๐”– Scriptorium
โœฆ   LIBER   โœฆ
๐Ÿ“

Hacking Exposed Wireless: Wireless Security Secrets & Solutions

โœ Scribed by Johnny Cache, Vincent Liu

Publisher
McGraw-Hill Osborne Media
Year
2007
Tongue
English
Leaves
513
Edition
1
Category
Library
โฌ‡  Acquire This Volume

No coin nor oath required. For personal study only.

โœฆ Synopsis

Hacking Exposed Wireless is built on the same template as the other excellent books in the Hacking Exposed series. I find the book very informative, and I'll keep it close, when I'll perform WiFi testing on the corporate network.

The Attack and Countermeasure sections in the chapters of the Hacking Exposed series, are one of the things I really like about books. They give you a good overview about the risks involved - and how to test and mitigate these risks.

The book consists of 11 chapters grouped in 3 sections: I) Overview, II) Hacking 802.11 Wireless Technologies and III) Hacking additional Wireless Technologies.

  1. Section I - Overview.

  2. Chapter 1 gives you the fundamentals to Wireless technology and describes the common security problems.

  3. Chapter 2 is quite techie with some use of math for explaining how to calculate effect, antennas etc.

  4. Section II - Hacking 802.11 Wireless Technologies.
    This section explains from the basics of Wireless security to the more advanced and well protected implementations of Wireless security.

  5. Chapter 3 is a quite comprehensive guide to the history of the 802.11 protocol, and with that information, you are well equipped to go on to the following chapters. The description of the protocol is vital to understand how the vulnerabilities work.

  6. Chapter 4 is the description of how to discover and map wireless networks.
  7. Scanning and enumeration is the next step, and in Chapter 5 all the vital features are covered.
  8. Attacking `WEP secured WiFi networks' is covered in chapter 6, and I must say, I found this information useful. Having already done some pentesting on WEP secured Access Points (AP), I found the explanations and examples very interesting, and I'm going to try out some of the techniques explained here, next time I have an AP to test.
  9. WPA and WPA2 are normally considered to be pretty safe, if you choose the right password. But still the techniques described of how to deal with wireless enterprise setups, surprised me, and they should be taken in consideration, when documenting the risks in the corporate wireless network.

  10. Deploying security as described in chapter 8 covers the finer art of securing your wireless network.

  11. Section III - Hacking additional Wireless Technologies

  12. A few acquaintances of mine have bragging about how weak the security is on hotels - and how they got free internet during their stay. Chapter 9 covers many of the weaknesses of public AP's like the ones in hotels, airports etc.

  13. The Bluetooth attack on a Mac from chapter 10 was quite new to me. I haven't done much in relation to Bluetooth. I have been aware of the fact, there is a risk involved with opening a Bluetooth connection in the public, but not that it could be exploited like that. It was a kind of eye-opener for me.
  14. The advanced attacks in chapter 11 are some of the issues I'll pay some attention next time I am to test a network. Especially the attacks that can be launched from Metasploit 3.0 sounds interesting (aka scary).

The book also covers threats like rough access points (and how to deal with them). I found this so much of an inspiration, that I want to try it out on one of the educational institutions in the town - of course with a formal approval.

If you work with issues of wireless security, I find this book a must have, and in my opinion, it is sufficient for penetration testers and technicians who are to install corporate networks. With the book in hand, they can do, what has to be done. The book is clearly not targeted against end-users.

