book

Hacking Exposed Wireless, Third Edition, 3rd Edition

Name: Hacking Exposed Wireless, Third Edition, 3rd Edition
ISBN: 9780071827621

by Joshua Wright, Johnny Cache

March 2015

Intermediate to advanced

560 pages

15h 17m

English

McGraw-Hill

Read now

Unlock full access

Cover
Title Page
Copyright Page
Dedication
Contents
Foreword
Acknowledgments
Introduction
Part I Hacking 802.11 Wireless Technology
CASE STUDY: Twelve Volt Hero
1 Introduction to 802.11 Hacking
802.11 in a NutshellThe BasicsAddressing in 802.11 Packets802.11 Security PrimerDiscovery BasicsHardware and DriversA Note on the Linux KernelChipsets and Linux DriversModern Chipsets and DriversCardsAntennasCellular Data CardsGPSSummary

2 Scanning and Enumerating 802.11 Networks
Choosing an Operating SystemWindowsOS XLinuxWindows Discovery ToolsVistumblerWindows Sniffing/Injection ToolsNDIS 6.0 Monitor Mode Support (NetMon/MessageAnalyzer)AirPcapCommView for WiFiOS X Discovery ToolsKisMACLinux Discovery Toolsairodump-ngKismetAdvanced Visualization Techniques (PPI)Visualizing PPI-Tagged Kismet DataPPI-Based Triangulation (Servo-Bot)Summary
3 Attacking 802.11 Wireless Networks
Basic Types of AttacksSecurity Through ObscurityDefeating WEPWEP Key Recovery AttacksPutting It All Together with WifiteInstalling Wifite on a WiFi PineappleSummary
4 Attacking WPA-Protected 802.11 Networks
Obtaining the Four-Way HandshakeCracking with Cryptographic AccelerationBreaking Authentication: WPA EnterpriseObtaining the EAP HandshakeEAP-MD5EAP-GTCLEAPEAP-FASTEAP-TLSPEAP and EAP-TTLSRunning a Malicious RADIUS ServerSummary
5 Attacking 802.11 Wireless Clients
browser_autopwn: A Poor Man’s Exploit ServerUsing Metasploit browser_autopwnGetting Started with I-love-my-neighborsCreating the APAssigning an IP AddressSetting Up the RoutesRedirecting HTTP TrafficServing HTTP Content with SquidAttacking Clients While Attached to an APAssociating to the NetworkARP SpoofingDirect Client Injection TechniquesSummary
6 Taking It All the Way: Bridging the Air-Gap from Windows 8
Preparing for the AttackExploiting Hotspot EnvironmentsControlling the ClientLocal Wireless ReconnaissanceRemote Wireless ReconnaissanceWindows Monitor ModeMicrosoft NetMonTarget Wireless Network AttackSummary
Part II Bluetooth
CASE STUDY: You Can Still Hack What You Can’t See
7 Bluetooth Classic Scanning and Reconnaissance
Bluetooth Classic Technical OverviewDevice DiscoveryProtocol OverviewBluetooth ProfilesEncryption and AuthenticationPreparing for an AttackSelecting a Bluetooth Classic Attack DeviceReconnaissanceActive Device DiscoveryPassive Device DiscoveryHybrid DiscoveryPassive Traffic AnalysisService EnumerationSummary
8 Bluetooth Low Energy Scanning and Reconnaissance
Bluetooth Low Energy Technical OverviewPhysical Layer BehaviorOperating Modes and Connection EstablishmentFrame ConfigurationBluetooth ProfilesBluetooth Low Energy Security ControlsScanning and ReconnaissanceSummary
9 Bluetooth Eavesdropping
Bluetooth Classic EavesdroppingOpen Source Bluetooth Classic SniffingCommercial Bluetooth Classic SniffingBluetooth Low Energy EavesdroppingBluetooth Low Energy Connection FollowingBluetooth Low Energy Promiscuous Mode FollowingExploiting Bluetooth Networks Through Eavesdropping AttacksSummary
10 Attacking and Exploiting Bluetooth
Bluetooth PIN AttacksBluetooth Classic PIN AttacksBluetooth Low Energy PIN AttacksPractical Pairing CrackingDevice Identity ManipulationBluetooth Service and Device ClassAbusing Bluetooth ProfilesTesting Connection AccessUnauthorized PAN AccessFile Transfer AttacksAttacking Apple iBeaconiBeacon Deployment ExampleSummary
Part III More Ubiquitous Wireless
CASE STUDY: Failure Is Not an Option
11 Software-Defined Radios
SDR ArchitectureChoosing a Software Defined RadioRTL-SDR: Entry-Level Software-Defined RadioHackRF: Versatile Software-Defined RadioGetting Started with SDRsSetting Up Shop on WindowsSetting Up Shop on LinuxSDR# and gqrx: Scanning the Radio SpectrumDigital Signal Processing Crash CourseRudimentary CommunicationRudimentary (Wireless) CommunicationPOCSAGInformation as SoundPicking Your TargetFinding and Capturing an RF TransmissionBlind Attempts at Replay AttacksSo What?Summary
12 Hacking Cellular Networks
Fundamentals of Cellular CommunicationCellular Network RF FrequenciesStandards2G Network SecurityGSM Network ModelGSM AuthenticationGSM EncryptionGSM AttacksGSM EavesdroppingGSM A5/1 Key RecoveryGSM IMSI CatcherFemtocell Attacks4G/LTE SecurityLTE Network ModelLTE AuthenticationLTE EncryptionNull AlgorithmEncryption AlgorithmsPlatform SecuritySummary
13 Hacking ZigBee
ZigBee IntroductionZigBee’s Place as a Wireless StandardZigBee DeploymentsZigBee History and EvolutionZigBee LayersZigBee ProfilesZigBee SecurityRules in the Design of ZigBee SecurityZigBee EncryptionZigBee AuthenticityZigBee AuthenticationZigBee AttacksIntroduction to KillerBeeNetwork DiscoveryEavesdropping AttacksReplay AttacksEncryption AttacksPacket Forging AttacksAttack WalkthroughNetwork Discovery and LocationAnalyzing the ZigBee HardwareRAM Data AnalysisSummary
14 Hacking Z-Wave Smart Homes
Z-Wave IntroductionZ-Wave LayersZ-Wave SecurityZ-Wave AttacksEavesdropping AttacksZ-Wave Injection AttacksSummary
Index

