Due to some last minute scheduling changes my "Radio Reconnaissance in Penetration Testing - All Your RF Are Belong to Us" talk will be presented at this years ShmooCon!  The presentation is schedule for 10:00 AM Saturday morning in the "Bring It On!" track.  I have gotten a lot of questions about what my talk covers, so here's some more information on it starting with the abstract:

Tired of boring old pentests where the only wireless traffic you see if 802.11 and maybe a little Bluetooth? With this amazing new invention, the radio, your eavesdropping options can be multiplied! Come to this talk to learn techniques for discovering, monitoring and exploiting a wide array of radio traffic with real world examples illustrating how these techniques have been used to gather information on a target's physical security, personnel and standard operating procedures.

When doing a penetration test how many radios do you see at the client's site?  Do they use cordless phones or wireless headsets?  Do their guards and maintenance staff carry radios?  Even wonder what other radios they might have and what you might learn by monitoring them?  This talk will answer these questions.  I will go over how to profile a site to find frequencies to monitor, select the right equipment to monitor these transmissions and what information can be gained using these techniques.  The bulk of the talk will focus on a couple of real life examples where I step through how these techniques have been applied during penetration test to gather information about the target organization.

Only so much information can be covered during an hour long talk and this is a fairly new area to a lot of pentesters.  Because this, I'm also going to do a series of blog posts providing the details on monitoring radio traffic during penetration tests.  Through these blog posts I will cover all the details needed to select the right hardware, profile a site, monitor the target and put the information gather to use on a pentest!  I will also discuss how to protect your organization from these attacks and what steps you can take to audit your environment for wireless security risks.  All posts related to this will have the Radio Reconnaissance category attached to them.  Fair warning this series will not get my full attention until I finish up my series on magstripe analysis.

If you are going to be at ShmooCon please come up and say hi.  I would love to meet all my readers.