Last Thursday at the Ohio Information Security Conference I gave a presentation on attacking and defending wireless clients. The first half of this presentation focused on the various attacks that can be launched against wireless clients. During this section I cover basic attacks such as sniffing unencrypted traffic and moved up to more advanced attacks using tools such as Jasager and Karmetasploit. The second part of the talk covered how to protect wireless clients from these attacks. The slides from the presentation can be found here.
Here are the slides from my "Radio Reconnaissance in Penetration Testing: All Your RF Are Belong to Us" presentation that I gave at ShmooCon last weekend. Sadly the video appears to of been lost. If the video turns up I will post it.
Remember to watch this blog for a series of blog posts on this topic!
My speaking schedule has taken off this year. Right now I have six talks schedule for the first half of 2009, three of them this Wednesday! Plus I have a couple of CFPs which I am waiting to hear back on. To make it easier for folks to track my speaking schedule I added an Upcoming Presentations section on the Presentations Page. Here is my scheduled for the next few months:
- February 18th - Cutting Edge Web Application Security Attacks - Lunch and Learn hosted by Peak 10 in Cincinnati Ohio - E-Mail Me for More Information
- February 18th - Tool Talk: Pass the Hash - NEO InfoSec Forum in Cleveland Ohio - More Info
- February 18th - Overview of ShmooCon - NEO InfoSec Forum in Cleveland Ohio - More Info
- March 12th - Client-Side Wireless Attacks and Defenses - Ohio Information Security Conference in Dayton Ohio - Registration Information
- April 16th - 19th - Notacon Mythbusters: Is Personal Data Stored on Hotel Keys? Using Magstripe Analysis Tools to Discover the Answer - Notacon in Cleveland Ohio - Registration Information
- May 5th - Wireless Security Issues with Hands-on Lab on Auditing Wireless - Pittsburgh Chapter of ISSA in Pittsburgh PA - More Info
If you are at any of these events please come up and to say "hi". I always love to meet my readers in person!
If you were at ShmooCon and saw someone running around in a black kilt that was probably yours truly. For those that asked the kilt I was wearing is the Original by Utilikilt. If you want to experience a new level of freedom be sure to stop by the Utilikilt store next time you are in Seattle. You will not be disappointed.
As always ShmooCon was a blast. It was wonderful to meet everyone! The podcaster meetup was a lot of fun. Before the meetup Dave and I had a chance to make some Security Bats of Justice (TM) and try them out in a duel! If you are wondering Dave solidly that match. That man is dangerous with inflatable toys!
Of course there were also some great talks at this years ShmooCon. If you are in the Cleveland area and would like to hear a first hand review them stop by next week's NEO InfoSec Forum meeting. At next week's meeting I'll actually be doing two presentations. One will be an overview of ShmooCon and the other will cover the Pass-the-Hash Toolkit. Of course after the NEO InfoSec Forum meeting we're going to head over to Mavis Winkle's Irish Pub to record the Security Justice Podcast.
Due to some last minute scheduling changes my "Radio Reconnaissance in Penetration Testing - All Your RF Are Belong to Us" talk will be presented at this years ShmooCon! The presentation is schedule for 10:00 AM Saturday morning in the "Bring It On!" track. I have gotten a lot of questions about what my talk covers, so here's some more information on it starting with the abstract:
Tired of boring old pentests where the only wireless traffic you see if 802.11 and maybe a little Bluetooth? With this amazing new invention, the radio, your eavesdropping options can be multiplied! Come to this talk to learn techniques for discovering, monitoring and exploiting a wide array of radio traffic with real world examples illustrating how these techniques have been used to gather information on a target's physical security, personnel and standard operating procedures.
When doing a penetration test how many radios do you see at the client's site? Do they use cordless phones or wireless headsets? Do their guards and maintenance staff carry radios? Even wonder what other radios they might have and what you might learn by monitoring them? This talk will answer these questions. I will go over how to profile a site to find frequencies to monitor, select the right equipment to monitor these transmissions and what information can be gained using these techniques. The bulk of the talk will focus on a couple of real life examples where I step through how these techniques have been applied during penetration test to gather information about the target organization.
Only so much information can be covered during an hour long talk and this is a fairly new area to a lot of pentesters. Because this, I'm also going to do a series of blog posts providing the details on monitoring radio traffic during penetration tests. Through these blog posts I will cover all the details needed to select the right hardware, profile a site, monitor the target and put the information gather to use on a pentest! I will also discuss how to protect your organization from these attacks and what steps you can take to audit your environment for wireless security risks. All posts related to this will have the Radio Reconnaissance category attached to them. Fair warning this series will not get my full attention until I finish up my series on magstripe analysis.
If you are going to be at ShmooCon please come up and say hi. I would love to meet all my readers.