Underground Wi-Fi Hacking for Web Pentesters

Presented at BSidesLV 2015, Aug. 4, 2015, 11 a.m. (55 minutes).

There is an ever-increasing trend with Internet Service Providers of all sizes providing open wireless hotspots nationwide, many of which are bridged off of existing customers personal access points and others are made available through restaurants, hotels, and other businesses. Many of these guest networks have recently spurred discussion within the security community over the insecurity of open access points in general and the ethics of their deployment methods. The talk will cover the many gaping insecurities of wireless hotspots and dive in to how these can be leveraged to attack clients, gain free Internet access, hijack accounts, steal sensitive information, and more. This will progress into how web penetration testers can leverage their existing skill-sets to design, build, and deploy malicious targeted access points. All of the attacks that will be demonstrated live during the talk can be deployed on various platforms, making it easy for the audience to reproduce regardless of hardware available.


Presenters:

  • Greg Foss - Head of Global Security Operations - LogRhythm Labs
    Greg Foss is LogRhythm's head of Global Security Operations and a Senior Researcher with Labs - tasked with leading both offensive and defensive aspects of corporate security. He has just under a decade of experience in the information security industry with an extensive background in ethical hacking and penetration testing, focusing on Web application security and red teaming. Greg holds multiple industry certifications including the OSCP, GAWN, GPEN, GWAPT, GCIH, and CEH, among others. He has presented at national information security conferences such as BlackHat, DerbyCon, AppSecUSA, BSidesLV, and is a very active member of the Denver security community.

Links:

Similar Presentations: