![DEF CON 23 [Audio] Speeches from the Hacker Convention - Vivek Ramachandran - Chigula — A framework for Wi-Fi Intrusion Detection and Forensics](https://storage.googleapis.com/goodpods-images-bucket/episode_images/6bbaed09d5f687f3b0f21ae27a78dbd79340d69389c6038ac895f79831f0b8c1.avif)
Vivek Ramachandran - Chigula — A framework for Wi-Fi Intrusion Detection and Forensics
10/22/15 • -1 min
Chigula — a framework for Wi-Fi Intrusion Detection and Forensics
Vivek Ramachandran, Founder, SecurityTube.net and Pentester Academy
Most of Wi-Fi Intrusion Detection & Forensics is done today using million dollar products or spending hours applying filters in Wireshark :) Chigula aims to solve this by providing a comprehensive, extensible and scriptable framework for Wi-Fi intrusion detection and forensics.
A non-exhaustive list of attacks which will be detected using this framework include:
Attack tool detection - Aireplay-NG, Airbase-NG, Mdk3 etc.
Honeypot, Evil Twin and Multipot attacks
Rogue devices
Vulnerable clients based on Probed SSIDs
Hosted network based backdoors
MAC spoofing
Deauthentication attacks
Disassociation attacks
Channel Jamming attacks using duration field
Vivek Ramachandran discovered the Caffe Latte attack, broke WEP Cloaking and publicly demonstrated enterprise Wi-Fi backdoors. He is the author of "Backtrack 5: Wireless Penetration Testing" which has sold over 13,000+ copies worldwide. He is the founder of SecurityTube.net and runs SecurityTube Training & Pentester Academy which has trained professionals from 90 countries. He has spoken/trained at DEF CON, Blackhat USA/Europe/Abu Dhabi, Brucon, Hacktivity etc. conferences.
Twitter: @securitytube
Facebook: https://www.facebook.com/pagesectube
Chigula — a framework for Wi-Fi Intrusion Detection and Forensics
Vivek Ramachandran, Founder, SecurityTube.net and Pentester Academy
Most of Wi-Fi Intrusion Detection & Forensics is done today using million dollar products or spending hours applying filters in Wireshark :) Chigula aims to solve this by providing a comprehensive, extensible and scriptable framework for Wi-Fi intrusion detection and forensics.
A non-exhaustive list of attacks which will be detected using this framework include:
Attack tool detection - Aireplay-NG, Airbase-NG, Mdk3 etc.
Honeypot, Evil Twin and Multipot attacks
Rogue devices
Vulnerable clients based on Probed SSIDs
Hosted network based backdoors
MAC spoofing
Deauthentication attacks
Disassociation attacks
Channel Jamming attacks using duration field
Vivek Ramachandran discovered the Caffe Latte attack, broke WEP Cloaking and publicly demonstrated enterprise Wi-Fi backdoors. He is the author of "Backtrack 5: Wireless Penetration Testing" which has sold over 13,000+ copies worldwide. He is the founder of SecurityTube.net and runs SecurityTube Training & Pentester Academy which has trained professionals from 90 countries. He has spoken/trained at DEF CON, Blackhat USA/Europe/Abu Dhabi, Brucon, Hacktivity etc. conferences.
Twitter: @securitytube
Facebook: https://www.facebook.com/pagesectube
Previous Episode

Aditya K Sood - Dissecting the Design of SCADA Web Human Machine Interfaces (HMIs) - Hunting Vulnerabilities
Dissecting the Design of SCADA Web Human Machine Interfaces (HMIs) - Hunting Vulnerabilities
Aditya K Sood Architect - Threat Research Labs, Elastica inc.
Human Machine Interfaces (HMIs) are the subsets of the Supervisory Control and Data Acquisition (SCADA) systems. HMIs are control panels that provide interfaces for humans to interact with machines and to manage operations of various types of SCADA systems. HMIs have direct access to SCADA databases including critical software programs. The majority of SCADA systems have web-based HMIs that allow the humans to control the SCADA operations remotely through Internet. This talk unveils various flavors of undisclosed vulnerabilities in web-based SCADA HMIs including but not limited to remote or local file inclusions, insecure authentication through clients, weak password hashing mechanisms, firmware discrepancies, hardcoded credentials, insecure web-services, weak cryptographic design, cross-site request forgery, and many others. This talk digs deeper into the design models of various SCADA systems to highlight security deficiencies in the existing SCADA HMI deployments. The research is driven with a motivation to secure SCADA devices and to build more intelligent solutions by hunting vulnerabilities in SCADA HMIs. The vulnerabilities presented in this talk are completely undisclosed and will be revealed for the first time with live demonstrations.
