Wireless Security

A while back, Joshua Wright wrote a fantastic paper called “Vista Wireless Power Tools for the Penetration Tester”. At the end of paragraph 2.5, “Analyzing Wireless Profiles”, Josh writes, “The PSK itself and other metadata is stored in the keyMaterial element. At this time, it is not known how to decrypt the PSK, however, since […]

Yes yours truly (Larry, that is) Will be teaching the 6 day SANS Wireless Ethical Hacking, Penetration Testing and Defenses (SANS 617) in Regina, Saskatchewan on March 23 – 28, 2009. As this is the first time Wireless Ethical Hacking, Penetration Testing and Defenses is being offered in Saskatchewan it is anticipated to fill quickly. […]

I’m always on the lookout for new ways to do recon during an assessment, or be aware how folks could be performing recon against an organization. Being aware of recon methods helps make recommendations to remediate potential exposure. One of the things that can be highly successful for recon on a target is wireless. I’m […]

[Note: This is a re-post from the wrt54ghacks.com blog which has been intergrated into this blog. For an even more updated version of this hack see my article in (IN)Secure Magazine, Issue 17] So, here is the scenario, you need a wireless network for guests, it has to be easily accessible (i.e. can’t require a […]

By Paul Asadoorian There are lots of ways to skin this cat. This came up and piqued my interest because I was looking at the Nessus plugin to do this. This is a neat concept, but relies on some really old information from Nmap 3.50 OS fingerprints. I decided that using Nmap directly is probably […]

INSECURE Magazine Issue 17 has been released for July 2008 and contains an article written by yours truly. I want to first give credit where credit is due to Charlie Vedda from the Packet Protector project, who was instrumental in putting some firmware together in order to make this project a reality. This is a […]