Practical & Improved Wifi MitM with Mana

Presented at DEF CON 26 (2018), Aug. 10, 2018, 4 p.m. (45 minutes).

In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated.

Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to conduct. Just firing up a vanilla script gets fewer credentials than it used to.

To address this mana will be re-released in this talk with several significant improvements to make it easier to conduct rogue AP MitM attacks against modern devices and networks.

After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:


Presenters:

  • Dominic White / singe - CTO @ SensePost   as singe
    singe has been hacking for 14 years, the last 8 of them at SensePost. He is the primary author of mana-toolkit and has developed wifi hacking training for places like BlackHat. @singe

Links:

Similar Presentations: