Archive for the ‘wireless security assessment’ Tag

Just a Reminder….

I am giving away a FREE copy of “Wireless Hacking Exposed”.  All you have to do is submit a comment to the post about the book stating your favorite wireless pen testing tip or trick.  Technical or non-technical.

I am going to choose the best comment at the close of business tomorrow (July 1st).  There are only two submissions right now, so if you enter with less than 24 hours left, I’d say that you have a decent chance of winning.  🙂

Here are even a few ideas to get you started:

  • What’s your favorite wireless card for pen testing?  Why?
  • What’s the best application / piece of software for wireless pen testing?  Why?
  • What a common myth about wireless security that you can dispel through pen testing?
  • Tell me about your favorite pen testing experience.  (Mine is below….)

Personally, my favorite part of wireless pen testing is social engineering.  For example, one time I was assigned to do a security assessment for an oil & gas company.  I targeted the IT department of the company, figuring the report would hit home if it contained *their* passwords, sensitive data, etc.

The IT department of this company was on the 5th and 6th floors of a multistory building.  Part of the social engineering I utilized was implemented when I checked into my hotel for the project.  You see, the hotel I checked into was in a building adjacent to my customer / target.  When I checked in, I specifically requested a room on the side of the building closest to “ABC Company”, that had a balcony, and was on either the 5th or 6th floor.  Do you think the hotel clerk hesitated one second before they fulfilled my request?  Of course not.

On top of that, when I checked into my room, I set up 2 different computers, each with multiple wireless cards, spectrum analyzers, and external antenna connected to them.  Even to the point where I had a tripod mounted -13.5 dB Yagi antenna with a laser pointer on the balcony pointed at my customer / target company.  The maids came in and out of my room, and if anyone ever said anything, it certainly wasn’t filtered back to me.

Could I still have done the pen test without this?  Yes.  But did having this location make it more convenient to collect packets, circumvent authentication & encryption, redirect/attack wireless clients, etc.?  Of course it did.


Back|Track 4 Beta Public Release

While I don’t do it nearly as much as I used to, Wireless Security Assessments and Penetration Testing are favorite activities of mine.  When I first started learning, I took a course by The Shmoo Group’s Beetle (Don Baily) at DallasCON as well as one of the first versions of the SANS “Wireless Ethical Hacking, Pen Tests, and Defenses” (which was then called “Assessing and Securing Wireless Networks”).  The SANS course was taught by Joshua Wright.  In both of these courses, we used a Linux distro called “Auditor”.  The Auditor security collection was the pre-cursor to Back|Track, and it contained many of the more popular tools for wireless assessments to include Kismet, Aircrack, and others.

At any rate, Back|Track has now grown to over 300 tools, to include CoWPAtty (to crack WPA-PSKs), Karma & Hotspotter (to attack client side vulnernabilities), and CarWhisperer & Red Fang (which address Bluetooth).  The newest beta version, Back|Track 4, has just been released to the public today.  I suggest you view the Back|Track 4 blog posting, which contains links to download the .iso file.

A quick word to the wise – the difference between an Ethical Hacker and a criminal is permission.  Be sure you have written permission before you assess any organization with these tools.  That being said, happy hacking!

Speaking Engagement – Webinar on 1/26 at 9AM PST

OK, I promised to give more notice on future speaking engagements.  I am giving a Webinar on “Wireless Security Assessments” on Monday, 1/26 at 9AM PST.

Below is information about the presentation, including the link to attend along with a session description.

Webcast Live Date & Time: 9:00am JAN 26 2009 United States – Los Angeles

Duration: 45 mins

Session Description – Wireless Security Assessments

Our speaker, Douglas Haider, will be presenting on the unique challenges inherent to assessing and securing wireless networks. With the recent reduction in costs of wireless equipment, it has become increasingly common for companies to implement wireless technology.  Companies may desire the convenience that wireless technologies provide, but may not appreciate the security risks inherent to these systems.  Adding wireless equipment to the corporate network adds a significant amount of additional risk to the I.T. infrastructure.  Mr. Haider will cover some of the key tools and methodologies for identifying and mitigating these risks.