As promised, I am posting a video I made explaining how to setup Kismet to do wireless scans.
The only pre-requisites you need are Vmware (it will work the same in VirtualBox), and a VM of Kali linux. The only real difference is the message that asks where the wireless adapter should connect to.
It's my first attempt editing a video, so please be kind
Mr. Boettcher and I had a great time this week. We talked all about doing wireless audits for PCI using Kismet and Aircrack-ng, and talked about some capabilities of both.
Alfa AWUS051NH (works in Kali/Backtrack) (no sponsor link): http://www.amazon.com/gp/offer-listing/B002BFO490/ref=dp_olp_0?ie=UTF8&condition=all
Using Karma with a pineapple to fool clients into connecting unencrypted: http://www.troyhunt.com/2013/04/your-mac-iphone-or-ipad-may-have-left.html
Tutorial on hacking various wireless: http://cecs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm
Premium content by Bryan! I made a video as well that describes using your wireless dongle to make your Kali Linux into a powerful areal wireless sniffer. http://brakeingsecurity.com/bonus-kismet-video
Sharing information between people and organizations can be a sensitive issue, especially if the information being shared is of mutual importance.
This week, we break down PGP and it's open source cousin GPG. We discuss how last week's podcast about hashing, encoding, and encryption are all bundled up neatly with PGP, and give you some examples of software you can use on Mac, Windows, and Linux.
GPG4Win - http://www.gpg4win.org/
GPG Suite (Mac OS) - https://gpgtools.org/
public PGP key server - pgp.mit.edu
NoStarch Press book: http://www.nostarch.com/pgp.htm
gpg commandline tutorial - http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/gpg-cs.html
Icon courtesy of NoStarch Press
Ever heard someone mention AES Encoding, or MD5 Encryption?
Many people in IT, Infosec, and Software development get confused about what Hashing, Encrypting, and Encoding. We hack through the definition forest, looking for that Sequoia of understanding.
We also talk about Symantec's remarks that 'Antivirus is dead' and 'not a moneymaker', and what that means to the industy as a whole.
"Enkrypto" is the program I mentioned in the podcast. It would appear that either s/he fixed it. Still shouldn't be using an 'encoding' method to store SMS if they are of a sensitive nature... The screen shots still clearly show a Base64 encoded SMS, and still show it as a 'secured' message. :( plus, with a the option to allow an encrypted PIN with 4 characters, it would be trivial to crack even an AES encrypted message
Do not buy this app...
This week, we find ways to increase security when browsing the EWW (Evil Wide Web).
We give a shout-out to WhiteHatSec's Aviator browser as a way for everyone to have an eleveated security posture with very little configuration required. And Mr. Boettcher and I talk about some of the plugins we use to make ourselves more secure.
And Mr. Boettcher surprises me with his proclivities toward farmyard animals.
Aviator Browser: https://www.whitehatsec.com/aviator/
Firefox --- Request Policy: https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/
Google --- Notscript: http://www.dedoimedo.com/computers/google-chrome-notscript.html
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0