HAKIN9 EXTRA 7/11

Creating Rouge Access Point
by Rishabh Mehta
A big issue a few years back had to do with dial-related fraud in Russia. Basically, usernames and passwords to dial accounts were being bought and sold on the black market and the owners of the stolen credentials were being hit with enormous usage charges. In actuality, this still takes place. With the onset of Public Wi-Fi locations, the threat of fraud and misuse has also moved to the stealing of wireless subscription credentials.

WPA2-CCMP known plain text attack
by Domonkos Pal Tomcsanyi
There hasn’t been much up in the field of WiFi security lately because WPA/WPA2 combined with a strong password is truly secure; even nowadays when people use GPUs to accelerate password cracking it is
almost impossible to crack an arbitrary random WPA/WPA2 password that contains numbers, letters and capitals in a reasonable timeframe. Or is it though? Is it really impossible? Well it still needs a huge amount of resources (processing power), but might be possible. But how? And what is the WPA2-CCMP known plaintext attack about? Let’s dig a little bit into WPA2, and figure it out!

Wireless Standards And Practices
by Richard C. Batka
Wireless networking has fundamentally changed enterprise networking. End point devices are no longer tethered to cables. The speed and distance between a wireless networking interface card and access point is constantly increasing. To really understand wireless you need to take a closer look at the 802.11 standard. Deep dive into this document and you will see that standards are defined for frame types that wireless network interface cards and access points use to send data back and forth as well as manage the wireless link..

Facebook Forensics
by Kelvin Wong, Anthony C.T. Lai,
Jason C. K. Yeung, W. L. Lee, P. H. Chan
Facebook is a well-known social networking application and connect people all over the world. We have carried out various test activities in Facebook and identified footprints and evidence could be extracted
from memory, browser cache and other spaces; In addition, we have tested it with various technology platforms to provide more detailed and comprehensive forensics analysis.

Short URL
by Yaser Alosefer
We all know the story of the Trojan Horse, where the Greeks built it to enter the city of Troy. It was an unimaginable trick used to enter Troy after a 10 year siege. In the computer world, hackers use similar tricks to fool the end-users into running their malware. The end-users won’t run an application if they knew that it is malicious software and therefore the attackers use different tricks to fool the end-users. They use the Trojan horse method, where they attach their malware with a benign one. Therefore, when the user installs the benign application it means he will install the malicious one as well.

Managed Code Rootkits
by Erez Metula
Influencing source code is not a new idea. Injecting malicious code secretly by the compiler or the IDE was introduced a while ago. Using managed code rootkits (MCRs), we can take this kind of attack a bit further, by changing the actual meaning of the compiled code after it was created. As such, no changes occur at the compile-level executable code. The executable stays the same, as opposed to the other attacks that targeted the compiled executable only containing the injected code.