COMMSEC: RedPhishing: Wi-Fi, Phishing and Red Teaming


In this brief talk we are going to see a case study where, during a physical red teaming engagment, new techniques have been used to attack corporate WiFi network.

Such techniques can help us into letting the victims in falling for our evil twin attack more easily, this is done by abusing the OS trust in CA and SSL certificate, similar to the more common phishing attacks. We will see why corporate WiFi networks are often at risks and how system administrators could better protect against such attacks and tricks.

Finally a new tool will be presented to automatically deploy an Evil-Twin attack with this new social engineering technique which is now in your Red Teaming armory.

Location: BALLROOM 2 Date: August 30, 2018 Time: 12:30 pm - 1:00 pm Matteo Beccaro