vanhoefm/ blackhat17-pocs
Need help with blackhat17-pocs?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
About the developer
127 Stars 
63 Forks 
BSD 2-Clause "Simplified" License 
23 Commits 
0 Opened issues 
Description
Proof of concepts of attacks against Wi-Fi implementations
Services available
Contributors list
Readme
WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
This repository contains proof-of-concepts of selected attacks mentioned in my Black Hat 2017 talk. The talk was based on the paper Discovering logical vulnerabilities in the Wi-Fi handshake using model-based testing. The testing framework explained during the talk, and in the paper, is also public.
Table of Content
- OpenBSD: Client Man-in-the-Middle (view demo)
- OpenBSD: Access Point Denial-of-Service (view demo)
- Windows 7: Targeted DoS against hotspot (view demo)
- Windows 10: Insider DoS against hotspot
- Broadcom, Windows 10, Aerohive: Impossible TKIP Countermeasures Insider DoS
Acknowledgements
This work is based on the paper "Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing" which was co-authored with Domien Schepers and Frank Piessens.