Archive for the ‘Joshua Wright’ Tag

Shmoocon 2011 Announced

The dates for Shmoocon 2011 were recently announced.  The annual East-coast hackers convention will be held January 28th – 30th (Friday, Saturday, Sunday)  2011.

It appears that the convention will take place at a different venue this year, the Washington Hilton Hotel.  As a Platinum Marriott member, I am a little disappointed that it won’t take place at the Wardman Park Marriott as it had in years past.

If I could tell you one thing, it’s that attendance to this event sells out FAST (literally, within minutes), so keep watching the Shmoocon website on dates and times to get your tickets.  You will have to jump on them immediately.  That being said, the majority of the weekend passes are usually available for around $75, so it’s not hard to see why they sell out so fast.

One of the best things about Shmoocon is the high quality speakers they bring in each year.  Speakers that have stuck out to me in the past include Joshua Wright and Simple Nomad.

Besides the quality content, another great reason to attend is that it is FUN.  They have lots of ancillary activities to include a “Hack or Halo” contest (hackers compete in a capture the flag contest and gamers participate in a Halo contest on the XBox 360), as well as an off-site party.

Bottom line, Shmoocon is definitely worth both your time and your money.

Just a Reminder….

I am giving away a FREE copy of “Wireless Hacking Exposed”.  All you have to do is submit a comment to the post about the book stating your favorite wireless pen testing tip or trick.  Technical or non-technical.

I am going to choose the best comment at the close of business tomorrow (July 1st).  There are only two submissions right now, so if you enter with less than 24 hours left, I’d say that you have a decent chance of winning.  🙂

Here are even a few ideas to get you started:

  • What’s your favorite wireless card for pen testing?  Why?
  • What’s the best application / piece of software for wireless pen testing?  Why?
  • What a common myth about wireless security that you can dispel through pen testing?
  • Tell me about your favorite pen testing experience.  (Mine is below….)

Personally, my favorite part of wireless pen testing is social engineering.  For example, one time I was assigned to do a security assessment for an oil & gas company.  I targeted the IT department of the company, figuring the report would hit home if it contained *their* passwords, sensitive data, etc.

The IT department of this company was on the 5th and 6th floors of a multistory building.  Part of the social engineering I utilized was implemented when I checked into my hotel for the project.  You see, the hotel I checked into was in a building adjacent to my customer / target.  When I checked in, I specifically requested a room on the side of the building closest to “ABC Company”, that had a balcony, and was on either the 5th or 6th floor.  Do you think the hotel clerk hesitated one second before they fulfilled my request?  Of course not.

On top of that, when I checked into my room, I set up 2 different computers, each with multiple wireless cards, spectrum analyzers, and external antenna connected to them.  Even to the point where I had a tripod mounted -13.5 dB Yagi antenna with a laser pointer on the balcony pointed at my customer / target company.  The maids came in and out of my room, and if anyone ever said anything, it certainly wasn’t filtered back to me.

Could I still have done the pen test without this?  Yes.  But did having this location make it more convenient to collect packets, circumvent authentication & encryption, redirect/attack wireless clients, etc.?  Of course it did.

FREE Copy of “Wireless Hacking Exposed”

There has been a thread going on the WiFiSec mailing list at SecurityFocus the past couple days about Wi-Fi testing on a Mac.

My friend and colleague, Joshua Wright weighed in with his tremendous expertise with the following post:

Johnny Cache, Vinnie Liu and I are just putting the finishing touches on

Hacking Exposed Wireless, 2nd Edition. It’s available for pre-order on

Amazon, and should be shipping in the middle of July (http://amzn.to/d4D2SU). In this fully-revised book we present step-by-step help for implementing multiple attacks against 802.11, Bluetooth, ZigBee and DECT, with countermeasures for each attack.

Pertinent to this discussion is Johnny’s chapter “Bridging the Airgap on

OS X” where he illustrated an example of compromising a remote OS X box

and leveraging it to attack local wireless networks. In this discussion

he talks about the OS X “airport” utility.

The airport utility is located at

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport.

In 10.6 systems, you can use this tool to initiate a monitor-mode

packet capture saving to a libpcap file, as well as active scanning and

other interesting functions. During a packet capture with the airport

utility, the Airport icon on the task bar will turn into what we decided

is the “Eye of Sauron”.

While Windows Vista and 7 have native monitor-mode support in drivers,

there are no native tools, forcing us to rely on the NetMon package.

Fortunately with OS X, we have the native airport utility.

Some of Johnny’s scripts and tools from this chapter have been put

online at www.hackingexposedwireless.com. I’ll continue to post

materials there this week, as well as the free online chapters providing

in-depth analysis of 802.11, Bluetooth (including attacks against

Simple, Secure Pairing) and RF fundamentals.

–Josh

I can tell you from taking Josh’s Wireless Ethical Hacking, Penetration Testing, and Defenses course through the SANS Institute, that he *definitely* knows his stuff, and therefore, this book is a must read.

I think this book is such a must read, that I am giving away a copy for FREE.  Leave a comment with your best Wi-Fi Pentesting Tip. I’ll choose the best one a week from today (July 1st) and I’ll pre-order this book on your behalf.