A comprehensive guide on Control and Data Frames in Wi-Fi (802.11) networks, covering their functions, types, and roles in wireless communication. Enhance your understanding of 802.11 standards and optimize network performance.

Delve into the 802.11 MAC frame header, data, and frame check sequence to gain a comprehensive understanding of wireless packet structures and their role in Wi-Fi communication.

Learn about EAP, its methods, modes, and authentication mechanisms critical for securing enterprise Wi-Fi networks.

Discover the progression of Wi-Fi security protocols from WEP through WPA and WPA2 to the advanced WPA3, focusing on security enhancements and challenges.

Learn about the limitations of Protected Management Frames (PMF) in Wi-Fi security, including gaps that can be exploited through passive listening, evil twin APs, and Wi-Fi jamming.

Discover the importance of Protected Management Frames (PMF) in Wi-Fi networks. Learn how PMF secures management frames, preventing tampering and unauthorised injections. Explore the different configuration states of PMF and understand its role in enhancing Wi-Fi security. Stay tuned for our next post on how attackers defeat PMF and how to protect your network against advanced threats.

But here's the kicker, WiFi isn't just about checking your Instagram feed or sending off that last-minute report. Nope, it's way bigger than that. Businesses are ditching those clunky on-site servers faster than you can say `cloud computing.`

Our WiFi Attacks Specialist course is designed to take a new comer to WiFi to reach the status of WiFi Penetration Tester in the quickest time possible. The course features an interactive lab environment, turning the taught theory into practical hands-on experience with our world-class lab environment.

The majority of memory corruption exploits that exist, have some form of input character limitation. To get around these limitations, you have what is known as an encoder. By encoding the input ...

The first public exploit we released was for the Eudora Qualcomm IMAP server commonly known as Worldmail. This exploit was classified as a Structured Exception Handler (SEH) buffer ...

Recently I attended the three-day Corelan Advanced Exploit Development class in Sydney Australia. People had warned me beforehand, that the training is from 9am until 9pm, so I was aware...

The nullsploit engine is a work in progress exploitation framework. Currently only a limited number of exploits are available, but these should be stable across multiple Windows installations. Features...

Recently, I was interviewed by Housing Technology magazine, about what housing providers should be considering in the context of cyber-security and data protection. The full aricle can be ...

During a security assessment back in 2015 I came across a fully patched Symantec Encryption Management Server appliance. This product provides secure messaging both between users of the organization...

Its been a while since an update to conscan has been made since it’s initial release last October. The new update introduces two new features Username disclosure Single threaded account brute-forcing...

BSides London 2014 last week was my first attempt at teaching an exploit development class a group of people which I had never met before. On the whole, the handson 1 hour workshop I ran on Stack Based ...

Over the last year, I have been performing penetrative application tests, and there is a huge variety of different CMS frameworks available to businesses. One of the frameworks I have...

Release Date 14 October 2013 Vendor Sam Brishes – http://www.pytes.net/ Affected Product Dexs PM System WordPress Plugin Version 1.0.1 Vulnerability Class Persistent Cross-Site Scripting ...

Following a recent pentest I performed for a client I stumbled upon their private SSL certificate. The SSL key was password encrypted, thus could not be used directly without knowing...

A tool I’ve been writing to enumerate the enabled HTTP methods supported on a webserver. Currently only in the initial beta stage, but includes basic checking of files including the...

A whitepaper detailing various methods to bypass ASLR (Address Space Layout Randomization) when developing custom exploit code. This was originally an unpublished paper that I wrote for the Infosec ...

A simple TFTP Fuzzer I wrote to discover undisclosed bugs within TFTP servers and other simple UDP based protocols. The project is hosted on GitHub and can be found at...

This FTP fuzzer has been used to fuzz and discover a number of previously undisclosed bugs with FTP server software and other plain-text protocols. The project is hosted on GitHub...

Abusing the Stack is a full tutorial, detailing the process of vulnerability discovery to developing custom exploit code to take advantage of a vulnerability. Once you have successfully been through...

Typically a WiFi network can be configured to not broadcast its SSID. In this episode, we will be attacking a hidden WiFi network. Firstly after activating monitor mode on my...

An advanced technique known as ARP Amplification can greatly increase IV generate rates. Using this technique alone is enough to boost IV generation rates up to 1800p/s. I first performed...

When attacking a WEP encrypted WiFi network you can come across two different authentication methods, Open and Shared Key Authentication. In the previous example, we attacked a WEP network configured...

When hacking a WEP protected WiFi network an attacker may conduct an ARP Request Replay attack against the affected network. There are cases where is not likely to succeed, such...

In this video, I demonstrate the simplicity of cracking a PSK password using tools freely available within the aircrack-ng suite of tools. I first put my Alfa AWUS036H USB WiFi...