โœฆ Table of Contents

Contents......Page 14
Foreword......Page 20
Acknowledgments......Page 22
Introduction......Page 24
Part I: Hacking 802.11 Wireless Technology......Page 30
A Parking Lot Approach......Page 31
The Robot Invasion......Page 32
Final Wrap-Up......Page 33
1 Introduction to 802.11 Hacking......Page 36
802.11 in a Nutshell......Page 37
Discovery Basics......Page 42
Hardware and Drivers......Page 50
Summary......Page 69
2 Scanning and Enumerating 802.11 Networks......Page 70
Choosing an Operating System......Page 71
Windows Discovery Tools......Page 72
Windows Sniffing/Injection Tools......Page 79
OS X Discovery Tools......Page 90
Linux Discovery Tools......Page 96
Mobile Discovery Tools......Page 102
Online Mapping Services (WIGLE and Skyhook)......Page 104
Summary......Page 106
3 Attacking 802.11 Wireless Networks......Page 108
Security Through Obscurity......Page 109
Defeating WEP......Page 117
Bringing It All Together: Cracking a Hidden Mac-Filtering, WEP-Encrypted Network......Page 133
Keystream Recovery Attacks Against WEP......Page 136
Attacking the Availability of Wireless Networks......Page 140
Summary......Page 142
4 Attacking WPA-Protected 802.11 Networks......Page 144
Breaking Authentication: WPA-PSK......Page 145
Breaking Authentication: WPA Enterprise......Page 158
Breaking Encryption: TKIP......Page 170
Attacking Components......Page 175
Summary......Page 180
Part II: Hacking 802.11 Clients......Page 182
Case Study: Riding the Insecure Airwaves......Page 183
5 Attack 802.11 Wireless Clients......Page 184
Attacking the Application Layer......Page 186
Attacking Clients Using an Evil DNS Server......Page 190
Ettercap Support for Content Modification......Page 194
Dynamically Generating Rogue APs and Evil Servers with Karmetasploit......Page 196
Direct Client Injection Techniques......Page 201
Device Driver Vulnerabilities......Page 211
Web Hacking and Wi-Fi......Page 216
Summary......Page 230
6 Taking It All The Way: Bridging the Airgap from OS X......Page 232
The Game Plan......Page 233
Making the Most of User-level Code Execution......Page 246
Summary......Page 267
7 Taking It All the Way: Bridging the Airgap from Windows......Page 268
The Attack Scenario......Page 269
Preparing for the Attack......Page 270
Local Wireless Reconnaissance......Page 277
Remote Wireless Reconnaissance......Page 284
Target Wireless Network Attack......Page 292
Summary......Page 296
Part III: Hacking Additional Wireless Technologies......Page 298
Case Study: Snow Day......Page 299
8 Bluetooth Scanning and Reconnaissance......Page 302
Bluetooth Technical Overview......Page 303
Preparing for an Attack......Page 308
Reconnaissance......Page 311
Service Enumeration......Page 338
Summary......Page 342
9 Bluetooth Eavesdropping......Page 344
Commercial Bluetooth Sniffing......Page 345
Open-Source Bluetooth Sniffing......Page 355
Summary......Page 372
10 Attacking and Exploiting Bluetooth......Page 374
PIN Attacks......Page 375
Identity Manipulation......Page 389
Abusing Bluetooth Profiles......Page 403
Future Outlook......Page 425
Summary......Page 427
11 Hack ZigBee......Page 428
ZigBee Introduction......Page 429
ZigBee Security......Page 436
ZigBee Attacks......Page 439
Attack Walkthrough......Page 459
Summary......Page 467
12 Hack DECT......Page 468
DECT Introduction......Page 469
DECT Security......Page 473
DECT Attacks......Page 476
Summary......Page 487
A: Scoping and Information Gathering......Page 488
Scoping......Page 489
Things to Bring to a Wireless Assessment......Page 491
Conducting Scoping Interviews......Page 493
Gathering Information via Satellite Imagery......Page 494
Putting It All Together......Page 498
A......Page 500
B......Page 501
C......Page 503
D......Page 504
G......Page 505
I......Page 506
L......Page 507
N......Page 508
P......Page 509
S......Page 510
V......Page 511
W......Page 512
Z......Page 513

๐Ÿ“œ SIMILAR VOLUMES

Hacking Exposed Wireless: Wireless Secur
๐Ÿ“ Hacking Exposed Wireless: Wireless Security Secrets & Solutions
โœ Johnny Cache, Vincent Liu ๐Ÿ“‚ Library ๐Ÿ“… 2007 ๐Ÿ› McGraw-Hill Osborne Media ๐ŸŒ English

Including vital details on new, previously unpublished attacks alongside real-world countermeasures, this book offers tactical security information that will help you defend against the latest pervasive and devastating wireless attacks

Hacking Exposed Wireless: Wireless Secur
๐Ÿ“ Hacking Exposed Wireless: Wireless Security Secrets & Solutions
โœ Johnny Cache, Joshua Wright, Vincent Liu ๐Ÿ“‚ Library ๐Ÿ“… 2010 ๐Ÿ› Mcgraw-Hill Osborne Media ๐ŸŒ English

<h4>The latest wireless security solutions</h4> <p>Protect your wireless systems from crippling attacks using the detailed security information in this comprehensive volume. Thoroughly updated to cover today's established and emerging wireless technologies, <i>Hacking Exposed Wireless</i>, second ed