Eric & Matt are seasoned pentesters and Principal Security Consultants at Secureworks. On a daily basis they attempt to compromise large enterprise networks to test their physical, human, network and wireless security. They have successfully compromised companies from all sectors of business including: Healthcare, Pharmaceutical, Banking, Finance, Technology, Insurance, Retail, Food Distribution, Government, Education, Transportation, Energy and Industrial Manufacturing. Eric and Matt’s team consecutively won first place at DEF CON 23, 24, and 25’s Wireless CTF, snagging a black badge along the way.
Sysadmins, CISO’s and compliance officers run pentests on their internal and external infrastructure, and commonly ignore their wireless footprint. However, access to a corporate wireless network is seldom monitored and provides covert access to an attacker. Think a long random passphrase or individual user authentication will protect your perimeter? Think again. Current wireless attacks take advantage configuration oversights, deceiving end users, and circumventing what had been thought to be reasonable network segmentation. Such compromise can have disastrous implications resulting in the “attacker from the parking lot” scenario. Curious to see how a compromise from a “secure” wireless network happens? Eric & Matt will discuss their evolving wireless pentest methodology and answer audience questions.