Overview

Exploit and defend against the latest wireless network attacks

Learn to exploit weaknesses in wireless network environments using the innovative techniques in this thoroughly updated guide. Inside, you’ll find concise technical overviews, the latest attack methods, and ready-to-deploy countermeasures. Find out how to leverage wireless eavesdropping, break encryption systems, deliver remote exploits, and manipulate 802.11 clients, and learn how attackers impersonate cellular networks. Hacking Exposed Wireless, Third Edition features expert coverage of ever-expanding threats that affect leading-edge technologies, including Bluetooth Low Energy, Software Defined Radio (SDR), ZigBee, and Z-Wave.

Assemble a wireless attack toolkit and master the hacker’s weapons
Effectively scan and enumerate WiFi networks and client devices
Leverage advanced wireless attack tools, including Wifite, Scapy, Pyrit, Metasploit, KillerBee, and the Aircrack-ng suite
Develop and launch client-side attacks using Ettercap and the WiFi Pineapple
Hack cellular networks with Airprobe, Kraken, Pytacle, and YateBTS
Exploit holes in WPA and WPA2 personal and enterprise security schemes
Leverage rogue hotspots to deliver remote access software through fraudulent software updates
Eavesdrop on Bluetooth Classic and Bluetooth Low Energy traffic
Capture and evaluate proprietary wireless technology with Software Defined Radio tools
Explore vulnerabilities in ZigBee and Z-Wave-connected smart homes and offices
Attack remote wireless networks using compromised Windows systems and built-in tools

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Hacking Exposed Wireless, Second Edition, 2nd Edition

Publisher Resources

ISBN: 9780071827621

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills