- 16
- 1 542 803
Mathy Vanhoef
Приєднався 30 вер 2011
How TunnelCrack breaks most VPNs
This video is not a hacking tutorial. It only shows the impact of the "TunnelCrack" research, with as goal to motivate users that they need to update their VPN software. The video doesn't explain the actual steps to perform such attacks. For more info, see tunnelcrack.mathyvanhoef.com
This video is based on the academic paper "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables" by Nian Xue (New York University), Yashaswi Malla, Zihang Xia, Christina Pöpper (New York University Abu Dhabi), and Mathy Vanhoef (KU Leuven University). The paper will be presented at USENIX Security 2023.
0:00 - Intro
0:20 - Leaking traffic
1:11 - Identify websites
1:36 - Block security camera
2:09 - Credits
This video is based on the academic paper "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables" by Nian Xue (New York University), Yashaswi Malla, Zihang Xia, Christina Pöpper (New York University Abu Dhabi), and Mathy Vanhoef (KU Leuven University). The paper will be presented at USENIX Security 2023.
0:00 - Intro
0:20 - Leaking traffic
1:11 - Identify websites
1:36 - Block security camera
2:09 - Credits
Переглядів: 9 900
Відео
The Untold Secrets Behind FragAttacks
Переглядів 3,6 тис.3 роки тому
Longer and more detailed presentation about FragAttacks for WAC4 (co-located with the CRYPTO'21 conference). For more info see 👉 www.fragattacks.com ▬ Contents of the presentation ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 2:47 - Aggregation attack 9:08 - Aggregation attack demo against MacOS 12:49 - Aggregation attack IPv4 packet construction 15:06 - Fragmentation background 17:46 - Mixed key attack 22:08 - Frag...
FragAttacks: Presentation at USENIX Security '21
Переглядів 15 тис.3 роки тому
For more info see 👉 www.fragattacks.com ▬ Contents of the presentation ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 1:12 - Aggregation background 2:17 - Aggregation attack 4:05 - Fragmentation background 5:03 - Fragment cache attack 6:47 - Mixed key attack 8:58 - Easy to abuse implementation flaws 10:01 - All devices have vulnerabilities 10:32 - Tool to test devices 10:46 - Discussion and long-term lessons ▬ Extra ...
FragAttacks: Demonstration of Flaws in WPA2/3
Переглядів 96 тис.3 роки тому
This is not a "hacking" tutorial but a demonstration about academic IT security research. Made by Mathy Vanhoef of New York University and KU Leuven. The tools shown are not public. For more info see 👉 www.fragattacks.com ▬ Contents of the presentation ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:11 - Aggregation attack 3:27 - Implementation flaws 3:37 - Power plug attack 4:13 - Exploiting Windows 7 ▬ Extra info ...
Dragonblood: Demo of downgrade attack against WPA3
Переглядів 18 тис.3 роки тому
This is a demonstration of a downgrade attack against the WPA3 implementation of Linux's IWD client. This research is based on the paper "Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd".
![[IEEE S&P] Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd](http://i.ytimg.com/vi/WZyK_v6xa9o/mqdefault.jpg)
[IEEE S&P] Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
Переглядів 3,7 тис.3 роки тому
For more information see wpa3.mathyvanhoef.com/ This is a slightly longer version of the presentation that was given at the IEEE Security & Privacy conference on the paper "Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd". Paper: eprint.iacr.org/2019/383 Slides: papers.mathyvanhoef.com/rwc2020.pdf
![[WiSec] Protecting Wi-Fi Beacons from Outsider Forgeries](http://i.ytimg.com/vi/D5Tnk3WeaE0/mqdefault.jpg)
[WiSec] Protecting Wi-Fi Beacons from Outsider Forgeries
Переглядів 2,4 тис.4 роки тому
Pre-recorded presentation given at the WiSec'20 conference. See the corresponding research paper at papers.mathyvanhoef.com/wisec2020.pdf Disclaimer: this presentation is for academic purposes. It does not teach someone how to hack, but instead contains research on how to better secure computers.
KRACK Attacks: Bypassing WPA2 against Android and Linux
Переглядів 1,3 млн7 років тому
This video explains some of the academic research performed in the ACM CCS 2017 paper "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2". It's not a guide or tutorial on how to hack people. Instead, the video was made to make people aware of potential risks, and to motivate everyone to update their smartphone and laptop. By updating your devices you (normally) avoid the risks mentioned i...
Attacking WPA-TKIP when used as the group cipher
Переглядів 7 тис.7 років тому
See modwifi.bitbucket.io/ and github.com/vanhoefm/modwifi
Black Hat 2017: WPA1/2 Man-in-the-Middle against an OpenBSD Client
Переглядів 4,4 тис.7 років тому
Recorded demonstration of the man-in-the-middle attack mentioned in the Black Hat 2017 presentation "WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake".
Black Hat 2017: Permanent Denail-of-Service aganst an OpenBSD Access Point
Переглядів 1,5 тис.7 років тому
Recorded demonstration of the attack mentioned in the Black Hat 2017 presentation "WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake".
Black Hat 2017: Denial-of-Service against Windows 7 WiFi Access Points
Переглядів 1,6 тис.7 років тому
The presented vulnerability is from the Asia CCS 2017 paper "Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing".
HEIST: HTTP Encrypted Information can be Stolen through TCP-windows
Переглядів 7788 років тому
Black Hat talk: ua-cam.com/video/GwQsu8dGSeA/v-deo.html Whitepaper: www.blackhat.com/docs/us-16/materials/us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf
Demonstration of Selective (Reactive) Jammer against WiFi
Переглядів 2,1 тис.9 років тому
Demonstration corresponding to the paper "Advanced Wi-Fi Attacks Using Commodity Hardware". See github.com/vanhoefm/modwifi for the code of the selective jammer, so you can try it out yourself!
