SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Case Studies
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
    • More theme and feature topics
  • SOLUTIONS
    • Application Lifecycle Management (ALM), DevSecOps/VSM, Application Security
      • Application Security
      • DevSecOps
      • Digital Forensics
      • Secure Development
    • Cybersecurity, Governance Risk Compliance (GRC) and Resiliency
      • Governance, Risk Management and Compliance (GRC)
      • Malware Analysis and Reverse Engineering
      • Security Information & Event Management (SIEM)
      • Security Configuration Management (SCM)
      • Threat and Vulnerability Management
      • Penetration Testing and Ethical Hacking
    • Modern Infrastructure, NetOps
      • Network Performance Monitoring and Diagnostics (NPMD)
      • IT Operations Management (ITOM)
      • Network Operation (NetOps)
      • Network Management System (NMS)
    • Modern Workspace & Future of Work
      • Digital Workspace
      • End User Computing (EUC)
      • User Activity Monitoring (UAM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Hidden Menu
      • Brand Overview
      • Services Overview
      • E-SPIN Product Line Card
      • E-SPIN Ecosystem World Solution Portfolio Overview
      • GitLab (DevOps, DevSecOps, VSM)
      • Hex-Rays (IDA Pro, Hex-Rays Decompiler)
      • Immunity (Canvas, Silica, Innuendo)
      • Parasoft (automated software testing, AppSec)
      • Tenable (Enterprise Vulnerability Management)
      • Veracode (Application Security Testing)
    • Cybersecurity, App Lifecycle, AppSec Management
      • Cerbero Labs (Cerbero Suite)
      • Core Security (Core Impact, Cobalt Strike)
      • HCL (AppScan, BigFix)
      • Invicti (Acunetix, Netsparker)
      • ImmuniWeb
      • Portswigger (Burp Suite Pro, Burp Suite Enterprise)
      • Titania (Nipper Studio)
      • TSFactory (User Activity Monitoring)
    • Infrastructure, Network, Wireless, Cloud Management
      • Metageek (Wi-Spy, Chanalyzer, Eye P.A.)
      • Progress (WhatsUp Gold, WS_FTP, MOVEit MFT)
      • Paessler
      • Solarwinds (IT Management)
      • TamoSoft (wireless site survey)
      • Visiwave (wireless site survey, traffic analysis)
      • VMware (Virtualization, cloud mgt, Digital Workspace)
    • Platform products
      • Adobe (Digital Media Creation)
      • McAfee
      • Micro Focus
      • Microsoft
      • Red Hat (Enterprise Linux, OpenStack, OpenShift, Ansible,JBoss)
      • SecHard
      • SUSE (Enterprise Linux, Rancher)
      • Show All The Brands and Products (Full)
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Brand
  • Immunity
  • Immunity SILICA wireless infrastructure penetration testing
0
E-SPIN
Tuesday, 30 November 2021 / Published in Immunity, Product, SILICA

Immunity SILICA wireless infrastructure penetration testing

Immunity SILICA for Wireless Infrastructure Penetration Testing. Immunity SILICA is world leading commercial wireless security assessment tools (SAT) allowing penetration testing, hostile attack simulations target wireless infrastructure.

SILICA is Wireless Penetration Testing Tool

Immunity SILICA is a wireless security vulnerability assessment and penetration tool, purpose built and let wireless penetration testers focus on wireless pen testing projects, from scanning wireless networks and WiFi-enabled devices, as well as integrating a large number of WiFi specific attacks with a user friendly graphical interface.

SILICA is developed and designed to determine the true risk of Wireless networks, from WiFi access point, attempting to leverage vulnerabilities and determining what accesses behind the vulnerable access point can be compromised.

Since it is purpose built for wireless pen testing, a highly automated one-button interface for many of the actions is implemented. Typical wireless pen testing include WEP/WPA Cracking attacks to Key Reinstallation Attack (KRACK) – a man-in-the-middle attack, setup evil twin fake access point and intercept all connected wireless client, Kr00k Attack to exploit common Broadcom chipsets vulnerability, EAP Relay attack, client-side injection attack, SSL Stripping and Spoofing attack, service impersonation attack, Karma attack, Fake captive portal attack, executable replacement attack, Apple EAP-success attack, malicious AP detection, is some of the common wireless pen testing tasks can easily accomplish with the product.

SILICA address modern wireless network challenges

Understanding the vulnerabilities of your WiFi network can be challenging as users can easily create networks on demand, bring your own device (BYOD) or even perhaps unintentionally, such as create mobile hotspot to let others share the corporate wireless network. But as recent events have demonstrated, scanning your WiFi network is an important part of understanding your security posture. Since the modern cybersecurity is expanded to cover modern assets include wireless, virtualization, IoT and cloud.

