Hide your kids, turn off your Wi-Fi, they Rogue APing up in here

Presented at DEF CON 31 (2023), Aug. 10, 2023, 2 p.m. (240 minutes)

This workshop will teach you how to deploy Rogue APs in your client's environment. Using Rogue APs lets you test your client's Wireless Intrusion Detection System, passwords, wireless phishing education, and overall wireless security. We will discuss Rogue AP Tactics, Techniques, and Procedures, and how and why they work. In this workshop we will walk through setting up an OPEN, CAPTIVE PORTAL, WPA2, and 802.1x Rogue AP. We will also go over OWE and WPA3-SAE transition mode Rogue APs. The primary goal is setting up Rogue APs to harvest credentials. In the workshop, we will walk through a scenario at a client’s site, then set up a Rogue AP to harvest users’ credentials for the various networks at the site. We will go through how to crack the harvested credentials. We will be using EAPHAMMER, HOSTAPD-MANA, WIFIPHISHER, and AIRBASE-NG for the Rogue AP portion, HASHCAT, AIRCRACK-NG, and JOHN for the cracking portion. This workshop is for beginners, but participants should have basic Linux and 802.11 knowledge and be comfortable using virtual machines. Recommended reading/viewing: - https://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-attacks-35a8571550ee - https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1%2F2/ - https://www.youtube.com/watch?v=i2-jReLBSVk Skill Level: Beginner Prerequisites for students: - None Materials or Equipment students will need to bring to participate: - Laptop with 8 GBS RAM - Virtual Box / VMware Installed - Wireless card with Access Point Mode and monitor mode. Recommended chip set AWUS036ACM.

Presenters:

• Daniel Costantini - Principal Consultant at Mandiant
  Daniel Costantini is a Principal Consultant with Mandiant, within Proactive Services. He is a Red Team/Penetration Testing subject matter expert in a variety of disciplines. Daniel has led and contributed to over a hundred Penetration/Red Team assessments. Over the years he has gained vast experience in living off the land, application, web, and network penetration testing. He continues, to strengthen his expertise in advanced wireless assessments. Daniel is a 17-year veteran of the United States Air Force (USAF) with ten of those years on active-duty and continues to serve in the United States Air Force Reserves. He has performed Penetration tests for USAF while on active duty and as a civilian contractor. He enjoys spending time with his family, playing games, and relaxing in front of the television.
• Lander Beyer - Manager, Proactive Services team at Mandiant
  Lander Beyer (He/Him) is the Manager of Mandiant’s Proactive Services team within their Global Government section. Lander has performed dozens of penetration testing services against State, Local, and Education (SLED) organizations, to include wireless and physical assessments. Lander is a cyber branch warrant officer in the California Army National Guard, and a proud husband and father of two. He enjoys table tennis, long walks in the rain, and Domain Admin.
• James Hawk - Senior Consultant at Mandiant
  James Hawk (He/Him) is a Senior Consultant with Mandiant, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to dozens of assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company. James is a 20-year veteran of the U.S. Army and has over 10 years hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, LetterKenny, and almost anything sci-fi.

Similar Presentations:

• Black Hat Asia 2015 / Manna from Heaven: Improving the State of Wireless Rogue AP Attacks
• DEF CON 22 (2014) / Manna from Heaven: Improving the state of wireless rogue AP attacks
• THOTCON 0x9 (2018) / 5Ghz Electronic Warfare