Andrés Blanco

WIG (Wi-Fi Information Gathering) is a free and open source (GPLv3) utility for IEEE 802.11 device fingerprinting. WIG uses Wi-Fi network interfaces that s monitor mode to obtain information on nearby devices with Wi-Fi . The tool s vendors proprietary protocols such as Apple AirDrop/AirPlay, Cisco Client eXtensions, Wi-Fi Protected Setup (WPS) and Wi-Fi Direct. Using these protocols the tool is able to find and fingerprint potential Wi-Fi targets that other tools are not… Mostrar más

WIG (Wi-Fi Information Gathering) is a free and open source (GPLv3) utility for IEEE 802.11 device fingerprinting. WIG uses Wi-Fi network interfaces that s monitor mode to obtain information on nearby devices with Wi-Fi . The tool s vendors proprietary protocols such as Apple AirDrop/AirPlay, Cisco Client eXtensions, Wi-Fi Protected Setup (WPS) and Wi-Fi Direct. Using these protocols the tool is able to find and fingerprint potential Wi-Fi targets that other tools are not able to find. The tool output it's useful on the threat modeling phase during wi-fi penetration testing or to find potential targets during a network assessment. Mostrar menos

Today Wi-Fi is everywhere and is by far the most widely used wireless networking protocol. During the last years, Wi-Fi security research was mainly focused on WPA/WPA2 security mechanisms. But modern Wi-Fi firmware's and drivers several protocols that could be targeted by attackers. This is the case of Wi-Fi P2P, also known as Wi-Fi Direct. This protocol provides with the ability to discover nearby devices and connect directly to each other via Wi-Fi without an intermediate access… Mostrar más

Today Wi-Fi is everywhere and is by far the most widely used wireless networking protocol. During the last years, Wi-Fi security research was mainly focused on WPA/WPA2 security mechanisms. But modern Wi-Fi firmware's and drivers several protocols that could be targeted by attackers. This is the case of Wi-Fi P2P, also known as Wi-Fi Direct. This protocol provides with the ability to discover nearby devices and connect directly to each other via Wi-Fi without an intermediate access point.

This talk will present an in-depth security analysis of Wi-Fi Direct protocol including an architectural overview, description of the discovery process, description of the connection process and a description of the frame formats. Additionally, we will use Android, HP Printers, and Samsung Smart TVs among others as an example of vulnerable implementations. At the end of the presentation, we will release PoC for the vulnerabilities and a tool for fingerprinting devices ing Wi-Fi Direct protocol. Mostrar menos

Over the last few years, IEEE 802.11 standard for wireless connectivity usage has turned massive. Wireless devices are everywhere, from your smartphone to the printer that is in your office. IEEE 802.11 standard has many versions and 3rd party extensions bringing new features that add complexity to the protocol. Modern devices several specifications such as Cisco Client Extensions, WiFi Protected Setup, WiFi Direct, AirPlay and AirDrop (just to mention a couple of them). This complexity… Mostrar más

Over the last few years, IEEE 802.11 standard for wireless connectivity usage has turned massive. Wireless devices are everywhere, from your smartphone to the printer that is in your office. IEEE 802.11 standard has many versions and 3rd party extensions bringing new features that add complexity to the protocol. Modern devices several specifications such as Cisco Client Extensions, WiFi Protected Setup, WiFi Direct, AirPlay and AirDrop (just to mention a couple of them). This complexity makes platform implementations more intricate, opening opportunities for attackers. This presentation will show how attackers could use these specifications to fingerprint devices, abuse of bad implementations to access devices and get internal network information without even connecting to the network. Mostrar menos

Over the last few years, IEEE 802.11 standard for wireless connectivity usage has turned massive. Wireless devices are everywhere, from your smartphone to the printer that is in your office.

IEEE 802.11 standard has many versions and 3rd party extensions bringing new features that add complexity to the protocol. Modern devices several specifications such as Cisco Client Extensions, WiFi Protected Setup, WiFi Direct, AirPlay and AirDrop (just to mention a couple of them). This… Mostrar más

Over the last few years, IEEE 802.11 standard for wireless connectivity usage has turned massive. Wireless devices are everywhere, from your smartphone to the printer that is in your office.

IEEE 802.11 standard has many versions and 3rd party extensions bringing new features that add complexity to the protocol. Modern devices several specifications such as Cisco Client Extensions, WiFi Protected Setup, WiFi Direct, AirPlay and AirDrop (just to mention a couple of them). This complexity makes platform implementations more intricate, opening opportunities for attackers.

This presentation will show how attackers could use these specifications to fingerprint devices, abuse of bad implementations to access devices and get internal network information without even connecting to the network. Mostrar menos

Over the last few years, IEEE 802.11 standard for wireless connectivity usage has turned massive. Wireless devices are everywhere, from your smartphone to the printer that is in your office. As a matter of fact, all connected devices have proliferated at an incredible rate.

IEEE 802.11 standard has many versions and 3rd party extensions bringing new features that add complexity to the protocol. This complexity makes platform implementations and drivers more intricate, opening… Mostrar más

Over the last few years, IEEE 802.11 standard for wireless connectivity usage has turned massive. Wireless devices are everywhere, from your smartphone to the printer that is in your office. As a matter of fact, all connected devices have proliferated at an incredible rate.

IEEE 802.11 standard has many versions and 3rd party extensions bringing new features that add complexity to the protocol. This complexity makes platform implementations and drivers more intricate, opening opportunities for attackers.

This presentation will show how attackers could use these features to fingerprint devices, abuse bad implementations to access devices with no credentials and how researchers could analyze 802.11 implementations on platforms such as Android and iOS for bug hunting. Mostrar menos

Wireless traffic analysis has been commonplace for quite a while now, frequently used in penetration testing and various areas of research. But what happens when channel hopping just doesn't cut it anymore -- can we monitor all 802.11 channels?

In this presentation we describe the analysis, different approaches and the development of a system to monitor and inject frames using routers running OpenWRT as wireless workers. At the end of this presentation we will release the tool we used to… Mostrar más

Wireless traffic analysis has been commonplace for quite a while now, frequently used in penetration testing and various areas of research. But what happens when channel hopping just doesn't cut it anymore -- can we monitor all 802.11 channels?

In this presentation we describe the analysis, different approaches and the development of a system to monitor and inject frames using routers running OpenWRT as wireless workers. At the end of this presentation we will release the tool we used to solve this problem. Mostrar menos

Impacket is a collection of Python classes focused on providing access to network packets. Impacket allows Python developers to craft and decode network packets in simple and consistent manner. It includes for low-level protocols such as IP, UDP and T, as well as higher-level protocols such as NMB, SMB and MSRPC and DCOM. Impacket is highly effective when used in conjunction with a packet capture utility or package such as Pcapy. Packets can be constructed from scratch, as well as… Mostrar más

Impacket is a collection of Python classes focused on providing access to network packets. Impacket allows Python developers to craft and decode network packets in simple and consistent manner. It includes for low-level protocols such as IP, UDP and T, as well as higher-level protocols such as NMB, SMB and MSRPC and DCOM. Impacket is highly effective when used in conjunction with a packet capture utility or package such as Pcapy. Packets can be constructed from scratch, as well as parsed from raw data. Furthermore, the object oriented API makes it simple to work with deep protocol hierarchies. Mostrar menos

This paper describes the process of reverse engineering and modification of wireless cards on a wide variety of cell phones and tablets. Its implications, related work and how to set these cards on monitor mode.

In recent years, mobile devices have become articles of use masivo.Por Usually these devices follow the IEEE 802.11 standard for wireless connectivity. Broadcom is one of the semi-conductor companies leading in the area of wireless communication and broadband. Some of its WiFi solutions (chipsets BCM4325 & BCM4329) are included in a large part of the mobile devices market in products such as Apple, Samsung, Motorola, Sony, Nokia, LG, Asus and HTC. In this paper we describe the process of… Mostrar más

In recent years, mobile devices have become articles of use masivo.Por Usually these devices follow the IEEE 802.11 standard for wireless connectivity. Broadcom is one of the semi-conductor companies leading in the area of wireless communication and broadband. Some of its WiFi solutions (chipsets BCM4325 & BCM4329) are included in a large part of the mobile devices market in products such as Apple, Samsung, Motorola, Sony, Nokia, LG, Asus and HTC. In this paper we describe the process of modifying the firmware of these plates. The results presented could open new possibilities in the field of computer security, such as direct access to the baseband components without the intervention of the operating system, and the ability to store information in the internal memory of the plates, among others. During the talk, we will cross the internals of the firmware, and our reverse engineering process, and we will show how to put these plates in monitor mode, as proof of concept. Mostrar menos

Communications over wireless channels have been perfectioned in the last years mainly improving performance and speed features. Security in this field has been a concern since the first 802.11 draft, having evolved by adding security features based on different crypto systems. In this paper we focus on the construction of a covert channel, exploitable in any system, between any endpoint and a specially crafted endpoint. The channel built can be started even while an active connection is… Mostrar más

Communications over wireless channels have been perfectioned in the last years mainly improving performance and speed features. Security in this field has been a concern since the first 802.11 draft, having evolved by adding security features based on different crypto systems. In this paper we focus on the construction of a covert channel, exploitable in any system, between any endpoint and a specially crafted endpoint. The channel built can be started even while an active connection is established between a computer and a wireless Access Point, with one unique network device. This functionality allows an attacker that compromised a wireless enabled endpoint to extract available information and avoid detection. We will describe the design behind the channel structure and a fully functional implementation. Mostrar menos