Overview
Explore practical exploitation techniques using malicious Service Set Identifiers (SSIDs) in this DerbyCon 3.0 conference talk. Delve into the fundamentals of SSIDs, IEEE standards, and their historical context before examining initial discovery methods and device-specific considerations. Learn about overcoming limitations, registering short domains, and escaping backslashes. Witness demonstrations of cross-site scripting and command injection vulnerabilities, and understand parsing routines and execution challenges. Gain insights into cross-site request forgery attacks and explore testing configurations for various targets. Enhance your knowledge of wireless network security and potential attack vectors through this comprehensive presentation.
Syllabus
Introduction
What is an SSID
ITripleE Standards
History
Initial Discovery
General Devices
Device Order
Limitations
Device Limitations
Register a Short Domain
Escape the Backslash
Crosssite Scripting
Demo
Command Injection
Parsing Routine
Execution
Challenge
Crosssite request forgery
Demonstration
Rube
Prayer
Hells Half Acre
Testing
Configuration
Targets