Black Hat EU 2013 - Practical Exploitation Using A Malicious Service Set Identifier (SSID)
By: Deral Heiland
How easily we overlook a simple wireless SSID, and think nothing of it or its potential risk to us. In this presentation I will be discussing the leveraging of SSIDs to inject various attacks into Wireless devices, and management consoles. The type of injection attacks discussed will include XSS, CSRF, command injection and format strings attacks. I will be discussing various malicious SSID restrictions, limitations, and potential attack success dependencies. Using live demonstrations I will show how each of these attack methods are carried out. In conclusion I will be discussing how common this attack vector potentially is, and its overall risk factors.
Video at DerbyCon 2013
Download slide tại đây, hoặc tại đây
How easily we overlook a simple wireless SSID, and think nothing of it or its potential risk to us. In this presentation I will be discussing the leveraging of SSIDs to inject various attacks into Wireless devices, and management consoles. The type of injection attacks discussed will include XSS, CSRF, command injection and format strings attacks. I will be discussing various malicious SSID restrictions, limitations, and potential attack success dependencies. Using live demonstrations I will show how each of these attack methods are carried out. In conclusion I will be discussing how common this attack vector potentially is, and its overall risk factors.
Video at DerbyCon 2013
Download slide tại đây, hoặc tại đây
Comments
Post a Comment