WifiHax - Making Networks Excellent
  • Blog
  • Contact

KRACK - WPA2 Vulnerability

17/10/2017

Comments

 
Here are some resources I've collated relating to the recent WPA2 Wi-Fi vulnerability.

I would highly recommend following Mathy Vanhoef (aka @vanhoefm on Twitter) who has now been thrust in to the lime-light after being instrumental in the discovery of this vulnerability.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

https://www.kb.cert.org/vuls/id/228519

https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365

http://hpe.to/60158AqFZ

https://www.krackattacks.com/
Written by Matt Sutherland
Comments

ClearPass & Active Directory: Disabled User Accounts

22/2/2017

Comments

 
Picture
Today we're testing Aruba ClearPass Policy Manager to show that a disabled user in Active Directory will not be successfully authenticated when connecting to a WLAN using 802.1X

Picture
​In ClearPass it is very easy to follow and deep-dive into the information of all access request attempts using the Access Tracker. Access Tracker can be accessed from Monitoring —> Live Monitoring in the left hand navigation menu. Access Tracker has a wealth of information which can be viewed in multiple ways and is so important to a ClearPass administrator that it deserves its very own browser tab when you are making changes to and testing new configuration in ClearPass.

Here in Access Tracker we can see an access event where user “matt" requests and is granted access with a resulting enforcement profile of [Allow Access Profile]. You can see the Authentication method is EAP-PEA with EAP-MSCHAPv2 which is common in a Windows Domain, the authentication source is the AD to which the ClearPass server has been joined. The Authorisation source is "WFHX AD” which is the same domain but it has been setup in such a way that ClearPass can access attributes of domain accounts (both computer and user).
Picture
Picture
Here is another access event showing the same user “matt” requesting access but being denied. The domain account for “matt” was disabled. You can see the authentication source is AD but the Authorisation source is not used this time as the process does not progress beyond the rejected authentication attempt.

Matt Sutherland
Written by Matt Sutherland

Comments

Zero-Day Exploits in Apple iOS - Found & Patched

29/8/2016

Comments

 
It's time to upgrade your Apple mobile devices. Quickly, go and do it now and come back to read why afterwards.

If you are not running Apple iOS 9.3.5 or later on your iPhone, iPod or iPad you should want to add an upgrade to your to do list in the very near future.

Apple work very hard to build security in to their mobile operating system. That's why when the Cupertino giant released iOS 9.3.5 in August 2016 to fix not one but three zero-day vulnerabilities the tech-news feeds went haywire. If you missed it let us know in the comments below. iOS 9.3.5 was released only a matter of weeks after 9.3.4 as Apple's security team worked quickly to plug the holes which were found in the wild only 10 days before thanks to the quick thinking of a likely target of the exploits from the United Arab Emirates.
Picture
The security vulnerability researchers involved (from Citizen Lab and Lookout) suspect the vulnerabilities may have been known to the initial finders as far back as iOS 7 (2013). Citizen Lab have called out Israeli company NSO Group as the developers of Pegasus which is thought to be the name of the software within which the exploits can be launched.

While it may seem unlikely that you would become a target of such an underground and probably extraordinarily expensive hacking tool, unless you have ties to government, extreme wealth or a multinational company with high value intellectual property, now that the vulnerabilities have been announced they are more likely to be researched widely by a larger security research base, including organisations who profit from crime. The fact is that these are zero-day vulnerabilities which by definition were unknown (other than by presumably the NSO Group, and their clients) and un-patched until now.

In the case of the UAE target the story goes that social engineering or phishing attempt was made through a message to his or her mobile phone. The unknown sender left the recipient suspicious so they passed it on to Citizen Lab to investigate. Had they unwittingly followed the link they would have opened a pathway to all the data and communication from their phone to be viewed by an unknown party. This includes communciation from applications such as WeChat, Facebook Messenger, Skype, WhatsApp, Viber, Gmail, Apple's iMessage and more.

The rest is history, yet we now live in a world where this is the future. Cyber crime and espionage is the new norm - with governments and criminals playing the same game. Of course money and power are at the centre of it all...

In 2015 a privately held cyber-security research company Zerodium offered to pay $1 million for information about a Zero Day Bug in Apple's iOS 9. The reason Zerodium is forking out so much for information on these bugs is because it then on-sells that information, including "protective measures and security recommendations, to its clients". The clients are touted as Government and Corporate, yet only a "limited number of organisations" will have access to the solutions and capabilities - which likely drives up the price due to exclusivity. 
Picture
So, it's time to patch your devices and stay alert. If you manage a network or part of a networks infrastructure may this also be a timely reminder to check through your security best practices and policies, change default settings and always read the release notes of the software upgrades and fixes for your hardware.

Have you updated yet?
Comments

    WifiHax

    We build and optimise networks. Continuous learning is our secret to being good. Along the learning journey we will share things here...

    Archives

    June 2020
    December 2019
    September 2019
    August 2019
    July 2019
    April 2019
    November 2018
    October 2018
    September 2018
    January 2018
    October 2017
    September 2017
    August 2017
    June 2017
    April 2017
    February 2017
    November 2016
    September 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015

    Categories

    All
    802.1X
    ACMA
    AirDrop
    API
    Apple
    ARPANSA
    Aruba
    Audit
    Bluetooth
    Capture
    CECV
    ClearPass
    Client
    Conference
    Design
    DNS
    Ekahau
    Exploit
    Frequency
    Health
    IEEE
    Internet
    IoT
    LiFi
    Packets
    Python
    Scripting
    Security
    Spectrum
    Survey
    Switch
    Tools
    Troubleshoot
    VIC
    Vulnerability
    WiFi
    Wireshark
    Zero Day

    RSS Feed

 
​Contact



© COPYRIGHT 2019. ALL RIGHTS RESERVED.

+61 3 9005 2219
proberequest@wifihax.com
  • Blog
  • Contact