Lennart Koopmann — nzyme — A New WiFi Defense System — DEF CON 27 Wireless Village

Дата: 20.11.2019. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

In this talk, I am explaining and releasing v1.0.0 of nzyme after 2 years of work. Nzyme is a new and Open Source WiFi IDS that addresses challenges of wireless security by employing deception techniques, fingerprinting and classic signature-based detection methods. In addition to the IDS part of nzyme, it also parses, enriches and forwards every intercepted management frame to a log management system to allow for long-term WiFi DFIR and even threat hunting. Classic signature-based detection supports alerting on unexpected channels, BSSIDs, SSIDs and crypto options as well as deauthentication frame flooding. Using these techniques can be a good start, but they are so easy to bypass by an attacker that more effort is needed. To take the blue team game to a new level, nzyme allows you to spin up fake networks and alert when an attacker attempts to interact with them. A fingerprinting approach detects common attack platforms like WiFi Pineapples, or ESP8266-based deauthers. The talk includes a real quick introduction to WiFi security with a focus on how signature-based detection is not enough, a live-demo of the web interface and some live detection action. I am explaining the fingerprinting approach in depth, and at the end of the talk, there is a demo of DFIR and threat hunting tasks with the collected data in Graylog.


Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *