TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

Promiscuous Wireless Packet Sniffer Project

BHIS · 2020-05-27 · Read original ↗

ATT&CK techniques detected

17 predictions
T1056.001Keylogging
100%
“mentioning the recent work ( 2019 ) of marcus mengs / rogan dawes – logitacker. marcus implemented a hardware solution to accomplish discovery, passive and active enumeration, forced pairing, keystroke injection, scripting, and much more, specifically for logitech devices. using …”
T1056.001Keylogging
99%
“https : / / github. com / bastilleresearch / mousejack in particular, i found the nrf24 _ scanner. py and nrf24 _ sniffer. py python scripts extremely helpful while conducting my own research. other contributors during my extensive research on this project, i frequently found mys…”
T1056.001Keylogging
98%
“secret key xor ’ d with the data. - example of microsoft ’ s keyboard encryption in 2016, marc newlin ( bastille research – mousejack / burning man ) https : / / www. bastille. net / research / vulnerabilities / mousejack / technical - details made some significant findings regar…”
T1056.001Keylogging
98%
“approximately 100 meters ( 10 meters without ). using the optional nrf24l01 + pa lna long - range module with external antenna has been tested and verified to reach 1100 meters ( line of sight ). wiring diagram due to my past success using jackit for keystroke injections and my d…”
T1056.001Keylogging
98%
“tool is used. also note that i modified the code to monitor the keystroke injection being transmitted and display these packets via the serial bus. this data can be viewed using the serial monitor ( under tools ) in the arduino ide or by monitoring the serial port if using platfo…”
T1040Network Sniffing
98%
“capable of sniffing a subset of packets being transmitted by various devices. this was accomplished by ignoring nordic ’ s specification about the address being limited to 3 – 5 bytes. realizing that two bits defined the address size, travis set the address to the illegal value o…”
T1056.001Keylogging
92%
“- promiscuous mode made it possible to distill the packet sniffing and injection functionality to a minimal amount of python code. ” how is keystroke injection possible? wireless mice and keyboards communicate using proprietary protocols operating in the 2. 4ghz ism band. unlike …”
T1040Network Sniffing
90%
“risk of exposure. from an infosec perspective, taking the promiscuous sniffer approach and maintaining a database of known vulnerable devices and their fingerprints could go a long way in helping corporations learn of possible weaknesses in their infrastructure. ideally, it would…”
T1056.001Keylogging
85%
“promiscuous wireless packet sniffer project promiscuous wireless packet sniffer project ray felch / / introduction : after completing and documenting my recent research into keystroke injections ( executing keyboard injection attacks ), i was very much interested in learning the …”
T1056.001Keylogging
83%
“the action ( s ) being conveyed. without knowledge of this key, an attacker would not have access to the plain text data or know the information being typed. marc newlin ( bastille research ) discovered that none of the mice tested used any encryption techniques. this means that …”
T1056.001Keylogging
80%
“sniff the wireless keyboard and mouse traffic being sent to the dongle, which is then converted to usb hid packets on the computer. these hid packets can, in turn, be sniffed by enabling the usbmon kernel module on linux, thereby displaying the hid code of the key pressed. the ca…”
T1056.001Keylogging
80%
“to the 2 - byte crc provided by the esb packet, unifying packets are also secured with a 1 - byte checksum. unifying keystroke packets are encrypted using 128 - bit aes, using a key generated during the pairing process. the specific key algorithm was unknown to the team, however,…”
T1056.001Keylogging
75%
“##ofthings / uc _ mousejack - cd / uc _ mousejack / src - mkdir promisc _ sniffer - copy c : \ attack. h promisc _ sniffer - copy c : \ < path > \ promisc _ sniffer. ino promisc _ sniffer - cd promisc _ sniffer - ( run ) promisc _ sniffer. ino primarily, i was interested in being…”
T1056Input Capture
63%
“the action ( s ) being conveyed. without knowledge of this key, an attacker would not have access to the plain text data or know the information being typed. marc newlin ( bastille research ) discovered that none of the mice tested used any encryption techniques. this means that …”
T1219Remote Access Tools
51%
“/ 2011 / 02 / promiscuity - is - nrf24l01s - dut newlin, marc. ( october 24, 2015 ). hacking wireless mice with an nes controller. presented at toorcon 17, san diego, ca bitcraze ab. ( 2016 ). crazyflie 2. 0. retrieved from https : / / www. bitcraze. io / crazyflie - 2 / bitcraze…”
T1071.001Web Protocols
32%
“varied tremendously. some used plain text communication with no encryption. others used encryption on their keyboard traffic but left mice plain text, etc. thorsten schroder and max moser ( http : / / www. remote - exploit. org / articles / keykeriki _ v2 _ 0 _ _ 8211 _ 2 _ 4ghz …”
T1573.002Asymmetric Cryptography
31%
“varied tremendously. some used plain text communication with no encryption. others used encryption on their keyboard traffic but left mice plain text, etc. thorsten schroder and max moser ( http : / / www. remote - exploit. org / articles / keykeriki _ v2 _ 0 _ _ 8211 _ 2 _ 4ghz …”

Summary

Ray Felch // Introduction: After completing and documenting my recent research into keystroke injections (Executing Keyboard Injection Attacks), I was very much interested in learning the in-depth technical aspects of […]

The post Promiscuous Wireless Packet Sniffer Project appeared first on Black Hills Information Security, Inc..