You are browsing the Blog for DEFCON.

WPA Too!

January 13, 2012 in Ethical Hacking and Penetration Testing, Wireless Security and Hacking, WPA2

Speaker: Md Sohail Ahmad

WPA2 is the most robust security configuration available today for WiFi networks. It is widely used to secure enterprise WLANs. Interestingly, it is also being used to secure guest, municipal and public WiFi networks. In this paper, we present a new vulnerability found in WPA2 protocol which can be exploited by a malicious user to attack and compromise legitimate users. We also present a few attack mitigation techniques which can be used to protect genuine WiFi users.

For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html

 

Tags: , , , , , , , ,
No Comments »

FOCA2: The FOCA Strikes Back

January 7, 2012 in Ethical Hacking and Penetration Testing, Footprinting, Reconnaissance, Tutorials

FOCA is a tool to extract information in footprinting and fingerprinting phases during a penetration test. It helps auditors to extract and analyze information from metadata, hidden info and lost data in published files. This new release of FOCA, version 2, adds tools to scans internal domains using PTR Scanning, Software recognition through installation paths, etc. The idea of FOCA is to give as much info as can be discovered automatically starting from a public domain name.

 

Tags: , , , , , ,
No Comments »