|Bluetooth Low Energy Hacking Preview.pdf|
Welcome to the new edition of Hakin9, dedicated to wireless hacking and security. We would like to come back to this topic after not touching it for a while, and present new tutorials and approaches.
We start with Bluetooth Low Energy Hacking. Jitendra Kumar has written a hands-on tutorial where he demonstrates the most common attacks and vulnerabilities. It’s a must read position in this edition. For those of you that are looking for an information about the best bug bounty software, bug hunter Faiz Ahmed Zaidi, prepared an article about his favorite tool: Vega. With his quick tutorial you will learn how to find a vulnerability on the website and start your career as bug bounty hunter.
Mahmoud Abdelmonem recently passed the Offensive Security Wireless Attacks exam and decided to share his experience with us. If you are thinking about pursuing this certificate then Mahmoud review is a perfect start.
To change the pace and learn more information about protecting your network, we recommend checking out the article by John Busso, about a defense-in-depth strategy to protect you and your corporate assets, and reduce risk. After that we are back to the offensive approach, with Ravi Prakash Shukla’s guidance you will learn all about NFC, including what it is and how to exploit it.
Ever wondered how to hack a captive portal? Now you can stop, because our returning author and amazing betatester Robert Fling has written a step by step guide that will help you understand this topic!
Mohammad Fouda, an very experienced network security specialist, chose his favourite tools and wrote a guide for each of them. Now is your chance to hack the Wi-Fi with proper software.
If you have problems with understanding WPA/WPA2 or WPA3, Moises Rogerio Fernandes in his article “The evolution of Wi-Fi protected access” will explain all the important parts of those protocols.
Next we have a piece on Fluxion – many of you know about it, but Jan Kopia decided to show the full capabilities of this tool. The first part of this article gives an overview of development of Wi-Fi Security including its current state of development. In the second part, a practical introduction to hack into a wireless network using Fluxion will be demonstrated.
“Industrial cyber security crowdsourcing” is an interesting article that’s a little different from the others. Sergey Gordeychik and Maxim Rupp in their article review recent community-driven activities in industrial control systems cybersecurity.
We hope you will enjoy all of it.We would also like to thank you for all your support. We appreciate it a lot. If you like this publication, you can share it and tell your friends about it! Every comment means a lot to us.
Enjoy your reading,
TABLE OF CONTENTS
Bluetooth LE Hacking
Understanding Bluetooth LE communication and demonstrating Man-in-The-Middle attack on Bluetooth LE devices
by Jitendra Kumar
Bluetooth Low Energy, also known as BLE, Bluetooth LE, or Bluetooth Smart, is a wireless technology designed to reduce power consumption and cost. Bluetooth LE can operate on a single coin battery for months to years depending on usage. Bluetooth LE is more focused on healthcare, fitness, security and home entertainment industries.
Vulnerability assessment with Vega
by Faiz Ahmed Zaidi
I will discuss Vega. How it can help you to find bugs with it, how you can use Vega scanner, socks proxy, etc. Vega can help you find vulnerabilities such as: reflected cross-site scripting, stored cross-site scripting, blind SQL injection, remote file includes, shell injection, and others. Vega also probes for TLS/SSL security settings and identifies opportunities for improving the security of your TLS servers.
Passing offensive security wireless professional certificate (OSWP)
by Mahmoud Abdelmonem
“Offensive Security Wireless Attacks (WiFu) is an online penetration testing training course which teaches you the skills needed to audit and secure today’s wireless devices. In this course, students will learn to identify existing vulnerabilities in wireless networks and execute organized attacks in a controlled and focused manner.”
Protecting your WLAN
by John Busso
In this article, we will educate the reader about a defense-in-depth strategy to protect you and your corporate assets and reduce risk. The article approaches each security measure in relation to the OSI (Open System Interconnect) model. Use the steps below, as appropriate, to enhance the security of your company’s wireless network.
Near Field Communication (NFC) Vulnerability
by Ravi Prakash Shukla
Near Field Communication is a wireless technology similar in principle to radio transmission, which requires no contact between the two parties communicating. It’s broadly related to networking protocols like Wi-Fi and Bluetooth, but operates at very low speeds (13.56 MHz on ISO/IEC 18000-3 air interface at rates ranging from 106 to 424 kbit/s) and over very short distances (ideally 4 centimetres = 1.5748 inches). The NFC standard governs the exchange of data between two closely positioned devices – and this communication may be used to complete payment transactions or user identification.
How To Get Free Hotel, Airplane or Coffee Shop WiFi AKA- How To Hack A Captive Portal
by Robert Fling
Have you ever been asked to enter your email address to access WiFi somewhere? This happens quite frequently. In the absence of having to enter a password to access WiFi, many companies are asking for your email address or an email address and a password or some combination (room number of hotel, etc.). This is called a captive portal. Why do they do this? Many reasons, however, the two most common are that they allow easy access for customers without having to post a password somewhere or having employees to constantly give out the password to the wireless network. In addition, a company can now grow a list of email addresses to market to you in the future. Fortunately, for the technically inclined, these captive portals are rather easy to bypass.
Wireless Hacking Tools
by Mohammad Fouda
Wireless networks nowadays are everywhere and we live in an era where the security of our establishments is very important, as any flaw could allow an attacker inside our network making several undesirable actions leading to critical outcomes. So, there are lots of companies who would like to have an assessment of their wireless networks configuration and strength.
The evolution of Wi-Fi Protected Access
by Moisés Rogério Fernandes
So far, we have a billion devices that have been using the WPA2 protocol, including domestic routers and smartphones. However, how can we know this kind of protocol is not 100% unbreakable? If some hacker has been persistent and has some knowledge, this can be broken easily. Nowadays, it’s possible to capture the handshake for the WPA2 protocol, and after that, the password can be cracked offline. It is possible to do this using dictionary or Brute Force attack, and to make this process more agile, you could use a graphics card, like NVIDIA, or some database tables. To understand how the Wi-Fi process works, I will explain some concepts.
Hacking WPA2-protected Wi-Fi networks with Fluxion
by Jan Kopia
The first part of this article gives an overview of development of Wi-Fi Security including its current state of development. In the second part, a practical introduction to hack into a wireless network using Fluxion will be demonstrated. The application uses known programs, such as Aircrack-ng, etc., to hack into WLAN networks using both a technical based approach and a social engineering approach.
Industrial cyber security crowdsourcing
by Sergey Gordeychik & Maxim Rupp
Industrial control system cybersecurity projects are normally associated with closed projects performed for a specific customer with expensive tools and equipment. As a result, this complicates adoption of community-driven and crowdsourcing practices. However, there are several successful projects in this area in recent years. This article will review recent community-driven activities in industrial control systems cybersecurity.