The Dark Side of Wireless Networks: Intro to Wi-Fi Hacking - Megi Bashi - Ryan Dinnan
Vložit
- čas přidán 1. 06. 2024
- As Wi-Fi networks have become a fundamental aspect of our daily lives, it's important to understand the potential security risks associated with them. From personal data to company's confidential information, wireless networks are a prime target for cyber attacks.
This talk aims to provide an overview of Wi-Fi hacking techniques and methodologies. The presentation will cover various topics such as setting up rogue access points, intercepting packets, cracking WEP/WPA/WPA2 encryption, and more. Attendees will learn about the different tools and techniques used by hackers to gain unauthorized access to Wi-Fi networks and instances where they have been used in real life. We will also cover key concepts such as wireless network topologies, common terminology and the different types of wireless attacks. Additionally, the presentation will include demonstrations of Wi-Fi hacking techniques, to provide a better understanding of the topic and the real-world application of the discussed concepts.
This presentation is suitable for both beginners and those with experience who have an interest in wireless security and the dark side of hacking.
This was a special instance. WEP is known to be outdated and insecure, easily cracked. If the neighbor was using an up-to-date network with AES, then this would probably not have happened. The rest is pretty straightforward, once he accessed the neighbor network he was able to perform reconnaissance and identify target machines. They left out some details but can easily be figured out by analyzing the output from the terminal.
What a nice time with you guys here. I learnt alot of new stuff. I hope to be seeing more of this online seminars.
Really good general info. Appreciate the clear audio as well
Great presentation!
Thank you very much for the information. It is a very nice presentation 👍👍👍👍
it's 2023 - introduces WEP cracking...
Lol this shit is a joke. 60% of the comments are botted likes and comments.
this is really cool...its kinda crazy that i learned most of this stuff just putting it together from different sources ...i also learned some new things as well as the chart of "how wep works" .This gave a great breakdown of wireless networks ....i still have a long way to go because this is just the tip of the iceberg
wireless connections seem a little bit underrated.. but as nowadays google introduced passkeys, these kinds of materials will be spread.. i mean not only wi-fi but at least bluetooth connection as well..
thanks for the good quality
excellent presentation!!
I'm surprised how these hacker "experts" don't even understand that WEP doesn't encrypt data from the client to the web-server - it's a Wi-Fi encryption method, encrypting data from client to access point...
even in China, i haven't seen WEP in the wild since 2012......
Amen brother. This shit was just straight embarrassing and everyone thanking them in the comments are the problem lol.
Shame is the cure. Fuck someone's feelings.
😮
@@Weary.HermanIIIdamn, lil buddy. Show us where they hurt you.
Wrong.
great explanation, thanks for sharing this, i hope to see more content like this, just subscribed to the channel
Show thanks muito obrigado.
Very informative! We are glad to have these two young personalities to educate us about wireless networks.
They literally wasted your time rehashing 2010 techniques and walking people through completely obsolete invalid attack methods. They know nothing about modern wifi exploitation and it's beyond obvious.
The TLS protects the client/server comms usually so you would end up with just a bunch of broad activity log - what websites are accessed and when - unless you can put a backdoor inside the client/server.
good video carry on
I'm surprised people are still talking about WEP security in 2023😅. I don't think anyone in my neighborhood or company has been using the broken encryption since 2008. WPA2 was introduced in 2004 and most of the devices have supported it since then.
We all know why we clicked, and it wasn’t to hear about 20 plus year old WEP garbage. Admit it.
I just read yo comment and skipped the video. thanks negga
Actually I know so little that I didnt know about WEP or WPS. Last time I sat at a keyboard it was attached to a Commodore 64 and everything was dialup. I have alot of catching up to do.
Thanks
I will definitely try it as soon as possible! A friend recommended it to for sharing!
Try for what
It was a nice presentation. Want more videos like these
Good video broo
ty
Then vice-president 😂 so this shit is really old. Wifi security standards have gone leaps from this. Bummer, was hoping for modern WPA3 type of excitement
Is this an old talk from 15yrs ago?
The methods suggested were closed off a long time ago.
some methods would require that hardware is updated. The problem with wifi devices is that they are made for mass-production. Profits are worth more than security for these companies that make consumer devices (TP-Link is notorious for this). The other problem comes with most of these wifi devices being manufactured in china. the cheapest hardware will ALWAYS be used. Those SoCs are incredibly cheap and have very VERY limited RAM. So in some cases it might not even be possible to patch security holes in the devices. The other problem, well back to profits again is most companies will stop supporting old hardware because it's just not in their own business interest. Apple and Google do this with their phones, but i'm probably preaching to the choir here. The only way to keep up with security holes might be to keep buying new Wifi hardware. The Average consumer is not going to buy a new wifi router every 6 months to a year because there's some security hole. A lot of people i've talked with in conversation (they're not tech people like me they're just consumers - aka iphone users lol) have no idea how to even login to their wifi router to change their own password. So that right there is the biggest security problem. It's a problem that's unlikely to go away anytime soon. Some routers DO have automatic updates. The problem with automatic updates is that if there's any glitches in the power or the internet connection downloading the update - or any other number of random WTH moments that could happen could prevent the update from being installed (and it won't retry until the next update comes out) or it could possibly even brick the device. Embedded Linux/RTOS devices can be sensitive when you start writing bits to their FLASH storage.
@@daomingjin Hii bro, wanna talk to you since you happen to know a lot. CAN WE TALK?
@@miresoman1769 firstly, don't call me bro, we're not brothers, nor have we ever served in the military together.
Learn your lesson, and the answer is "no."
So what will be DONE?
What is the name of the logos in the thumb nail.
Lovely channel and presentation. So much support 💕
I didn't know that they were showing presentations with info that was 20 years out of date. There was nothing about security protocols that were always available, but manufacturers never followed to stop unauthorised connections or de-auth attacks. Nothing about how to secure networks, or even how using a Pineapple has been useless for years. Kali is not much better.
If you want to just break in to a neighbours network, you are better using social networking or a crafted email to get what you want. Simply suggesting you can do it by using Kali or a pineapple is wrong.
The whole video is a mess and should not even be on Bsides. The rest of the World has moved on and I don't understand how some countries are still 20years behind.
It would help those people presenting to watch a decent video of how to hack or attack networks.
@@Bond2025 Firstly, it's important to note that educational videos on topics like Wi-Fi hacking and penetration testing often aim to provide foundational knowledge and techniques. They may not cover the latest security protocols or advancements, as these topics are constantly evolving. However, they can serve as a starting point for individuals interested in learning more about the subject.
Regarding the mention of security protocols that were available but not widely followed by manufacturers, it is true that the implementation and adherence to security measures can vary across different devices and manufacturers. While the video might not have specifically addressed this point, it's essential for users to be aware of these vulnerabilities and take necessary precautions to secure their networks.
Your suggestion of utilizing social engineering techniques or crafted emails to gain unauthorized access is indeed a valid concern. It's important for viewers to understand that hacking techniques extend beyond just technical methods and that social engineering plays a significant role in security breaches(as most of the attacks are social engineering nowadays). While some viewers may find the content insufficiently advanced, it is important to remember that these videos often serve as introductory material for those who are new to the subject. Thank you for your answer! kind regards!
This is a class for grandma to setup her home network... lmfao
❤❤❤❤
wep can be brute forced in 5mn not weeks...
this talk is ......
only if you've collected enough IV packets. That actually requires clients to be connected and moving a decent amount of data. If they are just sending out an occasional Email and it's very short, it could take quite a while to collect enough IVs to perform a WEP attack. Of course, if they connect to the WEP enabled wifi and stream a movie for an hour - yea, no problem collecting enough WEP IV packets. You can probably collect packets for 5 minutes, and then crack it in 7....
Very informative. Thank you
wow
I’m still confused about Wi-Fi, and putting Wi-Fi antennas in locations to collect the signal… Isn’t Wi-Fi similar to a radio wave where it’s everywhere? Example: Set up your antenna and capture the signal because it’s everywhere all the time.
Why do they tell us to stay away from wi-fi antennas, cell phones etc. Does it not behave the same way radio waves do?
wifi is RF based, yes, most wifi antennas are Omnidirectional (transmit in all directions). Beam-Forming in some MIMO routers can focus the RF power more into one area than another (better signal to noise ratio - thus higher transfer rates), then there is directional antennas. If you have a decent wifi router and a very good hig-gain directional Antenna, you can go around 1km without need for RF amplifiers.
encryption is key
With Wi-Fi, due to the low receive and transmit powers, and the frequency ranges used, is susceptible to rapid drop-off of speed and range at higher bandwidths. Also with beamforming/steering and different antenna configurations, each of which can impart polarity and directionality to the signal, the RF is often not truly omnidirectional (where the signal radiates out with equal power in all directions). Buildings' internal walls, electrical fields and noisy electricals (with components which produce RF noise in the same range as Wi-Fi) are notorious for affecting Wi-Fi signals.
@@daomingjincan you go more far away
“We haven’t tested it on Windows but I’d assume they do”!? Really? I wouldn’t be assuming anything if I’m pen-testing a network. Also…just generally speaking…why on Earth would you not bother to test it on a Windows user? Firstly, it’s almost certainly easier to do, secondly I don’t believe it does show any such warning as of 22H2 and third; possibly the most obvious point is that simply as a numbers game…what OS do you think will most likely connect to your rogue access point?! Actually, another point is that I’d understand more if it was the hackers side of the whole thing but it’s not. They wouldn’t need to reconfigure or rewrite any code at all, they could very easily have just tried using a Windows machine. Fair enough they’re trying to educate but come on…I don’t want to hear the words “I assume” because you haven’t bothered or seen a reason to check. The correct answer is “we don’t know, we didn’t check”. It’s really that simple. Regardless, I do not believe it does prompt the user with any such information…I haven’t checked though so who knows. I won’t assume.
Impressive presentation 👏
Not really, it's information copied from the Internet that is 20 years out of date. A lot of talking, but they didn't say much. All I took from that was - absolutely nothing!
it's not
it was boring
did she say myspace who uses myspace anymore
Super good. Wish I was closer to where this takes place.
If you're talking about being closer to WEP targets you're gonna need a fucking time machine to be closer brotha
Aleksandar, YELLOW HOUSE
Yeah he definitely been arrested for hacking
2012 called they want their stuff back
11:00
brilliant!
this is why I don't Use Public WiFi,
Commander Adama on the Battlestar Galactica would not allow any wireless network computer on his ship for these reasons. I will not allow any wireless network at my House. Everything here is hardwired with ethernet.
The only way you're going to hack wpa 3 is for you to threaten the owner of the network with a gun to give you the pre shared key.
Or you RF broadcast deauth/JAM his client (or all clients in the area), and then you put up a rogue AP with the same MAC address and SSID using much higher RF output power. So if you have ... a directional antenna and 5 Watts of RF power on that rogue AP, the client WILL reconnect. From there you can spoof his webadmin pannel for the wifi hotspot and more or less 0wn him. If you clone the Web UI for the Admin setup pages on his Wifi router and redirect all HTTP traffic to that, you just wait for him to put in all the wifi setup information (tell the UI to tell the user it's performed an automatic update and some credentials need to be verified lol). Then you have their wifi password, ADSL modem credentials and their webadmin pannel's password. As soon as your rogue AP detects those credntials have been entered... you turn off the rogue AP then connect to his Wifi AP and start the fun from there.
@@daomingjinyour from were please
@@boladaleakinosi2386 i'm from
1) a country where the word "where" is not mistaken for "were"
2) a country where we use proper English word order
i was born in the late 70's , I remember wifi hacking tools before Aircrack-ng was called "ng". LOL.
@@daomingjingood old karma attacks, if I remember correctly the actual karma tool by now is long dead, though there's nothing stopping you from doing it manually
To bring you up to speed as of July 28th 2023, there have been WPA3 vulnerabilities discovered and exploited. The main vulnerability is within the wireless frame forwarding mechanism for the NPU, which allows an exploit to take place even without the use of a rogue AP. The WPA is vulnerable to exploitation by ICMP redirects.
No wonder “cybersecurity professionals” graduates have a rough time landing a job in the field. It all makes sense now. Folks, you’re regurgitating attacks and methodologies that have been outdated and talked about to death for over a decade. No one uses WEP anymore, and the WPS push button PIN attack was after that (and long since gone). Most ISP gateways come with WPA2/3 with 10+ character passwords and randomized SSIDs now.
If you are someone looking into this field, make sure you’re actually passionate about it (and actually know what you’re talking about), and not just picking a major from a catalog that “looks cool”.
Keep in mind that this is a tiny "conference" in the Kosovo and those two people only graduated a few months earlier. It's almost exactly the standard "Wi-Fi hacking" CZcams tutorial content-wise but maybe that's fitting for the audience that was to be expected. Eastern Europe and the Balkans might also be one of the few areas where you could maybe actually find some few WEP protected networks still going.
So some people here say this talk is a bit outdated, if it is do you know any other materials more updated on this topic?
Not to offend the creators on any form, I just want to learn a bit more on the topic :)
Bro we're talking A LOT more than a bit outdated lmao.
The guy look like he rob my grandma wifi
lol that shit is old
I was thinking "Bsides" - this should be good, then watched part of a 20 year old presentation they must have found somewhere and decided to re-run.
If the people selecting talks for Bsides think this is "current" in 2023, they do not have a clue and are probably not aware of IT.
