Unlimited WiFi: Bypass Captive Portals and Proxies with a Twist! |
Abstract
Have you ever been stuck in the airport and run out of the one hour free WiFi? Have you ever been in a hotel that makes you pay for WiFi? Our talk, Unlimited WiFi, helps understand the common flaws within captive portals and proxies. On restricted networks, these methods can be used to exfiltrate information, where it may seem rather difficult, and download necessary exploits (please stop blocking exploit.db… makes pen testing a pain!). Finally, we will talk about how we developed a mini-authentication framework over DNS, allowing us to turn on IoT devices when stuck in a plane and WiFi connectivity is questionable! This talk brings in the concepts of misusing whitelisted software, writing scripts to bypass restrictions, writing your own authentication, and general software vulnerabilities. Our audience should gain a good understanding of the most common weaknesses within our target software and interesting ways to use the flaws they expose to our advantage! Speaker Bio: Sajeeb Lohani is a senior penetration tester at Privasec and a lecturer in Melbourne University, who graduated from Monash University with a Bachelor of Software Engineering (Honours) in 2017. Sajeeb remains passionate about contributing to and improving cyber security research. Sajeeb currently holds 120+ CVEs and is the co-developer of Interlace, an open-source project. Sajeeb is also a bug bounty hunter, ranking within the top 100 within BugCrowd and top 10 within DVuln. Sajeeb gives back regularly to the Melbourne cyber security community by founding the Monash Cyber Security Club, presenting at local meetups, and mentoring at the Australian Women in Security Network (AWSN) Cadets workshops. Sajeeb also runs initiatives which attempt to responsibly disclose security issues within open source software projects, making the world of software ‘more secure’. Maeesha Lohani is a passionate student, studying Computer Science, majoring in Cyber Security. Runner-up in the Women in Security Awards 2019 for “Best Student Security Leader”, Maeesha dedicates time volunteering and managing parts of the Australian Women in Security Network (AWSN) Cadets. |