BRINGING SOFTWARE DEFINED RADIO TO THE PENETRATION TESTING COMMUNITY

Black Hat USA 2014

Presented by: Jonathan-Christofer Demay, Arnaud Lebrun, Jean-Michel Picod
Date: Wednesday August 06, 2014
Time: 11:45 - 12:45
Location: South Seas AB

The large adoption of wireless devices goes further than WiFi (smartmeters, wearable devices, Internet of Things, etc.).

The developers of these new types of devices may not have a deep security background and it can lead to security and privacy issues when the solution is stressed.

However, to assess those types of devices, the only solution would be a dedicated hardware component with an appropriate radio interface for each one of them.

That is why we developed an easy-to-use wireless monitor/injector tool based on Software Defined Radio using GNU Radio and the well-known scapy framework.

In this talk, we will introduce this tool we developed for a wide range of wireless security assessments: the main goal of our tool is to provide effective penetration testing capabilities for security auditors with little to no knowledge of radio communications.

Jean-Michel Picod

Jean-Michel Picod is currently working at Airbus Defence & Space CyberSecurity as the technical leader of pentest, incident response, malware reversing and vulnerability research activities. He holds an engineering degree in computer systems, networks and security. He has contributed on several open source projects (GoodFET, pynids, etc.) and published several open source tools such as DPAPIck, OWADE, forensic scripts, etc.

Jonathan-Christofer Demay

Jonathan is an IT security specialist with diverse professional backgrounds. As an academic researcher, he has been working on vulnerability research, IDS bypassing, and intrusion detection along with general network security. As a consultant for various strategic industries and government bodies, he has been working on computer forensics, reverse engineering, penetration testing, and social engineering.

Arnaud Lebrun

Arnaud is an electronics and automation engineer, currently working on wireless and ICS security at AIRBUS D&S CyberSecurity.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats