BYOD PEAP Show - TIB AV-Portal

BYOD PEAP Show

00:00

8

Related Material

Formal Metadata

Title

BYOD PEAP Show

Title of Series

Number of Parts

112

Author

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/38940 (DOI)

Publisher

Release Date

Language

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

The onslaught of Bring Your Own Device(s) in recent years places a new focus on the security of wireless networks. In "The BYOD PEAP Show", Josh Yavor explores fundamental flaws in one of the most common and widely supported 802.1x authentication protocols used by countless corporate WPA2-Enterprise networks today. A series of events in the recent past created a situation in which PEAP can no longer be used safely. In this talk, we will re-trace this path and investigate how the combination of BYOD, new technology and new tools led to this situation. A live demonstration with audience participation will punctuate the danger of supporting PEAP. Attendees will leave with an understanding of the underlying flaws, methods of exploitation, a set of tools and most importantly, how to secure WPA2-Enterprise networks that currently support PEAP. A new tool, peapshow, will be released after DEF CON and will make testing and exploitation of this issue truly trivial. Besides, this is DEF CON. Someone has to mess with the WiFi. Josh Yavor (@schwascore) is a Security Engineer at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Josh specializes in web application security and network penetration testing. Josh holds a MS in Computer, Information and Network Security from DePaul University. At DePaul, he focused on network security while also developing an interest in incident response and SCADA/ICS. Prior to working at iSEC, Josh operated an independent IT consulting and managed services business with a special focus on security related projects.

DEF CON 2164 / 112

1

49:49

An Open Letter - The White Hat's Dilemma

2

48:50

Conducting Massive Attacks With Open Source Distributed Computing

3

44:09

Dude, WTF in my car?

4

1:41:26

Hostile Hardware reverse engineering by chip de-capping and analysys

5

19:50

Open Source Data Analysis and Trend Monitoring

6

49:07

Hacking Driverless Vehicles

7

12:47

Transcending Cloud Limitations by Obtaining Inner Piece

8

40:54

Pwn The Pwn Plug

9

15:25

HTTP Time Bandit

10

37:32

Kill 'em All — DDoS Protection Total Annihilation!

11

18:36

Collaborative Penetration Testing With Lair

12

44:30

De Anonymizing Alt Anonymous Messages

13

21:49

14

40:32

Made Open: Hacking Capitalism

15

41:26

Prowling P2P Botnets After Dark

16

1:32:40

Closing Ceremonies

17

24:11

The dawn of Web 3.0

18

23:34

Evolving Exploits Through Genetic Algorithms

19

39:53

HiveMind: Distributed File Storage Using JavaScript Botnets

20

15:41

Man In The Middle ALL THE IPv6 THINGS!

21

41:19

Evil DoS Attacks and Strong Defenses

22

16:19

Data Evaporation from SSDs

23

40:28

24

23:48

The Bluetooth Device Database

25

48:54

Safety of the Tor network

26

37:01

DNS Has Been Found To Be Hazardous To Your Health

27

42:54

Legal Aspects of Full Spectrum Computer Network (Active) Defense

28

39:23

Phantom Network Surveillance UAV / Drone

29

46:16

The Government and UFOs

30

23:47

Mach-O Malware Analysis: Combatting Mac OSX iOS Malware with Data Visualization

31

46:04

The Road Less Surreptitiously Traveled

32

18:35

Pwn'ing You(r) Cyber Offenders

33

40:27

Hacking Embedded Devices

34

18:52

Defeating Security Enhancements (SE) for Android

35

44:11

Panel - The ACLU Presents NSA Surveillance

36

45:59

Panel - Recognize Awards

37

47:11

Panel - Meet the VCs

38

32:20

Panel - Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock

39

42:51

Panel - Home Invasion v2.0

40

50:24

Hardware Hacking with Microcontrollers: A Panel Discussion

41

47:31

Panel - Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot

42

1:05:39

Panel - Do It Yourself Cellular IDS

43

1:50:14

DEF CON Comedy Jam Part VI, Return of the Fail

44

1:47:54

Panel - Ask the EFF The Year in Digital Civil Liberties

45

48:26

The Dark Arts of OSINT

46

41:47

PowerPreter: Post Exploitation Like a Boss

47

29:34

Please Insert Inject More Coins

48

45:00

The Cavalry Isn't Coming: Starting the Revolution to Fsck it All!

49

38:57

EMET 4.0 PKI Mitigation

50

52:08

Unexpected Stories From a Hacker Who Made it Inside the Government

51

26:51

How my Botnet Purchased Millions of Dollars in Cars

52

44:47

ACL Steganography: Permissions to Hide Your Porn

53

20:26

Abusing NoSQL Databases

54

42:58

Noise Floor: Exploring the world of unintentional radio emissions

55

34:45

The Growing Irrelevance of US Govt Cybersecurity Intelligence Info

56

19:37

A Thorny Piece Of Malware (And Me): A Talk about Exception Handlers, VfTables, Multi-Threading and other Nastiness

57

46:09

A Failure of Imagination: Kwikset Smartkey and Insecurity Engineering

58

51:27

Alternative Approaches to Leverage and Defend Cyberspace

59

30:24

LosT - Welcome and Making of the Badges

60

21:38

How to use CSP to stop XSS

61

42:35

The Secret Life of SIM Cards

62

22:24

So You Think Your Domain Controller is Secure

63

18:30

Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)

64

47:50

65

26:32

66

36:51

Blucat: Netcat For Bluetooth

67

45:12

Fast Forensics Using Simple Statistics and Cool Tools

68

47:05

JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces

69

22:26

PowerPwning: Post-Exploiting By Overpowering PowerShell

70

20:05

How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles

71

1:41:23

Making Of The DEF CON Documentary

72

36:57

How to Disclose or Sell an Exploit Without Getting in Trouble

73

20:24

Examining the Bitsquatting Attack Surface

74

23:24

C.R.E.A.M. - Cache Rules Evidently Ambiguous, Misunderstood

75

29:46

Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks

76

43:20

Let's Screw with nMap

77

33:02

Exploiting Music Streaming with JavaScript

78

37:02

RFID Hacking: Live Free or RFID Hard

79

39:30

10,000 Yen into the Sea

80

47:10

VoIP Wars: Return of the SIP

81

47:09

Forensic Fails: Shift + Delete Won't Help You Here

82

18:03

Getting The Goods With smbexec

83

44:27

The Politics of Privacy and Technology: Fighting an Uphill Battle

84

30:19

The Evidence Self-Destructing Message Apps Leave Behind

85

31:52

Torturing Open Government Systems for Fun, Profit and Time Travel

86

43:19

We are Legion: Pentesting with an Army of Low-power Low-cost Devices

87

46:46

Traffic Interception and Remote Mobile Phone

88

45:43

BYO-Disaster and Why Corporate Wireless Security Still Sucks

89

41:05

The Dirty South

90

45:04

A Password is Not Enough: Why disk encryption is broken and how we might fix it

91

20:00

Utilizing Popular Websites for Malicious Purposes Using RDI

92

21:59

Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust

93

23:27

Android WebLogin: Google's Skeleton Key

94

45:13

Privacy in DSRC connected vehicles

95

42:43

Predicting Susceptibility to Social Bots on Twitter

96

49:32

Defense by numb3r5: Making problems for script kiddies and scanner monkeys

97

31:18

FeartheEvil FOCA: Attacking Internet Connections with IPv6

98

43:15

Java Every-Days: Exploiting Software Running on 3 Billion Devices

99

45:19

Stalking a City for Fun and Frivolity

100

44:46

Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine

101

33:26

Business logic flaws in mobile operators services

102

18:09

Offensive Forensics: CSI for the Bad Guy

103

1:33:02

All Your RFz Are Belong to Me

104

42:28

Stepping P3wns: Adventures in full spectrum embedded exploitation (and defense!)

