- Library Site
- » Hacking exposed wireless: wireless security secrets and solutions
Hacking exposed wireless: wireless security secrets and solutions
Author
Publisher
McGraw-Hill Education
Publication Date
[2015]
Edition
Third edition.
Language
English
Description
Loading Description...
More Details
Contributors
Cache, Johnny author
ISBN
9780071827621
Table of Contents
From the eBook - Third edition.
Foreword
Acknowledgments
Introduction
Part 1: Hacking 802-11 Wireless Technology:
Case Study: Twelve volt hero
Introduction to 802-11 hacking:
802-11 In A Nutshell:
Basics
Addressing in 802-11 packets
802-11 security primer
Discovery basics
Hardware And Drivers:
Note on the Linux Kernel
Chipsets and Linux Drivers
Modern chipsets and drivers
Cards
Antennas
Cellular data cards
GPS
Summary
Scanning And Enumerating 802-11 Networks:
Choosing An Operating System:
Windows
OS X
Linux
Windows Discovery Tools:
Vistumbler
Windows Sniffing/Injection Tools:
NDIS 6-0 Monitor Mode Support (NetMon/MessageAnalyzer)
AirPcap
CommView for WiFi
OS X Discovery Tools:
KisMAC
Linux Discovery Tools:
airodump-ng
Kismet
Advanced Visualization Techniques (PPI):
Visualizing PPI-tagged Kismet data
PPI-Based Triangulation (Servo-Bot)
Summary
Attacking 802-11 Wireless Networks:
Basic types of attacks
Security through obscurity
Defeating WEP:
WEP key recovery attacks
Putting It All Together With Wifite:
Installing Wifite on a WiFi pineapple
Summary
Attacking WPA-Protected 802-11 Networks:
Obtaining the four-way handshake
Cracking with cryptographic acceleration
Breaking Authentication: WPA Enterprise:
Obtaining the EAP handshake
EAP-MD5
EAP-GTC LEAP
EAP-FAST
EAP-TLS
PEAP and EAP-TTLS
Running a malicious RADIUS server
Summary
Attacking 802-11 Wireless Clients:
browser_autopwn: A Poor Man's Exploit Server:
Using metasploit browser_autopwn
Getting Started With I-Love-My-Neighbors:
Creating the AP
Assigning an IP address
Setting up the routes
Redirecting HTTP traffic
Serving HTTP content with squid
Attacking Clients While Attached To AN AP:
Associating to the network
ARP spoofing
Direct client injection techniques
Summary
Taking It All The Way: Bridging The Air-Gap From Windows 8:
Preparing For The Attack:
Exploiting hotspot environments
Controlling the client
Local wireless reconnaissance
Remote Wireless Reconnaissance:
Windows monitor mode
Microsoft NetMon
Target wireless network attack
Summary
Part 2: Bluetooth:
Case Study: You can still hack what you can't see
Bluetooth classic scanning and reconnaissance
Bluetooth Classic Technical Overview:
Device discovery
Protocol overview
Bluetooth profiles
Encryption and authentication
Preparing For An Attack:
Selecting a Bluetooth classic attack device
Reconnaissance:
Active device discovery
Passive device discovery
Hybrid discovery
Passive traffic analysis
Service enumeration
Summary
Bluetooth Low Energy Scanning And Reconnaissance:
Bluetooth Low Energy Technical Overview:
Physical layer behavior
Operating modes and connection establishment
Frame configuration
Bluetooth profile
Bluetooth low energy security controls
Scanning and reconnaissance
Summary
Bluetooth Eavesdropping:
Bluetooth Classic Eavesdropping:
Open source Bluetooth classic sniffing
Commercial Bluetooth classic sniffing
Bluetooth Low Energy Eavesdropping:
Bluetooth low energy connection following
Bluetooth low energy promiscuous mode following
Exploiting Bluetooth networks through eavesdropping attacks
Summary
Attacking And Exploiting Bluetooth:
Bluetooth PIN Attacks:
Bluetooth classic PIN attacks
Bluetooth low energy PIN attacks
Practical pairing cracking
Device Identity Manipulation:
Bluetooth service and device class
Abusing Bluetooth Profiles:
Testing connection access
Unauthorized PAN access
File transfer attacks
Attacking Apple iBeacon:
iBeacon deployment example
Summary
Part 3: More Ubiquitous Wireless:
Case Study: Failure is not an option
Software-Defined Radios:
SDR architecture
Choosing A Software Defined Radio:
RTL-SDR: entry-le
vel software-defined radio
HackRF: versatile software- defined radio
Getting Stared With SDRs:
Setting up shop on windows
Setting up shop on Linux
SDR# and gqrx: scanning the radio spectrum
Digital Signal Processing Crash Course:
Rudimentary communication
Rudimentary (wireless) communication
POCSAG
Information as sound
Picking your target
Finding and capturing an RF transmission
Blind attempts at replay attacks
So what?
Summary
Hacking Cellular Networks:
Fundamentals Of Cellular Communication:
Cellular network RF frequencies
Standards
2G Network Security:
GSM network model
GSM authentication
GSM encryption
GSM attacks
GSM eavesdropping
GSM A5/1 key recovery
GSM IMSI catcher
Femtocell attacks
4G/LET Security:
LTE network model
LTE authentication
LTE encryption
Null algorithm
Encryption algorithms
Platform security
Summary
Hacking ZigBee:
ZigBee Introduction:
ZigBee's place as a wireless standard
ZigBee deployments
ZigBee history and evolution
ZigBee layers
ZigBee profiles
ZigBee Security:
Rules in the design of ZigBee security
ZigBee encryption
ZigBee authenticity
ZigBee authentication
ZigBee Attacks:
Introduction to KillerBee
Network discovery
Eavesdropping attacks
Replay attacks
Encryption attacks
Packet forging attacks
Attack Walkthrough:
Network discovery and location
Analyzing the ZigBee hardware
RAM data analysis
Summary
Hacking Z-Wave Smart Homes:
Z-Wave Introduction:
Z-Wave layers
Z-Wave security
Z-Wave Attacks:
Eavesdropping attacks
Z-Wave injection attacks
Summary
Index.
Excerpt
Loading Excerpt...
Author Notes
Loading Author Notes...
Reviews from GoodReads
Loading GoodReads Reviews.