[Silica] SILICA v7.21

Oren Isacson oren at immunityinc.com
Wed Jun 17 09:28:51 EDT 2015


Immunity is proud to announce the release of SILICA v7.21!

- WPS offline bruteforcing (AKA Pixie Dust Attack)
Access Points using Ralink chipsets lack randomization of the E-S1 and
E-S2 nonces. This attack will do an offline brute force of the WPS PIN,
reducing the time that it usually take to obtain the Access Point
credentials.

- New WPS option "try only default PINs"
When this menu option is selected, only the fastest WPS attacks are
carried on.

- Denial of service enhancement
The "Disable this network" module will now send a continuous stream of
deauthentication packets.

- Bug Fixes:
Issue that prevented connection to some WLANs using WPA encryption.
Issue with the WPS bruteforcing module.
Wireless channel selection fixes.

To view a demonstration of the Pixie Dust Attack visit:
https://vimeo.com/130883860

For any questions or support please email silica at immunityinc.com

Videos can be found at:

SSL attacks using SSL stripping and self signed certificates -
https://vimeo.com/122117823
Exploiting Android WebView.addJavaScriptInterface -
http://vimeo.com/109831748
Password stealing -
http://partners.immunityinc.com/movies/Silica-BrowserAutoFill-Take2.mov
AP less WEP cracking -
http://silica.immunityinc.com/AP_less_WEP_cracking.mov
Access point impersonation -
http://partners.immunityinc.com/movies/Access_point_impersonation.mp4
Custom traffic injection -
http://partners.immunityinc.com/movies/Traffic_injection.mp4
General overview -
http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov
Wireless Window  -
http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4
Key retrieval (WEP, LEAP, WPA1,2) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU02.mp4
Passive session hijacking (facebook, twitter, gmail etc) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU_01.mp4


SILICA Team



More information about the SILICA mailing list