A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Love is in the Air - DFIR and IDS for WiFi Networks - Lennart Koopmann Derbycon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Love is in the Air - DFIR and IDS for WiFi Networks
Lennart Koopmann
Derbycon 2017

Every company uses wireless networks in some way and asking for the WiFi password, simply expecting a wireless network to be present, is the new normal. We are constantly surrounded by dozens of devices, constantly blasting out wireless packets that are not only full of interesting information but also unencrypted. The WiFi attack vector has been identified a long time ago and the famous Wifi Pineapple devices make it possible to exploit issues with the 802.11 WiFi standard even without strong wireless expertise. To make things worse, access point logs are rarely centralized and even if they are, they don't contain information that could let you spot an attack early. This talk explains important parts of the 802.11 standard, how it can be exploited and how to collect wireless frames using my Open Source tool "nzyme". Nzyme collects important 802.11 frames and sends them into the Open Source log management tool Graylog. We will demo a Graylog filled with 802.11 frames and show IDS and DFIR use-cases like spotting rogue access points or certain attack patterns. [DerbyCon team: I am not intending to focus this too much on Graylog. I want to avoid making this a vendor talk and will clearly mention that you can also send the data into Splunk or an Elastic Stack if you want to, but will show Graylog because that's the tool I'm obviously most familiar with. I will focus on 802.11 and how to use the data. Not what tool the data is in. Used my graylog.com email address because I check that one regularly :)]

Lennart has a software engineering and architecture background and started the Open Source Graylog project in 2009.


Back to Derbycon 2017 video list

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast