6 posts tagged with "wifi"

Association in the 802.11/ WiFi World comes in the "loose" variety of the term, and why Hostapd disconnect events are confusing...

As a quick recap: when a station connects to an Access Point, it goes through a series of request/reply interactions. Several frames are in play including Probes, Authentication, Association, and finally Data frames with EAPOL. The EAPOL payloads perform all the fun cryptography with the passphrase for WPA2, WPA3, and 802.1X Authentication mechanisms.

Rust is taking off in the Linux Kernel and improved support and features make it possible to develop drivers with Rust.

Midnight Sun Qualifiers 2024​

Over the weekend a ctf team I help with, HackingForSoju, hosted the Midnight Sun CTF Qualifiers. The finals will take place in Stockholm, Sweden on June 14-16.

I put together a challenge around WPA3's Password Authenticated Key Exchange: Dragonfly

WPA3 has quite a few notes during our our wifi training where we discuss the background to the protocol, because it was so very worrisome from the start.

CVE-2024-28084 Patched in Inet Wireless Daemon 2.16​

While preparing some wifi security training, we found a double free vulnerability affecting APs and Stations running iwd. This issue was reported and patched with fixes available starting in version 2.16.

The I Soon Dump​

"The documents come from iSoon, also known as Auxun, a Chinese firm headquartered in Shanghai that sells third-party hacking and data-gathering services to Chinese government bureaus, security groups and state-owned enterprises. "

The Washington Post writes that "The documents show that iSoon met and worked with members of APT41, a Chinese hacking group that was charged by the U.S. Justice Department in 2020 for targeting more than 100 video game firms, universities and other victims worldwide."

Nzyme lets people monitor their wifi networks with sensors that collect wifi data (as well as network traffic).

It can detect common wifi attack tools and tactics like deauths for getting WPA2 handshakes to crack, rogue APs, and more.

We've put together a plugin that can run alongside the SPR AP without affecting the channels, by creating a monitor interface. While this won't be able to detect Rogue APs, it can detect some anomalous activity.

The plugin is available at https://github.com/spr-networks/spr-nzyme-tap/