Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Title Page
Copyright Page
Dedication
Contents
Foreword
Acknowledgments
Introduction
Part I Hacking 802.11 Wireless Technology
CASE STUDY: Twelve Volt Hero
1 Introduction to 802.11 Hacking
802.11 in a Nutshell
The Basics
Addressing in 802.11 Packets
802.11 Security Primer
Discovery Basics
Hardware and Drivers
A Note on the Linux Kernel
Chipsets and Linux Drivers
Modern Chipsets and Drivers
Cards
Antennas
Cellular Data Cards
GPS
Summary
2 Scanning and Enumerating 802.11 Networks
Choosing an Operating System
Windows
OS X
Linux
Windows Discovery Tools
Vistumbler
Windows Sniffing/Injection Tools
NDIS 6.0 Monitor Mode Support (NetMon/MessageAnalyzer)
AirPcap
CommView for WiFi
OS X Discovery Tools
KisMAC
Linux Discovery Tools
airodump-ng
Kismet
Advanced Visualization Techniques (PPI)
Visualizing PPI-Tagged Kismet Data
PPI-Based Triangulation (Servo-Bot)
Summary
3 Attacking 802.11 Wireless Networks
Basic Types of Attacks
Security Through Obscurity
Defeating WEP
WEP Key Recovery Attacks
Putting It All Together with Wifite
Installing Wifite on a WiFi Pineapple
Summary
4 Attacking WPA-Protected 802.11 Networks
Obtaining the Four-Way Handshake
Cracking with Cryptographic Acceleration
Breaking Authentication: WPA Enterprise
Obtaining the EAP Handshake
EAP-MD5
EAP-GTC
LEAP
EAP-FAST
EAP-TLS
PEAP and EAP-TTLS
Running a Malicious RADIUS Server
Summary
5 Attacking 802.11 Wireless Clients
browser_autopwn: A Poor Man’s Exploit Server
Using Metasploit browser_autopwn
Getting Started with I-love-my-neighbors
Creating the AP
Assigning an IP Address
Setting Up the Routes
Redirecting HTTP Traffic
Serving HTTP Content with Squid
Attacking Clients While Attached to an AP
Associating to the Network
ARP Spoofing
Direct Client Injection Techniques
Summary
6 Taking It All the Way: Bridging the Air-Gap from Windows 8
Preparing for the Attack
Exploiting Hotspot Environments
Controlling the Client
Local Wireless Reconnaissance
Remote Wireless Reconnaissance
Windows Monitor Mode
Microsoft NetMon
Target Wireless Network Attack
Summary
Part II Bluetooth
CASE STUDY: You Can Still Hack What You Can’t See
7 Bluetooth Classic Scanning and Reconnaissance
Bluetooth Classic Technical Overview
Device Discovery
Protocol Overview
Bluetooth Profiles
Encryption and Authentication
Preparing for an Attack
Selecting a Bluetooth Classic Attack Device
Reconnaissance
Active Device Discovery
Passive Device Discovery
Hybrid Discovery
Passive Traffic Analysis
Service Enumeration
Summary
8 Bluetooth Low Energy Scanning and Reconnaissance
Bluetooth Low Energy Technical Overview
Physical Layer Behavior
Operating Modes and Connection Establishment
Frame Configuration
Bluetooth Profiles
Bluetooth Low Energy Security Controls
Scanning and Reconnaissance
Summary
9 Bluetooth Eavesdropping
Bluetooth Classic Eavesdropping
Open Source Bluetooth Classic Sniffing
Commercial Bluetooth Classic Sniffing
Bluetooth Low Energy Eavesdropping
Bluetooth Low Energy Connection Following
Bluetooth Low Energy Promiscuous Mode Following
Exploiting Bluetooth Networks Through Eavesdropping Attacks
Summary
10 Attacking and Exploiting Bluetooth
Bluetooth PIN Attacks
Bluetooth Classic PIN Attacks
Bluetooth Low Energy PIN Attacks
Practical Pairing Cracking
Device Identity Manipulation
Bluetooth Service and Device Class
Abusing Bluetooth Profiles
Testing Connection Access
Unauthorized PAN Access
File Transfer Attacks
Attacking Apple iBeacon
iBeacon Deployment Example
Summary
Part III More Ubiquitous Wireless
CASE STUDY: Failure Is Not an Option
11 Software-Defined Radios
SDR Architecture
Choosing a Software Defined Radio
RTL-SDR: Entry-Level Software-Defined Radio
HackRF: Versatile Software-Defined Radio
Getting Started with SDRs
Setting Up Shop on Windows
Setting Up Shop on Linux
SDR# and gqrx: Scanning the Radio Spectrum
Digital Signal Processing Crash Course
Rudimentary Communication
Rudimentary (Wireless) Communication
POCSAG
Information as Sound
Picking Your Target
Finding and Capturing an RF Transmission
Blind Attempts at Replay Attacks
So What?
Summary
12 Hacking Cellular Networks
Fundamentals of Cellular Communication
Cellular Network RF Frequencies
Standards
2G Network Security
GSM Network Model
GSM Authentication
GSM Encryption
GSM Attacks
GSM Eavesdropping
GSM A5/1 Key Recovery
GSM IMSI Catcher
Femtocell Attacks
4G/LTE Security
LTE Network Model
LTE Authentication
LTE Encryption
Null Algorithm
Encryption Algorithms
Platform Security
Summary
13 Hacking ZigBee
ZigBee Introduction
ZigBee’s Place as a Wireless Standard
ZigBee Deployments
ZigBee History and Evolution
ZigBee Layers
ZigBee Profiles
ZigBee Security
Rules in the Design of ZigBee Security
ZigBee Encryption
ZigBee Authenticity
ZigBee Authentication
ZigBee Attacks
Introduction to KillerBee
Network Discovery
Eavesdropping Attacks
Replay Attacks
Encryption Attacks
Packet Forging Attacks
Attack Walkthrough
Network Discovery and Location
Analyzing the ZigBee Hardware
RAM Data Analysis
Summary
14 Hacking Z-Wave Smart Homes
Z-Wave Introduction
Z-Wave Layers
Z-Wave Security
Z-Wave Attacks
Eavesdropping Attacks
Z-Wave Injection Attacks
Summary
Index
← Prev
Back
Next →
← Prev
Back
Next →