are even a few ideas to get you started:
- What’s your favorite wireless card for pen testing? Why?
- What’s the best application / piece of software for wireless pen testing? Why?
- What a common myth about wireless security that you can dispel through pen testing?
- Tell me about your favorite pen testing experience. (Mine is below….)
Personally, my favorite part of wireless pen testing is social engineering. For example, one time I was assigned to do a security assessment for an oil & gas company. I targeted the IT department of the company, figuring the report would hit home if it contained *their* passwords, sensitive data, etc.
The IT department of this company was on the 5th and 6th floors of a multistory building. Part of the social engineering I utilized was implemented when I checked into my hotel for the project. You see, the hotel I checked into was in a building adjacent to my customer / target. When I checked in, I specifically requested a room on the side of the building closest to “ABC Company”, that had a balcony, and was on either the 5th or 6th floor. Do you think the hotel clerk hesitated one second before they fulfilled my request? Of course not.
On top of that, when I checked into my room, I set up 2 different computers, each with multiple wireless cards, spectrum analyzers, and external antenna connected to them. Even to the point where I had a tripod mounted -13.5 dB Yagi antenna with a laser pointer on the balcony pointed at my customer / target company. The maids came in and out of my room, and if anyone ever said anything, it certainly wasn’t filtered back to me.
Could I still have done the pen test without this? Yes. But did having this location make it more convenient to collect packets, circumvent authentication & encryption, redirect/attack wireless clients, etc.? Of course it did.
FREE Copy of “Wireless Hacking Exposed”
There has been a thread going on the WiFiSec mailing list at SecurityFocus the past couple days about Wi-Fi testing on a Mac.
My friend and colleague, Joshua Wright weighed in with his tremendous expertise with the following post:
Johnny Cache, Vinnie Liu and I are just putting the finishing touches on
Hacking Exposed Wireless, 2nd Edition. It’s available for pre-order on
Amazon, and should be shipping in the middle of July (http://amzn.to/d4D2SU). In this fully-revised book we present step-by-step help for implementing multiple attacks against 802.11, Bluetooth, ZigBee and DECT, with countermeasures for each attack.
Pertinent to this discussion is Johnny’s chapter “Bridging the Airgap on
OS X” where he illustrated an example of compromising a remote OS X box
and leveraging it to attack local wireless networks. In this discussion
he talks about the OS X “airport” utility.
The airport utility is located at
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport.
In 10.6 systems, you can use this tool to initiate a monitor-mode
packet capture saving to a libpcap file, as well as active scanning and
other interesting functions. During a packet capture with the airport
utility, the Airport icon on the task bar will turn into what we decided
is the “Eye of Sauron”.
While Windows Vista and 7 have native monitor-mode support in drivers,
there are no native tools, forcing us to rely on the NetMon package.
Fortunately with OS X, we have the native airport utility.
Some of Johnny’s scripts and tools from this chapter have been put
online at www.hackingexposedwireless.com. I’ll continue to post
materials there this week, as well as the free online chapters providing
in-depth analysis of 802.11, Bluetooth (including attacks against
Simple, Secure Pairing) and RF fundamentals.
–Josh
I can tell you from taking Josh’s Wireless Ethical Hacking, Penetration Testing, and Defenses course through the SANS Institute, that he *definitely* knows his stuff, and therefore, this book is a must read.
I think this book is such a must read, that I am giving away a copy for FREE. Leave a comment with your best Wi-Fi Pentesting Tip. I’ll choose the best one a week from today (July 1st) and I’ll pre-order this book on your behalf.