Presented at
Hackfest 2017,
Nov. 3, 2017, 2:30 p.m.
(Unknown duration).
SniffAir is an open-source wireless security framework. Its primary purpose is to provide penetration testers, systems administrators, or others eager about wireless security a way to collect, manage, and analyze wireless traffic. SniffAir was born out of the hassle of managing large or multiple pcap files, manually reviewing the information, and subsequently formulating an attack. SniffAir allows testers to thoroughly cross-examine and analyze traffic while looking for potential security flaws or malicious traffic. Testers can also employ SniffAir to carry out attacks based on this information.
We created SniffAir to collect all the traffic broadcasted and sort it by Client or Access Point. Testers can create custom rules to help define the scope, and SniffAir can be instructed to parse collected information based on those rules. SniffAir then uses the rules to move the in-scope data to a new set of tables, allowing the framework to compare filtered data against the original table for anomalies. If applicable, the tester can then load the desired information into SniffAir's wireless attack modules, allowing them to carry out various sophisticated wireless attacks directly through the framework. By making this project open-source, our hope is to stir the community's interest in wireless security, whether it be by contributing to the framework directly, or by discovering new methods to assess or attack wireless networks which can then be incorporated into the framework.
Presenters:
-
Matthew Eidelberg
Matthew Eidelberg is a husband, father, and big security fanatic. Matthew works as a Security Consultant on Optiv's Attack and Penetration team. Matthew's primary role is to conduct security penetration testing and red teaming assessments for Optiv's clients, while also developing detailed remediation procedures in order to provide the best value to Optiv's clients. Previously, Matthew worked as a Security Consultant for the Herjavec Group in Canada, providing the same type of work for clients in Canada, the United States and Asia. Matthew received his Bachelor of Technology in Informatics and Security, [email protected] University in 2012 and was certified as an Offensive Security Certified Professional in March of 2015.
Steven works as a Security Consultant on Optiv's Attack and Penetration team. Steven's primary role is to conduct security penetration testing and red teaming assessments for Optiv's clients, while also developing detailed remediation procedures in order to provide the best value to Optiv's clients. Previously, Steven worked as a Space Systems Operator for the US Air Force, conducting space based missile defense for North America. Steven was certified as an Offensive Security Certified Professional in September of 2014.
-
Steven Darracott
as Steven Daracott
Matthew Eidelberg is a husband, father, and big security fanatic. Matthew works as a Security Consultant on Optiv's Attack and Penetration team. Matthew's primary role is to conduct security penetration testing and red teaming assessments for Optiv's clients, while also developing detailed remediation procedures in order to provide the best value to Optiv's clients. Previously, Matthew worked as a Security Consultant for the Herjavec Group in Canada, providing the same type of work for clients in Canada, the United States and Asia. Matthew received his Bachelor of Technology in Informatics and Security, [email protected] University in 2012 and was certified as an Offensive Security Certified Professional in March of 2015.
Steven works as a Security Consultant on Optiv's Attack and Penetration team. Steven's primary role is to conduct security penetration testing and red teaming assessments for Optiv's clients, while also developing detailed remediation procedures in order to provide the best value to Optiv's clients. Previously, Steven worked as a Space Systems Operator for the US Air Force, conducting space based missile defense for North America. Steven was certified as an Offensive Security Certified Professional in September of 2014.
Links:
Similar Presentations: