[Silica] SILICA v7.21
Oren Isacson
oren at immunityinc.com
Wed Jun 17 09:28:51 EDT 2015
Immunity is proud to announce the release of SILICA v7.21!
- WPS offline bruteforcing (AKA Pixie Dust Attack)
Access Points using Ralink chipsets lack randomization of the E-S1 and
E-S2 nonces. This attack will do an offline brute force of the WPS PIN,
reducing the time that it usually take to obtain the Access Point
credentials.
- New WPS option "try only default PINs"
When this menu option is selected, only the fastest WPS attacks are
carried on.
- Denial of service enhancement
The "Disable this network" module will now send a continuous stream of
deauthentication packets.
- Bug Fixes:
Issue that prevented connection to some WLANs using WPA encryption.
Issue with the WPS bruteforcing module.
Wireless channel selection fixes.
To view a demonstration of the Pixie Dust Attack visit:
https://vimeo.com/130883860
For any questions or support please email silica at immunityinc.com
Videos can be found at:
SSL attacks using SSL stripping and self signed certificates -
https://vimeo.com/122117823
Exploiting Android WebView.addJavaScriptInterface -
http://vimeo.com/109831748
Password stealing -
http://partners.immunityinc.com/movies/Silica-BrowserAutoFill-Take2.mov
AP less WEP cracking -
http://silica.immunityinc.com/AP_less_WEP_cracking.mov
Access point impersonation -
http://partners.immunityinc.com/movies/Access_point_impersonation.mp4
Custom traffic injection -
http://partners.immunityinc.com/movies/Traffic_injection.mp4
General overview -
http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov
Wireless Window -
http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4
Key retrieval (WEP, LEAP, WPA1,2) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU02.mp4
Passive session hijacking (facebook, twitter, gmail etc) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU_01.mp4
SILICA Team
More information about the SILICA
mailing list