Overview
Explore a new technique called "Lure10" for exploiting Windows automatic wireless association in this 32-minute conference talk from HITB2017AMS. Learn how this attack enables attackers to achieve a man-in-the-middle position against Windows devices without user interaction. Discover the limitations of the traditional KARMA attack and how Lure10 overcomes modern network manager countermeasures. Understand the details of the attack, its implementation in the Wifiphisher tool, and compare automatic association behaviors across operating systems. Gain insights into man-in-the-middle case studies and countermeasures. Examine topics such as WiFi Sense, network data collection, frame sending, denial of service attacks, location service spoofing, and Microsoft's response to this vulnerability. Find out if you're affected and how to protect yourself against this exploit.
Syllabus
Introduction
What is this attack
The Karma attack
Countermeasures
WiFi Sense
Finding the right networks
Collecting the right data
Sending the frames
Automatic Wireless Association Algorithm
Denial of Service Attack
Location Service Spoof
Fake Networks
Location Service
Microsoft Response
Am I affected
How to protect yourself
WiFi Visser
Conclusion
Taught by
Hack In The Box Security Conference