Thursday, June 23, 2016

Wireless Penetration Testing: So easy anyone can do it!

My name is Lea Lewandowski and I am the newest member of the admin team at Immunity. I have a Bachelor of Science in Business Administration with a major in Marketing and a minor in Sociology and yes, even I can use SILICA. Prior to joining Immunity four weeks ago, I earned a living working at Starbucks for a year and a half, because like most college graduates, I did not have a full time career to jump right into. Then Immunity came along and decided to give me a shot at this thing called "real life work".  I can honestly say that I was not expecting to learn 'how to hack' during my second week at the company.

When I first heard that I was going to try to learn how to use SILICA I was pretty intimidated. Here I am, with no previous experience in computers or technology and I'm told to sit in front of this computer and get some passwords. Little did I know, this stuff is all automated. All I have to do is click some buttons. I swear, it is really that easy.  SILICA does all of the hard work for you, which makes the wireless penetration testing simple even for the non-techies of the world (like me!).

Ironically, my first SILICA lesson was at a Starbucks. We were there for less than half an hour and I was able to steal my own password from myself using the Fake AP (stands for Access Point, btw) feature. I also learned that I needed to fix the security settings on my iPhone. All I had to do was some clicky-clicky and then wait and, lo and behold, I got my password (which I have now changed).

Another feature that I learned how to use in a few minutes was the AP mapping tool. I was able to figure out how to use the AP mapping feature in the office and in my apartment. With this tool, I was able to find the exact location of AP's in both places. Pretty interesting stuff. Below is a picture of the AP mapping feature finding an AP in my apartment.
I didn't realize that I had to blur this out so you stalkers couldn't find my house! Learn something new everyday.
I created a map image of my apartment, imported it into the location capture tab, and walked around clicking different areas of the map. The outcome was a heat map of AP's around me. I found the AP in my apartment using the heat map, right clicked the AP for the signal strength and found exactly where the AP was located. The above image shows the signal strength at its highest because the SILICA was sitting right on top of the AP.

Although I'd love to sit here and tell you that I figured this all out because I'm some type of genius and a super fast learner but that isn't the case. My experiences with SILICA combined with my complete lack of any technical knowledge is proof that anyone can learn how to use SILICA. While awesome, it has definitely been an eye opening introduction to the security world.