Introducing nzyme: WiFi monitoring, intrusion detection and forensics

Today I am releasing my latest open source hobby project: nzyme. It's a Java-based program that puts wireless network adapters into monitor mode, sniffs management frames from all configured 2.4Ghz or 5Ghz channels and writes them into a Graylog instance for monitoring and analysis. About In my previous post, Common WiFi Attacks And How To Detect Them, I laid out the many ways an attacker can attack a wireless network. With this post, I am introducing nzyme, an open source tool used to detect these

Read more

How to install BLEAH on Kali Linux

A few days ago, Simone Margaritelli aka evilsocket released BLEAH, a BLE (Bluetooth Low Energy, or Bluetooth Smart) scanner and device enumerator that is incredibly simple to use. I just played around with it and documented the installation steps on the most recent Kali Linux. I will not cover how to use BLEAH. Read Simone's introductory blog post and the README for that. Hardware requirements You don't need special Bluetooth equipment like the Ubertooth One to use BLEAH. Any onboard Bluetooth chip should do. I am

Read more

Common WiFi attacks and how to detect them

I'm talking about DFIR (Digital Forensics and Incident Response) for WiFi networks at DerbyCon 2017 and will be releasing nzyme (an open source tool to record and forward 802.11 management frames into Graylog for WiFi security monitoring and incident response) soon. Note that I will simplify some of the 802.11 terminologies in this post. For example, I'll talk about "devices" and not "stations, " and I'll not use the term "BSS" for "networks." The issue with 802.

Read more