105

25:30

Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions

106

45:15

EDS Exploitation Detection System

107

52:20

Suicide Risk Assessment and Intervention Tactics

108

44:20

109

47:58

Defending Networks with Incomplete Information: A Machine Learning Approach

110

20:21

gitDigger: Creating useful wordlists from public GitHub repositories

111

19:04

Building an Android IDS on Network Level

112

43:49

Backdoors, Government Hacking and The Next Crypto Wars

Automatic playback

Speech

Text

Image

00:00

Mobile WebMultiplication signInformation securityDisk read-and-write headMobile WebWireless LAN

00:53

Perfect groupEAP-ProtokollRadio-frequency identificationInfinite conjugacy class propertyType theoryEnterprise architectureAuthenticationServer (computing)RadiusReal numberIntegrated development environmentGroup actionConnectivity (graph theory)Event horizonSingle-precision floating-point formatGraph (mathematics)BitSelf-organizationNumberSubsetDefault (computer science)Enterprise architecturePhysical systemComputer networkFreewareAuthenticationInformation securityService (economics)Integrated development environmentServer (computing)Public key certificateRadiusFigurate numberProper mapStandard deviationSoftware testingConfiguration spaceValidity (statistics)ResultantPatch (Unix)Data managementReal numberMobile WebDependent and independent variablesEmailPasswordType theorySoftware developerMultiplication signWordMetric systemForm (programming)MathematicsComputer networkCommunications protocolMobile appComputerMereologyProduct (business)Point cloudRandomizationDomain nameDirectory serviceEquivalence relationOrder (biology)Shape (magazine)Operating systemMatching (graph theory)Right angle

08:26

Real numberIntegrated development environmentGroup actionSelf-organizationPasswordPosition operatorComputer networkGroup actionGame controllerComplete metric spaceLecture/Conference

09:30

Multiplication sign2 (number)TrailCountingLine (geometry)Renewal theorySinc functionNumberLevel (video gaming)BitComputer animation

11:30

User interfaceComputer networkSystem administratorVapor barrierMedical imagingComputer networkService (economics)InternetworkingDomain nameDirectory serviceMobile WebElectronic program guideEnterprise architectureMetric systemSelf-organizationMultiplication signConfiguration spaceLine (geometry)Profil (magazine)Software testingMultilaterationBitMathematicsGroup actionWebsiteFigurate numberDependent and independent variablesNumberType theoryInformation securityEmailProcess (computing)Uniform resource locatorPoint (geometry)Computing platformoutputAgreeablenessBounded variation

15:49

SicType theorySelf-organizationUniverse (mathematics)Computer networkStaff (military)Likelihood functionWikiWireless LANEnterprise architecture

16:47

Mobile WebLinear programmingRevision controlPublic key certificateWindowTouchscreenConfiguration spaceMobile WebUniverse (mathematics)ResultantAndroid (robot)

17:23

AuthenticationServer (computing)EncryptionHost Identity ProtocolLoginData typeWindows PhoneTransport Layer SecurityINTEGRALAuthorizationComputer networkProbability density functionClient (computing)Computer configurationForceEnterprise architecturePhysical systemPLS (file format)Wechselseitige InformationBitGreatest elementType theoryPublic key certificateMobile WebAuthenticationWindowServer (computing)Computing platformSet (mathematics)Operating system1 (number)TouchscreenInformationSelf-organizationTransport Layer Security

19:41

ZugriffskontrolleLocal GroupPairwise comparisonWireless LANAuthenticationMetropolitan area networkOpen setDependent and independent variablesError messageMathematicsPasswordMessage passingFamilyAssociative propertyEnterprise architectureSelf-organizationPoint (geometry)Goodness of fitComputer networkDifferent (Kate Ryan album)Game controllerPasswordOpen setSymmetric-key algorithm

20:58

Identity managementAssociative propertyRadiusServer (computing)Mobile WebInterior (topology)AuthenticationRadiusPublic key certificateDependent and independent variablesMereologyRootOrder (biology)Client (computing)Identity managementMultiplication signExploit (computer security)Point (geometry)Server (computing)AuthenticationReal numberFreewareIdentifiabilityComputing platformBuildingMobile WebAssociative property

22:50

Mobile WebComputing platformAndroid (robot)Mobile WebComputing platformSoftware testingType theorySelf-organizationAndroid (robot)outputIntegrated development environmentDifferent (Kate Ryan album)Metric systemWindowSet (mathematics)Enterprise architectureArea