Demonstration of Constant Jammer against WiFi
Переглядів 2,3 тис.9 років тому
Demonstration corresponding to the paper "Advanced Wi-Fi Attacks Using Commodity Hardware". See github.com/vanhoefm/modwifi The code for the constant jammer is not public, but can be requested.
The RC4 NOMORE Attack: Demonstration in Practice
Переглядів 37 тис.9 років тому
The RC4 NOMORE Attack: Demonstration in Practice
Lol people still trying to annoy modern routers. Go work at local computer shop.
After this video I al ready thinking if I buy the year payment of nord vpn ( hahah now I think I will still use tor instead of vpn purchase
Thanks for sharing this info. We have to be extra careful with our wireless devices.
Are u in jail now?
Never-I'm safely hidden behind 7 proxies 😎
@@vanhoefm Somehow I believe you're not exaggerating 😱😜
@@vanhoefm any idea if Mullvad / AirVPN are safeguarded against this?
@@JustAnotherYou2ber Mullvad on Android is fully secure. Against their desktop apps it was possible to selectively block traffic, but there were no traffic leaks. The LocalNet attack was possible against iOS. Overall it was in decent shape compared to the other VPN apps. I haven't tested their latest versions - that will be done in a master thesis soon :)
@@vanhoefm dank u voor het antwoord 🫡🤝
que herramientas usa?
A flaw that exists for more than 2 decades and may have been discovered/disclosed and exploited by a wider audience ever since. Hasn't this security flaw been discussed or mentioned before publishing your article and since which VPN software release has this vuln been mitigated or patched? Or am I reasoning too simplistic here and is this much more complex to mitigate/patch globally than I think?
There was an guide from 2015 on how to securely configure a Linux VPN client when visiting the DEF CON conference. When following that guide the LocalNet attack would have likely been prevented. Unfortunately though, almost none of the VPN vendors (and users) realized this, so in practice a lot of VPN clients were vulnerable, as confirmed in our experiments where we tested 248 VPN clients.
no, then it get fixed, bad for us!
excuse me, anyone can tell me which android devices that author used to test
i don't know that devices is a real phone or a virtual android we can install on computer
excuse me, how we get the android ipv6? ipv6 that i meant the --target on the first command
Wow, the weakness is ain the fact that a brute force attack is required. Please tell us all how easy it will be to crack the password if it is 60 characters long and is randomized Upper and Lower characters with special characters as well? These type of videos are getting pathetic.
You would literally have to defeat encryption to crack this... Just wait for quantum computers if you find this pathetic...
60 characters long😂 । Do u even have that much storage, noob spotted।
You can’t crack in today’s computers’ power such a password. As someone told you here, you will have to do it with quantum computer
LOL
and how many people do you think actually uses password of such length???? yall stupid really, lol. he isn tmaking a password cracking video ofcourse he puts a easy password for demo purposes.
If WiFi configured to use WPA3-SAE only in hidden mode, the network will be safe right?
no, wifi adapter will see all ESSID and BSSID even of hidden networks
Is there a method for 2023?
amazing,good job💯
Well that's terrifying
VPN (user) as the new AV superadmin...hackinv metod
is wpa2-enterprise with eap-tls vulnerable against KRACK?
Lol, Torguard is marked as always vulnerable on ALL clients. Looks like Tom Sparks finally has a reason to stop promoting TorGuard as the best.
when did vpn software updates roll out to fix this problem?
Very nice ❤❤😊
Damn ! Mulvad here i come
Why do you say that? Just curious
@@John-Smith02 MullvadVPN Software has a button, which blocks all local network traffic (except connection to the gateway)
❤❤❤
11:52 LOOOL🤣
Any practical video on how to crack WPA3 Wifi?
Great!
What is the name of this downgrade attack tool
it kinda looks like a newer version of an evil twin
This is terrifying, thankfully this loophole has been resolved. Thanks White Hats!
But I don’t get what’s so impressive about this? Windows 7 isn’t supported anymore that’s why it’s vulnerable for attacks
Mathy sir can you give me the code of nat_punch_tcpsyn.py
waarom toont ge uw kikkerkop
Muy buen video
Hi, does this attack have CVE number?
You’re basically just jamming the original AP and phishing for the password. This doesn’t qualify as a software vulnerability
Where do we go to learn this and without getting in trouble by the law
You, sir, are amazing! I am reading all about you in SANS SEC401. I am happy to find your channel! You and your partners pointed out a flaw about WPA2 in 2017 and in 2019 with WPA3.
How you got Wireshark running and this was a very easy password? Normal passwords will take longer….
hmmm I have password mixed in characters, capital, symbols, special characters ,,,, how long that would be broken?
@@jpthsd it all depends
well yes, this is not a password cracking tutorial is it? so id assume he used a simple password.
So wpa 2 with a VERY long pw and changed regularly is best for everyday users ?
just use LAN lol
Now what are you saying we should completely stopped using WiFi?....
& 3G,2G...
Hello we need your help to uncover wildlife trafficking in bolivia
jajajajajajajajajajaj
hi sir I needed the attack script too teach my students
Nice Explantion.... Is it possible to provide more information on Inject Spoofied beacons and hostapd configuration for Protected beacons
So informative! Thanks.
so they needed a cookie to get the initialization vector but how long would it take to bruteforce rc4 without the cookie
I don't picture it being possible lol
Too weird to live, too rare to die!
nice one for sure but only on thing it dont work with many other website this means that you guys need to clone them and run them on your on apache2 server and also make sure ssl script is up and running
Do you have an ETA when the wpa3 spec will be updated to patch the design flaws?
Iso 25002
👍
Good job
awesome work
chinese?
you can have the same results with MID Attack via ettercap.