Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/vanhoefm/blackhat17-pocs

Proof of concepts of attacks against Wi-Fi implementations
https://github.com/vanhoefm/blackhat17-pocs

Last synced: 13 days ago
JSON representation

Proof of concepts of attacks against Wi-Fi implementations

Awesome Lists containing this project

README 

        
# WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake



This repository contains proof-of-concepts of selected attacks mentioned in my Black Hat 2017 talk. The talk was based on the paper [Discovering logical vulnerabilities in the Wi-Fi handshake using model-based testing](https://papers.mathyvanhoef.com/asiaccs2017.pdf). The [testing framework](https://github.com/domienschepers/asiaccs-discovering-logical-vulnerabilities) explained during the talk, and in the paper, is also public.



## Table of Content



- [OpenBSD: Client Man-in-the-Middle](openbsd#openbsd-client-man-in-the-middle) ([view demo](https://www.youtube.com/watch?v=t4fvgLPOYOw))

- [OpenBSD: Access Point Denial-of-Service](openbsd#openbsd-access-point-denial-of-service) ([view demo](https://www.youtube.com/watch?v=XLvXL7HabYM))

- [Windows 7: Targeted DoS against hotspot](windows#windows-7-dos-win7_dos_attackpy) ([view demo](https://www.youtube.com/watch?v=goPWTvOjhEM))

- [Windows 10: Insider DoS against hotspot](windows#windows-10-dos-win10_tkipdos_pocpatch)

- [Broadcom, Windows 10, Aerohive: Impossible TKIP Countermeasures Insider DoS](tkip-countermeasures#impossible-tkip-countermeasures)



## Acknowledgements



This work is based on the paper "Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing" which was co-authored with Domien Schepers and Frank Piessens.