After completing and agreeing the scope of the project, Cybaverse's Red Team start their work on Operation Grinch – Step 1, gain access to the wireless network.
Multi-pronged Red Team attack.
When a Red Team project is appropriately scoped, there will be a number of different ways the Team will try and gain access. The first tactic on Cybaverse’s list is to try is Wi-Fi sniffing.
What is Wi-Fi Sniffing?
Wi-Fi sniffing is a term used to describe a piece of software designed to capture wireless network traffic for analysis. It enables hackers to gain insight into what’s going on in a network at any given time.
Cybaverse have just the hound when it comes to Wi-Fi sniffing – Pippa! Pippa and her human work in the Cybaverse office and are experienced in sniffing out vulnerabilities in a network.
With the Sniffing device in place, disguised as a Christmas hat, Pippa attends Lapland Industries Christmas Party in Santa’s Workshop...
As a guest inside the workshop Pippa was able to get close enough to the Wi-Fi to sniff a connection to both the main Wi-Fi, named 'Christmas Wi-Fi' and the Elf Wi-Fi named 'Elf Guest Wi-Fi'.
The Cybaverse Red Team then worked to sniff BSSIDs in the surrounding area and was able to capture an Extensible Authentication Protocol handshake. Once the Wi-Fi in the Workshop had been sniffed and a four-way handshake successfully captured, there are a number of different things a real-world hacker could try to establish a connection, for example a weak password could be cracked and access achieved. Depending on the network layout, segmentation and what clients are connected this could be an effective way to leverage further attacks or to monitor traffic.
Cybaverse were able to crack the guest password to the Elf Wi-Fi which was 'HoHoHo' however, Lapland Industries had RADIUS authentication installed which required a digital certificate to gain access. Cybaverse then created a fake Wi-Fi access point naming it Christmass Wi-Fi, this tactic is often described as an ‘Evil Twin attack’.
Cybaverse were able to gain access, however, Lapland Industries Wi-Fi protocols were appropriately segmented and even after establishing a connection, access was extremely limited.
Next steps
After completion of this stage Cybaverse reported back to Mr and Mrs Claus their findings. The next TTP utilised by the Gruber Group to be tested was a phishing campaign. Cybaverse will now look to gain access to Lapland Industries by sending a number of phishing emails to elf employees to try and get them to click on a malicious links.
Protect your business from Wi-Fi sniffing by ensuring
- your Wi-Fi boundaries are appropriately set
- using strong passwords
- use strong encryption
If you’d like to talk to one of our expert Cyber Security team, get in touch using the form below.