User Tools

Site Tools


links

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
links [2017/06/15 17:22] – [Technique Papers] Encrypted WiFi packet injection and circumventing wireless intrusion prevention systems mister_xlinks [2017/11/01 22:55] – [Additional Papers] Key Reinstallation AttACK mister_x
Line 38: Line 38:
   * [[http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=WPA_MIGRATION_MODE|WPA Migration mode: WEP is back to haunt you...]] by Leandro Meiners and Diego Sor. Migration mode, from Cisco, allows both WEP and WPA clients on the same AP. Besides the fact that the WEP key can be cracked easily, they also bypass the additional security settings offered by Cisco. Here is the [[http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=publication&page=WPA_MIGRATION_MODE&file=Meiners%2C_Sor_-_WPA_Migration_Mode_WEP_is_back_to_haunt_you_-_slides.pdf|slides of the presentation]] and the [[http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=publication&page=WPA_MIGRATION_MODE&file=Meiners%2C_Sor_-_WPA_Migration_Mode_WEP_is_back_to_haunt_you.pdf|paper]].   * [[http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=WPA_MIGRATION_MODE|WPA Migration mode: WEP is back to haunt you...]] by Leandro Meiners and Diego Sor. Migration mode, from Cisco, allows both WEP and WPA clients on the same AP. Besides the fact that the WEP key can be cracked easily, they also bypass the additional security settings offered by Cisco. Here is the [[http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=publication&page=WPA_MIGRATION_MODE&file=Meiners%2C_Sor_-_WPA_Migration_Mode_WEP_is_back_to_haunt_you_-_slides.pdf|slides of the presentation]] and the [[http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=publication&page=WPA_MIGRATION_MODE&file=Meiners%2C_Sor_-_WPA_Migration_Mode_WEP_is_back_to_haunt_you.pdf|paper]].
   * [[http://infoscience.epfl.ch/record/186876|Smashing WEP in A Passive Attack]] by Sepehrdad, Pouyan; Susil, Petr; Vaudenay, Serge; Vuagnoux, Martin   * [[http://infoscience.epfl.ch/record/186876|Smashing WEP in A Passive Attack]] by Sepehrdad, Pouyan; Susil, Petr; Vaudenay, Serge; Vuagnoux, Martin
-  * [[https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)|Pixie dust attack]] on WPS. Presentation available [[http://archive.hack.lu/2014/Hacklu2014_offline_bruteforce_attack_on_wps.pdf|here]]. And they have a [[http://www.github.com/wiire/pixiewps|GitHub repository]]. 
-  * [[http://www.slideshare.net/vanhoefm/predicting-and-abusing-wpa280211-group-keys|Predicting and Abusing WPA2/802.11 Group Keys]] by Mathy Vanhoef ([[http://papers.mathyvanhoef.com/33c3-broadkey-slides.pdf|PDF]]) 
   * [[http://dl.aircrack-ng.org/wiki-files/doc/Encrypted_WiFi_packet_injection.pdf|Encrypted WiFi packet injection and circumventing wireless intrusion prevention systems]] by Tim de Waal   * [[http://dl.aircrack-ng.org/wiki-files/doc/Encrypted_WiFi_packet_injection.pdf|Encrypted WiFi packet injection and circumventing wireless intrusion prevention systems]] by Tim de Waal
  
Line 51: Line 49:
   * [[http://download.aircrack-ng.org/wiki-files/doc/technique_papers/bittau-wep.pdf|The Final Nail in WEP's Coffin]] by Andrea Bittau, Mark Handley and Josua Lackey, May 21, 2006.  A local copy of the presentation slides is located [[http://download.aircrack-ng.org/wiki-files/doc/Final-Nail-in-WEPs-Coffin.slides.pdf|here]].   * [[http://download.aircrack-ng.org/wiki-files/doc/technique_papers/bittau-wep.pdf|The Final Nail in WEP's Coffin]] by Andrea Bittau, Mark Handley and Josua Lackey, May 21, 2006.  A local copy of the presentation slides is located [[http://download.aircrack-ng.org/wiki-files/doc/Final-Nail-in-WEPs-Coffin.slides.pdf|here]].
   * [[https://www.rc4nomore.com/vanhoef-usenix2015.pdf|All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS]] by Mathy Vanhoef and Frank Piessens, Katholieke Universiteit Leuven. Slides can be found [[https://www.usenix.org/sites/default/files/conference/protected-files/sec15_slides_vanhoef.pdf|here]] and the video of the presentation [[https://www.usenix.org/node/190889|here]].   * [[https://www.rc4nomore.com/vanhoef-usenix2015.pdf|All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS]] by Mathy Vanhoef and Frank Piessens, Katholieke Universiteit Leuven. Slides can be found [[https://www.usenix.org/sites/default/files/conference/protected-files/sec15_slides_vanhoef.pdf|here]] and the video of the presentation [[https://www.usenix.org/node/190889|here]].
 +  * [[https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)|Pixie dust attack]] on WPS. Presentation available [[http://archive.hack.lu/2014/Hacklu2014_offline_bruteforce_attack_on_wps.pdf|here]]. And they have a [[http://www.github.com/wiire/pixiewps|GitHub repository]]. 
 +  * [[http://www.slideshare.net/vanhoefm/predicting-and-abusing-wpa280211-group-keys|Predicting and Abusing WPA2/802.11 Group Keys]] by Mathy Vanhoef ([[http://papers.mathyvanhoef.com/33c3-broadkey-slides.pdf|PDF]] and [[https://github.com/vanhoefm/broadkey|code]]) 
 +  * [[https://www.petsymposium.org/2017/papers/issue4/paper82-2017-4-source.pdf|A Study of MAC Address Randomization in Mobile Devices and When it Fails]] by Jeremy Martin, Travis Mayberry, Collin Donahue, Lucas Foppe, Lamont Brown, Chadwick Riggins, Erik C. Rye, and Dane Brown 
 +  * [[http://papers.mathyvanhoef.com/asiaccs2016.pdf|Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms]], Mathy Vanhoef, C. Matte, M. Cunche, L. S. Cardoso, and F. Piessens 
 +  * [[http://papers.mathyvanhoef.com/wisec2016.pdf|Defeating MAC Address Randomization Through Timing Attacks]], C. Matte, M. Cunche, F. Rousseau, and Mathy Vanhoef 
 +  * [[http://papers.mathyvanhoef.com/phdthesis.pdf|A Security Analysis of the WPA-TKIP and TLS Security Protocols]], Mathy Vanhoef 
 +  * [[https://lirias.kuleuven.be/bitstream/123456789/572634/1/asiaccs2017.pdf|Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing]], Mathy Vanhoef, D. Schepers, and F. Piessens 
 +  * [[http://papers.mathyvanhoef.com/blackhat2017.pdf|WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake]], Mathy Vanhoef 
 +  * [[https://papers.mathyvanhoef.com/ccs2017.pdf|Key Reinstallation AttACK]], Mathy Vanhoef, Frank Piessens ([[https://papers.mathyvanhoef.com/ccs2017-slides.pdf|Slides]])
 ===== 802.11 Specifications ==== ===== 802.11 Specifications ====
  
links.txt · Last modified: 2019/04/14 22:43 by mister_x