Aditya K Sood (Ph.D) is a senior security researcher and consultant. Dr. Sood has research interests in malware automation and analysis, application security, secure software design and cybercrime. He has worked on a number of projects pertaining to penetration testing specializing in product/appliance security, networks, mobile and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He is also a founder of SecNiche Security Labs, an independent web portal for sharing research with security community. He has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, Usenix and others. His work has been featured in several media outlets including Associated Press, Fox News, Guardian, Business Insider, CBC and others. He has been an active speaker at industry conferences and presented at BlackHat, DEF CON, HackInTheBox, RSA, Virus Bulletin, OWASP and many others. Dr. Sood obtained his Ph.D from Michigan State University in Computer Sciences. Dr. Sood is also an author of "Targeted Cyber Attacks" book published by Syngress.
Company Website: http://www.elastica.net
Personal website: http://adityaksood.secniche.org
Twitter: @AdityaKSood
Next Episode

Nir Valtman & Moshe Ferber - From 0 To Secure In 1 Minute — Securing IAAS
Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Nir-Valtman-Moshe-Ferber-From-zero-to-secure-in-1-minute-UPDATED.pdf
From 0 To Secure In 1 Minute — Securing IAAS
Nir Valtman CISO – Retail, NCR
Moshe Ferber Co-chairman of the board, Cloud Security Alliance Israel
Recent hacks to IaaS platforms reveled that we need to master the attack vectors used: Automation and API attack vector, insecure instances and management dashboard with wide capabilities. Those attack vectors are not unique to Cloud Computing but there are magnified due to the cloud characteristics. The fact is that IaaS instance lifecycle is accelerating, nowadays we can find servers that are installed, launched, process data and terminate - all within a range of minutes. This new accelerated lifecycle makes traditional security processes such as periodic patches, vulnerability scanning, hardening, and forensics impossible. In this accelerated lifecycle, there are no maintenance windows for patches or ability to mitigate vulnerability, so the security infrastructure must adapt to new methods. In this new thinking, we require automation of instance security configuration, hardening, monitoring, and termination. Because there are no maintenance windows, Servers must be patched before they boot up, security configuration and hardening procedures should be integrated with server installation and vulnerability scanning and mitigation processes should be automatic.
In the presentation, we plan to announce the full version of a new open source tool called "Cloudefigo" and explain how it enables accelerated security lifecycle. We demonstrate how to launch a pre-configured, already patched instance into an encrypted storage environment automatically while evaluating their security and mitigating them automatically if a vulnerability is found. In the live demo, we leverage Amazon Web Services EC2 Cloud-Init scripts and object storage for provisioning automated security configuration, integrating encryption, including secure encryption key repositories for secure server's communication. The result of those techniques is cloud servers that are resilient, automatically configured, with the reduced attack surface.
Nir is employed at NCR Corporation as the CISO of NCR Retail. Before the acquisition of Retalix by NCR, he was Chief Security Officer of R&D at the company. As part of his previous positions in the last decade, he worked as Chief Security Architect, Senior Technology Consultant, Application Security Consultant, Systems Infrastructure Security Consultant, and a Technological Trainer. While in these positions, Nir was not only consulting, but also performing hands-on activities in various fields, i.e. hardening, penetration testing, and development for personal/internal applications. In addition, Nir is a public speaker (spoke on BlackHat, DEF CON, OWASP, InfoSec etc.) and open source contributor. Among his contributions, he released an open source anti-defacement tool called AntiDef, and wrote a publication about QRbot, an iPhone QR botnet POC he developed. His latest open source tool is Cloudefigo, which planned to be presented in the conference. Nir has a BSc in Computer Science but his knowledge is based mainly on cowboy learning and information sharing with the techno-oriented communities.
Moshe Ferber is an information security entrepreneur and one of the cornerstones of the information security industry in Israel, with over 20 years of experience in various industry the leading positions such as the Security manager for Ness Technologies and founder of leading MSSP services provider. Currently Mr. Ferber focuses in promoting innovation in the Israeli startup scene as an investor, lecturer and evangelist for various cloud security topics. Mr. Ferber is a popular industry speaker and promote cloud security best practices and official lecturer for the Cloud Security Alliance.
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/def-con-23-audio-speeches-from-the-hacker-convention-58118/vivek-ramachandran-chigula-a-framework-for-wi-fi-intrusion-detection-a-3015045"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to vivek ramachandran - chigula — a framework for wi-fi intrusion detection and forensics on goodpods" style="width: 225px" /> </a>
Copy