Hacking exposed wireless : wireless security secrets and solutions /
Overview: Exploit and defend against the latest wireless network attacks. Learn to exploit weaknesses in wireless network environments using the innovative techniques in this thoroughly updated guide. Inside, you'll find concise technical overviews, the latest attack methods, and ready-to-deplo...
| Main Authors: | , |
|---|---|
| Format: | Book |
| Language: | English |
| Published: |
New York, New York :
McGraw-Hill Education,
[2015]
|
| Edition: | Third edition |
| Subjects: |
Table of Contents:
- Foreword
- Acknowledgments
- Introduction
- Part 1: Hacking 802-11 Wireless Technology:
- Case Study: Twelve volt hero
- Introduction to 802-11 hacking:
- 802-11 In A Nutshell:
- Basics
- Addressing in 802-11 packets
- 802-11 security primer
- Discovery basics
- Hardware And Drivers:
- Note on the Linux Kernel
- Chipsets and Linux Drivers
- Modern chipsets and drivers
- Cards
- Antennas
- Cellular data cards
- GPS
- Summary
- Scanning And Enumerating 802-11 Networks:
- Choosing An Operating System:
- Windows
- OS X
- Linux
- Windows Discovery Tools:
- Vistumbler
- Windows Sniffing/Injection Tools:
- NDIS 6-0 Monitor Mode Support (NetMon/MessageAnalyzer)
- AirPcap
- CommView for WiFi
- OS X Discovery Tools:
- KisMAC
- Linux Discovery Tools:
- airodump-ng
- Kismet
- Advanced Visualization Techniques (PPI):
- Visualizing PPI-tagged Kismet data
- PPI-Based Triangulation (Servo-Bot)
- Summary
- Attacking 802-11 Wireless Networks:
- Basic types of attacks
- Security through obscurity
- Defeating WEP:
- WEP key recovery attacks
- Putting It All Together With Wifite:
- Installing Wifite on a WiFi pineapple
- Summary
- Attacking WPA-Protected 802-11 Networks:
- Obtaining the four-way handshake
- Cracking with cryptographic acceleration
- Breaking Authentication: WPA Enterprise:
- Obtaining the EAP handshake
- EAP-MD5
- EAP-GTC LEAP
- EAP-FAST
- EAP-TLS
- PEAP and EAP-TTLS
- Running a malicious RADIUS server
- Summary
- Attacking 802-11 Wireless Clients:
- browser_autopwn: A Poor Man's Exploit Server:
- Using metasploit browser_autopwn
- Getting Started With I-Love-My-Neighbors:
- Creating the AP
- Assigning an IP address
- Setting up the routes
- Redirecting HTTP traffic
- Serving HTTP content with squid
- Attacking Clients While Attached To AN AP:
- Associating to the network
- ARP spoofing
- Direct client injection techniques
- Summary
- Taking It All The Way: Bridging The Air-Gap From Windows 8:
- Preparing For The Attack:
- Exploiting hotspot environments
- Controlling the client
- Local wireless reconnaissance
- Remote Wireless Reconnaissance:
- Windows monitor mode
- Microsoft NetMon
- Target wireless network attack
- Summary
- Part 2: Bluetooth:
- Case Study: You can still hack what you can't see
- Bluetooth classic scanning and reconnaissance
- Bluetooth Classic Technical Overview:
- Device discovery
- Protocol overview
- Bluetooth profiles
- Encryption and authentication
- Preparing For An Attack:
- Selecting a Bluetooth classic attack device
- Reconnaissance:
- Active device discovery
- Passive device discovery
- Hybrid discovery
- Passive traffic analysis
- Service enumeration
- Summary
- Bluetooth Low Energy Scanning And Reconnaissance:
- Bluetooth Low Energy Technical Overview:
- Physical layer behavior
- Operating modes and connection establishment
- Frame configuration
- Bluetooth profile
- Bluetooth low energy security controls
- Scanning and reconnaissance
- Summary
- Bluetooth Eavesdropping:
- Bluetooth Classic Eavesdropping:
- Open source Bluetooth classic sniffing
- Commercial Bluetooth classic sniffing
- Bluetooth Low Energy Eavesdropping:
- Bluetooth low energy connection following
- Bluetooth low energy promiscuous mode following
- Exploiting Bluetooth networks through eavesdropping attacks
- Summary
- Attacking And Exploiting Bluetooth:
- Bluetooth PIN Attacks:
- Bluetooth classic PIN attacks
- Bluetooth low energy PIN attacks
- Practical pairing cracking
- Device Identity Manipulation:
- Bluetooth service and device class
- Abusing Bluetooth Profiles:
- Testing connection access
- Unauthorized PAN access
- File transfer attacks
- Attacking Apple iBeacon:
- iBeacon deployment example
- Summary
- Part 3: More Ubiquitous Wireless:
- Case Study: Failure is not an option
- Software-Defined Radios:
- SDR architecture
- Choosing A Software Defined Radio:
- RTL-SDR: entry-level software-defined radio
- HackRF: versatile software- defined radio
- Getting Stared With SDRs:
- Setting up shop on windows
- Setting up shop on Linux
- SDR# and gqrx: scanning the radio spectrum
- Digital Signal Processing Crash Course:
- Rudimentary communication
- Rudimentary (wireless) communication
- POCSAG
- Information as sound
- Picking your target
- Finding and capturing an RF transmission
- Blind attempts at replay attacks
- So what?
- Summary
- Hacking Cellular Networks:
- Fundamentals Of Cellular Communication:
- Cellular network RF frequencies
- Standards
- 2G Network Security:
- GSM network model
- GSM authentication
- GSM encryption
- GSM attacks
- GSM eavesdropping
- GSM A5/1 key recovery
- GSM IMSI catcher
- Femtocell attacks
- 4G/LET Security:
- LTE network model
- LTE authentication
- LTE encryption
- Null algorithm
- Encryption algorithms
- Platform security
- Summary
- Hacking ZigBee:
- ZigBee Introduction:
- ZigBee's place as a wireless standard
- ZigBee deployments
- ZigBee history and evolution
- ZigBee layers
- ZigBee profiles
- ZigBee Security:
- Rules in the design of ZigBee security
- ZigBee encryption
- ZigBee authenticity
- ZigBee authentication
- ZigBee Attacks:
- Introduction to KillerBee
- Network discovery
- Eavesdropping attacks
- Replay attacks
- Encryption attacks
- Packet forging attacks
- Attack Walkthrough:
- Network discovery and location
- Analyzing the ZigBee hardware
- RAM data analysis
- Summary
- Hacking Z-Wave Smart Homes:
- Z-Wave Introduction:
- Z-Wave layers
- Z-Wave security
- Z-Wave Attacks:
- Eavesdropping attacks
- Z-Wave injection attacks
- Summary
- Index