Dailydave mailing list archives
SILICA-U
From: dave <dave () immunityinc com>
Date: Thu, 22 Jul 2010 11:32:19 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So it's been a while since I've posted about wireless penetration testing. And wireless penetration testing hasn't CHANGED a whole lot. But how we do it has. So first, some history: SILICA was a product that worked on the Nokia n-series. The great thing is they are cell-phone sized. The problem with that is they have a cell phone's ram and CPU and wireless range (aka, none). This made advanced features like WEP cracking difficult to implement. SILICA-Q was based on the OQO and works quite well - the OQO is a real PC in a hand-held size. The only downside was there was no way to get an external antenna on it. It ran our own Linux distribution so we could control the wireless drivers and optimize for what we needed. WEP Cracking and WPA cracking are automated and easy to use (and even reasonably fast on the mobile processor). The major downside here is that the OQO company went right out of business as we were their only customer. :> SILICA-U is the latest incarnation of SILICA, and is distributed as a bootable Linux USB key, along with a wireless PCMCIA card and antenna. It works in basically any business laptop. It incorporates a new advanced GUI so you can do Sidejacking (on Open or WEP networks) easily, and be more precise in what you are attacking. Sidejacking is a weird thing. It turns out there's a lot of wiggly bits that go into stealing cookies and logging in as people on different web services. Twitter and Yahoo are harder than Gmail, for instance. (or were, but now both are a right-click away, essentially). Likewise, SILICA-U cracks LEAP, which is fun on corporate networks. In any case, we'll be at BlackHat demoing SILICA-U (no, we will not be Sidejacking random ppl on the BlackHat network. That would annoy Ping and we are not planning on doing THAT.), and if you are doing Wireless security and looking to get an eval I know Steve will be happy to talk to you. http://www.immunityinc.com/downloads/Immunity_Silica_datasheet_Q3_10.pdf - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkxIZIMACgkQtehAhL0ghepkOACcCDHNMdnhO+jmBVKp5+GLoTnH HPkAn0ekGuXjSUCu9qFKhE1VxK1nMfnh =0BE0 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- SILICA-U dave (Jul 22)