DEF CON 27 Wireless Village - Lennart Koopmann - Nzyme A New WiFi Defense System

HUX5vA6VGLs/default.jpg

In this talk, I am explaining and releasing v1.0.0 of nzyme after 2 years of work. Nzyme is a new and Open Source WiFi IDS that addresses challenges of wireless security by employing deception techniques, fingerprinting and classic signature-based detection methods. In addition to the IDS part of nzyme, it also parses, enriches and forwards every intercepted management frame to a log management system to allow for long-term WiFi DFIR and even threat hunting. Classic signature-based detection supports alerting on unexpected channels, BSSIDs, SSIDs and crypto options as well as deauthentication frame flooding. Using these techniques can be a good start, but they are so easy to bypass by an attacker that more effort is needed. To take the blue team game to a new level, nzyme allows you to spin up fake networks and alert when an attacker attempts to interact with them. A fingerprinting approach detects common attack platforms like WiFi Pineapples, or ESP8266-based deauthers. The talk includes a real quick introduction to WiFi security with a focus on how signature-based detection is not enough, a live-demo of the web interface and some live detection action. I am explaining the fingerprinting approach in depth, and at the end of the talk, there is a demo of DFIR and threat hunting tasks with the collected data in Graylog.

HUX5vA6VGLs/default.jpg
DEF CON 27 Wireless Village - Lennart Koopmann - Nzyme A New WiFi Defense System DEF CON 27 Wireless Village - Lennart Koopmann - Nzyme   A New WiFi Defense System Reviewed by Unknown on November 19, 2019 Rating: 5