24:04

Type theoryAndroid (robot)AuthenticationComputer networkConfiguration spaceComputer configurationDifferent (Kate Ryan album)Phase transitionOrder (biology)Public key certificateMereologyoutputType theoryExtension (kinesiology)Transport Layer SecuritySoftware developerEnterprise architectureSoftware testingValidity (statistics)RootGoodness of fitDefault (computer science)Server (computing)User interfaceRadiusAndroid (robot)

26:17

PasswordServer (computing)outputConfiguration spaceFeedbackMereologyProfil (magazine)Operating systemPublic key certificatePassword

26:54

Normed vector spaceEmailSelf-organizationStorage area networkPublic key certificatePasswordType theoryServer (computing)Self-organizationPublic key certificateDefault (computer science)RadiusFreewareFlagMultiplication signTouchscreenMotion captureComputing platformDifferent (Kate Ryan album)Type theoryInformationIntegrated development environment

27:57

Greatest elementConfiguration spacePublic key certificateWindowProfil (magazine)Default (computer science)Validity (statistics)Right angle

28:34

Windows PhoneFigurate numberPresentation of a groupConfiguration spacePasswordDefault (computer science)User interfaceComputer configurationValidity (statistics)Suite (music)Public key certificateServer (computing)

29:18

Windows PhoneSingle-precision floating-point formatComputer networkBuildingPersonal identification numberPublic key certificateComputing platformInformation securityNumberWindowEnterprise architectureDifferent (Kate Ryan album)Table (information)Type theoryTransport Layer SecurityComputer animation

29:59

BuildingSingle-precision floating-point formatComputer networkElectronic mailing listPhysicalismMultiplication signPoint (geometry)Self-organizationTrans-European NetworksSoftware testingType theoryBuildingRadiusElectronic mailing listService (economics)Information securityComputer networkDirectory serviceBroadcasting (networking)Order (biology)Uniform resource locatorGroup actionServer (computing)Computer networkTransportation theory (mathematics)AreaFreewarePower (physics)Universe (mathematics)Router (computing)Regular graphPlastikkarteLaptopComputer clusterStandard deviationComputing platformDependent and independent variablesLikelihood functionPhysical systemReal numberMultiplicationWireless LANMoving averageGoodness of fitThomas BayesRight anglePersonal identification numberOpen setConfiguration spaceScripting languageMereologyWebsiteMobile WebWordCartesian coordinate systemFerry CorstenMatching (graph theory)Basis <Mathematik>

38:20

Radon transformScripting languageDisintegrationSingle-precision floating-point formatAerodynamicsComputer networkSingle-precision floating-point formatGame controllerWordIntrusion detection systemRotationLogicBitComputer networkFigurate numberEnterprise architectureGroup actionElectronic mailing listScripting languageTurbo-CodeOpen setInstallation artVector potential

40:21

Mobile WebData managementBroadcasting (networking)InternetworkingComputer networkInformation securityPairwise comparisonData managementTransport Layer SecurityMobile WebSelf-organization

41:31

AuthenticationMobile WebData managementRight angleDifferent (Kate Ryan album)PLS (file format)Demo (music)Multiplication signRight angleInformation securityPoint (geometry)Order (biology)Computer networkPasswordTransport Layer Security

42:28

Wireless LANHacker (term)Dependent and independent variablesService (economics)PasswordMotion captureoutputRight anglePublic key certificateDemo (music)Service (economics)LaptopMetropolitan area networkMobile WebPasswordInternetworkingFood energyMultiplication signInformation securityLecture/ConferenceComputer animation

43:37

Hausdorff spaceEmailComputer networkElectronic visual displayMotion captureAnalogyMenu (computing)Computer clusterIP addressRight angleObject-oriented programmingBackupPublic key certificateConnected spaceTouchscreenComputer animationSource code

45:34

Information securityTouchscreenMultiplication signPublic key certificateFunction (mathematics)Goodness of fit2 (number)Right angleDirectory serviceLoginComputer animation

47:24

Message passing

Transcript: English(auto-generated)