Skip to content →

Tag: wireless

War Never Changes: Attacks Against WPA3’s Enhanced Open — Part 2: Understanding OWE

In this second part of the series, we’ll provide an overview of how OWE works. There are already some good write-ups that provide this info at a high level, so this will be more of a hands-on technical deep device.

Leave a Comment

War Never Changes: Attacks Against WPA3’s “Enhanced Open” — Part 1: How We Got Here

In early 2019, myself and fellow Denver-based researcher Steve Darracott (@theDarracott) set out to answer the question — “is Opportunistic Wireless Encryption (OWE) susceptible to abuse and attack, and if so, how?”. Ultimately, we succeeded in implementing multiple working proof of concept attacks, which we demonstrated at the DEF CON Wireless Village last summer. This series of blog posts documents our research efforts and conclusions, and discusses how OWE fits into the current wireless threat model.

Leave a Comment

EAPHammer Version 0.5.0 – Legacy Crypto Support

EAPHammer now relies on its own local build of OpenSSL that exists independently of the build used by the operating system. This local OpenSSL build is linked to EAPHammer during the initial setup process, and is compiled with support for SSLv2/3 along with an array of weaker cipher suites that may be needed to communicate with legacy clients. Additionally, EAPHammer’s version of hostapd has been patched to allow SSLv2/3 support.

Leave a Comment

DEF CON 25: The Black Art Of Wireless Post-Exploitation – Bypassing Port-Based Access Controls Using Indirect Wireless Pivots

At DEF CON 25 and Hackfest 0x9 I introduced a novel attack that can be used to bypass port-based access controls in WPA2-EAP networks.

Leave a Comment

DEF CON 24 (Wireless Village): Slaying Rogue Access Points With Python And Cheap Hardware

This blog post will cover the development of sentrygun, from the algorithms used to detect rogue APs to the design patterns used to leverage those algorithms by network administrators.

Leave a Comment