Surprisingly, even a hitman organization has access to the videos and pictures. Unfortunately, they're using those recorded images to gain trust from other people who know the individual who got filmed 🎥. The serial killers have access to those films Unfortunately. What is even worse is that the films don't guarantee that a crime has being committed. The assesings take advantage of those images to gain the trust of their future victims. What is even worse is that the hitman organization covers their ass by blaming their victims of crimes never committed against them. The worst thing is that they are extremely experienced on getting away with those crimes because they managed to obtain some type of royalty from the fire arm industry and the lawn gives them seniority protective privileges.
I have to rap it up by warning ⚠️ the entire population of their mind reading discovery which compromises everyone's bank account information and passwords. The millionaires are also easy targets just as I'm currently dealing with their constant threatening and I no longer have private life 24/7.
Even, the home owners relatives are getting filmed 🎥 on a daily basics.
Who can fill safe if the criminals know when you'll be arriving home, right?
that;s just stupid tho. access your bank info on public network.
and they scammed her of 43 dollar. trash tier con for the most gullible victim... fucking dream bigger jesus chrsit
👍👋👌😳😳😳
Nice :D
Sutaque brasileiro kkkk
nice dumper lol
*This response was generated by ChatGPT*
Joe Biden and 2009 doesn't match
pffftt drink all the booze, hack all the things...
Old content poorly presented by two people
YOU TALKING TO TO FAST SLOW DOWN
script kiddies! neighbour must be a pest downloaded a free tool ! , ISPs normally are responsible for deploying secure and up to date equipment
This video isn't worth watching unless you're a time traveler in 2010
The content was "OK", a bit old on the technology; the presentation sucked donkey-balls! An attacker would have better luck at brute-forcing their way physically into a building and finding the nearest IDF and gaining access to the network this way.
for sure
Agreed, 20 years out of date.
veeery old
Yeaaaah i agree the presentation was very subpar… the woman couldn’t stop stuttering & kept using filler words that were unnecessary. Seemed unprepared lol
god bless JOE Biden
old and mostly useless pen vectors..
Let the man be the lecturer. He knows how to do presentations unlike the women AA yes AA MM.
is all old info. I already gave a talk on this for small project in my linux class... 😂😂😂 of course theirs some biden politics thrown in. College is patheitic nowadays.😅😅😅
They didn't throw any politics in. They were just using Biden as an example that even high status individuals are susceptible to being hacked. But whoa, just the mention of the word "Biden" triggered you. Relax snowflake. No one is victimizing you.
after this video ends your doom begins mrs. tennerman
It's illegal really?
in America it's illegal to use monitor mode on i think half of the wifi channels. LOL.
ironically, you're not even allowed to use Encryption on HAM bands using digital modes until you get into the microwave RF region, yet.... it's perfectly legal for a DMR radio to use encryption on HAM bands.
Legal is a very loose term i think....
I can't watch it unless you edit out ALL of the parts were the people say "ERRRMMMM" and "ARRRMMMM" every other word. It makes it incredibly difficult to listen to someone that does not know what they are trying to say as it suggests they don't know the subject or content of the talk. If you watch other security experts like Naomi Brockwell, she speaks fluently and concisely getting straight to the point.
Even Ed Snowden does this, he makes various noises to stop people interrupting him or he will forget what he is saying. There is no need, it's your talk, so talk !
I am sure the content is really interesting, but the talk needs a bit of an edit to make it watchable.
If that literally prohibits you from watching the video, you might want to get checked for some sort of neurodivergence. Something so minor negatively affecting your life to a degree that you can't do certain things anymore would worry me.
I know how to use all of these tools in the perfect way
How?
@@robyee3325Studying and practicing a lot.
lamo 2 weeks to crack wep!? has bro ever heard of cowpatty...?
🫶🏻Prishtina for President 🇦🇱🫡
Really good general info. Appreciate the clear audio as well
It's a talk that's *") YEARS OUT OF DATE* - hardly anything current. A talk about how WEP encryption on WiFi worked in 2003? You can do much better than going through old talks and articles and reading them out again.
Rogue Access Points and the useless Pineapple device are of no concern to anyone, they are just bought by people that think they can steal info. The techniques have not worked for years. Why not do a proper technical presentation on why the standard for WPA/WPA2 and WPA3 never implemented the security protocols that would have stopped attackers using de-authentication techniques? Try giving a live demo on a de-auth of WPA2 and then guessing the password - you would be there for years.
Sites all use HTTPS now and you never mentioned captive portals or stripping anything to get certificate info.
Using Kali is quite funny too.
no it's not
@@amyn86 can you provide some better info if this is not good?