Most generic vulnerability assessment tools simply take their current network scanners and point them at the wireless infrastructure or not optimize to use for carry out wireless pentesting. This approach does not give you the information that is unique to wireless networks. Immunity has built the first automated, WiFi specific, vulnerability assessment and penetration tool – known as Immunity Silica in the market.

SILICA is uniquely developed and cater for wireless infrastructure pentesting

E-SPIN Wireless Network Security Assessment Services Overview

Unlike traditional scanners that merely identify possible vulnerabilities, SILICA determines the true risk of a particular access point. SILICA does this by unintrusively leveraging vulnerabilities and determining what assets behind the vulnerable access point can be compromised.

Additionally while traditional scanners can enumerate the vulnerabilities of a particular target, they cannot evaluate whether a mitigating control is in place on the target or in the surrounding environment. With SILICA’s unique methodology it can report on whether a vulnerability can be successfully exploited.

Feature: Wireless centric all-in-one tool

SILICA is a self-contained solution that runs on a standard Intel based laptop. The SILICA software and base operating system (Ubuntu) is shipped on a bootable USB drive that enables you to run SILICA without any software modifications to your laptop. Included on the drive is partition containing a virtual machine with the same SILICA image giving you even greater flexibility and ease of use.

Highly automated, SILICA has a one-button interface for many of the actions that a security professional will want to take during an assessment, and help them save the time via one button click automation.

SILICA also implements threat detection modules that can passively scan for malicious attacks or unintentional vulnerabilities. This is particularly needed for those involved in cyber defence for the wireless landscape for the enterprise.

SILICA gathers and consolidates all information from its modules with a polished user interface designed to support a large amount of information without performance loss.

As long as SILICA is running, a background WPA handshake sniffer module will be storing the last captured WPA handshake for every AP to the file system in the /su/Reports/WPA_HANDSHAKES folder. These handshake files, stored in .pcap format, can be used by external tools for cracking, or can be used from the Key Recovery tab.

Active or passive key recovery attacks can be launched from the Discover Key submenu on the Network Listing tab. When this option is selected for a WEP WLAN, an active WEP key recovery attack using ARP injection is launched. When this option is selected for a WPA WLAN, if a handshake was not yet captured, an active deauth attack will be launched until a handshake is obtained. Once the handshake is captured, offline dictionary cracking is started to recover the key. SILICA includes a one million wordlist dictionary. SILICA also supports WPA/WPA2 brute-forcing using PMKID data. This allows SILICA to attack some access points even when no stations (clients) are present.

Feature: Key Reinstallation Attack (KRACK)

KRACK is a man-in-the-middle attack between a target access point and the target devices that try to connect to the network. When a vulnerable device tries to connect, SILICA will intercept the packets and replay them in a way that will cause the device to install an zeroed-out encryption key. SILICA will then proceed with ssl-stripping and ssl-spoofing attacks against the target device. The module supported targets are wpa_supplicant 2.4 and 2.5, and was tested on a stock Ubuntu 16.04.1 target.

To make the KRACK attack work, SILICA requires two wireless cards, as the fake access point needs to be on a different channel than the real Access Point. If SILICA is not able to initialize the second interface when starting the KRACK attack, an error message (in red in the log window) is displayed and the module stops.

For the attack to be successful, these conditions should hold:

  • The target should be vulnerable to the zero-key attack (wpa_supplicant 2.4 and 2.5)
  • The signal from SILICA’s card should be stronger than the real AP from the target’s point of view.
  • The target should try to reconnect to the network (SILICA will not try to force the target to reconnect).

Feature: The Kr00k Attack

The Kr00k Attack exploits a vulnerability in some very common Broadcom chipsets that cause a device to send zero-key encrypted data packets for a short period of time after a deauthentic ation packet is received. This module will send deauthentication packets to trigger the vulnerability, decrypt the packets, and display them on a wireshark window. The module supports attacking a single device, or all devices connected to an access point. The module uses an heuristic based on the timing and throughput of data packets from the target to be more effective. The heuristic parameters can be adjusted from the Preferences Panel.

Note: Some Broadcom chipsets support a non-standard modulation scheme that the SILICA card does not support. It is possible that this module does not work when the target is connected to an Access Point that has some Broadcom chipsets and they are using this modulation scheme. This module was tested on a Raspberry Pi 3 target.

Feature: EAP Relay Attack & Signal strength graphs

EAP Relay Attack

  • When trying to connect to a network using 802.1X authentication, SILICA will launch an MSCHAP Relay Attack if the credentials are unknown. This attack will allow SILICA to join the network after a man-in-the-middle attack on a legitimate client device trying to join the network. Only the PEAP with MSCHAPv2 authentication protocol is supported for this attack.

Signal strength graphs

    • Real time signal-to-noise ratio graphs are available for both access points and stations. These can be used to better position your wireless card, or to try and find the location of a wireless device (a directional antenna could be of help in that case).

Feature: Attack and Post Exploitation Modules

Attack Modules

      • A reduced version of the CANVAS network exploitation platform to probe and attack the target WLAN is included with SILICA. In addition to a number of remote code execution exploits, authentication bypass exploits that try to access the administrative interface of the target access points are included as well.

Post Exploitation Modules

      • After a remote code execution exploit is successful, post exploitation modules are run to gather information from the target: ● Screengrab: take a screenshot in the target host ● Get password hashes ● Get stored WiFi keys ● Get device information for Android devices ● Get system information

Feature: WPS Attacks

SILICA includes three WPS attack:

      • WPS brute-forcing
      • WPS default PINs by MAC address
      • Offline brute-forcing (also known as Pixie Dust)

WPS brute-forcing is selected from the WPS > Get WPS PIN (full bruteforce) submenu. It will iterate over up to 11000 PINs. When successful, the WPS PIN and WPA shared key for the target are obtained. SILICA supports resuming an interrupted bruteforce attack against a target. NOTE: Many access points do not handle large numbers of WPS authentication events well, either as a protection or as a result of bugs, so in those cases this attack will most likely fail.

WPS default PINs are tested by either WPS > Get WPS PIN (full bruteforce) or WPS > Get WPS PIN (try only default pins). Certains access points are known to have PINs that can be derived from their BSSID, and SILICA will try these first.

Offline WPS PIN brute-forcing, also known as the Pixie Dust attack, is also attempted with any WPS attack. If successful, this attack will be very quick (less than one minute) as it does not need to try multiple PINs against the access point.

Feature: Fake AP

While scanning, SILICA will sniff for probe requests to populate this table. Each row represents an SSID probed for by a wireless device. Custom SSIDs can also be manually added by filling the text box next to the “Become custom AP” button and clicking the button.

By right-clicking a row, a variety of Fake AP attack modules can be launched using the row’s ESSID and Channel as a parameter. When running a Fake AP module, SILICA will accept connections from wireless devices trying to connect to the spoofed SSID. Network traffic from the devices (stations) will be monitored for cookies and credentials, and these are stored in the Cookie Viewer, Attack Tree and Passwords tabs.

Menu action option: Edit encryption method and parameters of the Fake AP. Edit Channel to set channel of the Fake AP. Become this network with client-side injection (Client-side Injection Attack). Become this network with ssl-stripping and self-signed certificates (SSL Stripping and Spoofing attack). Become this network with service impersonation (Service Impersonation Attack).

Karma Attack. Instead of impersonating only one SSID, the FakeAP will respond to all probe requests , trying to get as many stations as possible to connect. This option is selected with the Karma Mode (reply to all probes) checkbox. This option is available for Fake AP with open or radius authentication.

Fake Captive Portal Attack. When this option is set, HTTP traffic from each station is redirected to a fake sign-in page until the user introduces any credentials. Captured credentials are added to the Passwords tab. This option is available for Fake APs using the service impersonation module.

Executable Replacement Attack. When the Fake AP is started with the Enable Transparent HTTP Proxy option set, requests from stations to files with an executable extension done over HTTP will be intercepted and the responses replaced with backdoors. This attack works for Windows, Linux and OSX targets.

Apple EAP-success attack (CVE-2019-6203). There is a vulnerability in same Apple devices that allows an attacker to create fake access points that successfully spoof real access points for those devices by sending EAP-success messages that the Apple devices accept even before validating credentials. SILICA will try to exploit the vulnerability when creating a FakeAP with 802.1X encryption.

Feature: Attack Tree & Printer Exploitation

The attack tree shows scan and attack results in a centralized manner, grouped by network, attack type, and target. Entries are shown in a tree format. The first level are the network entries, the second level the attack type, the third level the target devices, and individual results are stored in further levels in a hierarchical manner. Entries can be folded or expanded to collapse the tree visualization. Some entries allow for additional actions to be performed by right-clicking on them. This is signaled by an icon on the Actions column.

Printer exploitation

      • When SILICA finds a network printer, it will add the PJL file system to the Attack Tree. By expanding the PJL entries, you can explore directories, download files, and exploit path traversal vulnerabilities in the printer’s file system. This is done on demand and in real time, so SILICA should be connected to the printer’s network for this feature to work.

Feature: Malicious AP Detection

SILICA analyzes captured beacons and probe responses looking for possible malicious access points. Any access point possibly spoofing a valid SSID will be added to this tab with the reason that the AP is suspicious. There is one entry for each unique BSSID/Channel pair.

The color code is yellow for suspicious but probably benign configuration changes. Red is for known malicious or highly unexpected conditions.

  • Improved security posture, Simplified trouble shooting, Network mapping.
  • Create real threat profiles and vulnerability assessments
  • Build WiFi risk and vulnerability analysis for PCI, SOX
  • Rogue access point detection
  • Auditing wireless client security

Complete Wireless Pentesting Solution

SILICA runs inside a virtual machine. Each SILICA user will receive an email with their credentials and instructions on how to activate SILICA.
SILICA comes with two wireless cards, however only one is required for regular SILICA use and activation. The additional wireless card is only required to perform the KRACK attack.
Unless explicitly stated in the release notes, the virtual machine does not change for each SILICA release, so it is not necessary to download the virtual machine again to obtain the last version. Updates can be deployed by clicking the UPDATE button on the SILICA interface.

  • Forensics teams working to re-create an incident.
  • Security Management teams that want a purpose-build vulnerability scanning and exploitation tool for their WiFi network, including remote identification of systems and mobile devices even when running personal firewalls.
  • Network administrators who want to discover ad-hoc, unauthorized clients, or weakly authenticated WiFi access points, and to test/recover WEP, LEAP and WPA 1,2 keys.
  • Compliance officers looking for real risk management profiles.
  • Security Assessment teams that are tired of the false positives from traditional scanners use SILICA’s man-in-the-middle and aggressive remote exploitation capability.

E-SPIN & Immunity SILICA

E-SPIN has been active in both vulnerability assessment and penetration testing (VAPT) supply for enterprise customers since 2005. Be it part of enterprise threat and vulnerability management use case, for supply world class commercial penetration testing suite of system to private zero-days vulnerability exploitation pack for ethical hacking, to assist government customers for the hassle and complex US export control and license application paperwork with relevant agencies until proper and legally to license various world class penetration testing suite, system and related exploitation for ethical hackers among corporate internal penetration tester, red team operation, to external security consultant and licensed penetration tester.

Feel free to contact E-SPIN for the hassle free, project turnkey supply with value added services (VAS), from consulting, project management, training and maintenance. Be it for national government authority, pentesting services firm to listed corporations who need to access it for carry out project and operation requirements.

Other post you may interest

Immunity CANVAS Pentesting, Breach & Exploit Development

Tagged under: Immunity, Penetration Testing (Pentesting), SILICA, Wireless Network Security Assessment

What you can read next

Mobile Device Security and Challenges
AppUse PRO Mobile Pentesting
Trend Micro Enterprise Security Suites Edition
MOVEit Product Overview by E-SPIN
MOVEit Product Overview by E-SPIN

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • From food crisis to export ban in next normal

    From food crisis to export ban in next normal u...
  • Innovations Shaping the Future of Transportation Industry

    Post-pandemic restructuring to survive in Next normal

    If you observe the global news, beside the COVI...
  • Interview with Serkan Akcan-CEO of SecHard

    Exclusive Interview by Diyanah Ali Recently ent...
  • SmartBear ALMComplete

    From edge computing to hyperscale edge computing

    It all began when technology expands the defini...
  • E-SPIN Group entering Partnership with SecHard to Deliver Complete Zero Trust Solution

    Hong Kong, Malaysia, Singapore, Indonesia, Thai...

Recent Comments

  • JEAN ARIANE H. EVANGELISTA on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • Ira Camille Arellano on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • NKIRU OKEKE on Top 5 Challenges in the Consumer Products Industry
  • Md Abul Quashem on Types of Online Banking or E-Banking
  • Atalay marie on What is Cybersecurity Mesh ?

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011
  • February 2009
  • July 2008

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • BeyondTrust
  • Brand
  • Case Studies
  • Cerbero Labs
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DBeaver
  • DefenseCode
  • DSquare Security
  • DSquare Security
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • GitLab
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Invicti
  • Ipswitch
  • Job
  • Life Science
  • LiveAction
  • Logpoint
  • Magnet forensics
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PECB
  • PortSwigger
  • Pradeo
  • Product
  • Progress
  • Qualys
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • SecHard
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Soft Activity
  • SolarWinds
  • Solution
  • SUSE
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2022 E-SPIN Group of Companies | All rights reserved.
E-SPIN refers to the global organisation, and may refer to one or more of the member firms of E-SPIN Group of Companies, each of which is a separate legal entity.
  • Contact
  • Privacy
  • Terms of use
TOP