In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated.
Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to conduct. Just firing up a vanilla script gets fewer credentials than it used to.
To address this mana will be re-released in this talk with several significant improvements to make it easier to conduct rogue AP MitM attacks against modern devices and networks.
After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:
Intercepting corporate credentials at association (PEAP/EAP-GTC) Targeting one or more devices for MitM & collecting credentials "Snoopy" style geolocation & randomised MAC deanonymization. As a bonus, you'll be able to download a training environment to practise all of this without requiring any wifi hardware (or breaking any laws).
Speakers:
singe, CTO @ SensePost
singe has been hacking for 14 years, the last 8 of them at SensePost. He is the primary author of mana-toolkit and has developed wifi hacking training for places like BlackHat.
@singe
Detailed Presentation:
Comments