RSA - What you need to know!

Taking a quick look at the upcoming RSA conference and few other useful tips to keep you busy! [View this email in your browser]( SecPro #97: RSA - What you need to know! Hello! We're back and extremely excited about the upcoming RSA Conference! That's why we've put together a quick guide on what's going on, what is getting us excited, and why you should be excited too. If you're at a loose end over the next week, make sure to tune in (along with the _secpro team!) to hear what the biggest names in the industry are saying. Also, Packt is doing a little research. In the run-up to our "State of Tech 2023" report, we wanted to get a little perspective from the security-minded. That's why we're offering a chance to win a $100 Amazon gift card to everyone who responds to this week's survey. Fancy a go? [Click the link below]( Before you skip ahead to this week's articles - if you're into pentesting and making things break, we also suggest you take a look at the [new bug bounty opportunity for people who are interested in breaking ChatGPT](. Scroll down and check it out for a chance to win $20,000 from OpenAI. Cheers! [Austin Miller]( Editor in Chief [TELL US WHAT YOU THINK!]( This week's highlights: - [RSA - What you need to know!]( - [ChatGPT Bug Bounty program]( - [Learn Ethical Hacking from Scratch]( - [Learn Cybersecurity with Ian Neil]( - [This Week's Survey]( And with that - on with the show! [_secpro]( [Packt _secpro Newsletter]( [The _secpro Website]( Studying for your Sec+? The CompTIA Sec+ is pretty much the gold standard for getting a foot in the door. We have been working with Ian Neil, an author and cybersecurity trainer, to get you up to scratch for the Sec+ exam. With a free study guide, live training, and online resources, this is a great place to start your journey or supplement any other courses you are using. [Check out Ian's website!]( Think you're ready to get started? Click the link below! [GET STARTED WITH SEC+]( This Week's Editorial Articles [RSA - What you need to know!]( The _secpro team loves a good conference. That’s why RSA has had us grinning gleefully all week – over 500 different events going on, ready for you to dive in. Cybersecurity Fundamentals [Learn Ethical Hacking from Scratch]( We've changed course! This time, we're taking a quick look at [Learn Ethical Hacking from Scratch](. Make sure to check out the book to set up your systems for the lessons, then dive in with the _secpro! [LIKE WHAT YOU SEE? CLICK HERE]( Deauthentication attack In this part of the book, all we will discuss are attacks that we can launch on any network in our Wi-Fi range, even if the network has encryption or uses a key. We don't have to connect to a network to launch these attacks. Understanding deauthentication attacks Deauthentication attacks are very useful; they allow us to disconnect any device from any network that is within our Wi-Fi range. To perform the attacks, we spoof our MAC address to get the target MAC address (the target being the client that we want to disconnect). We pretend to be the client, and then we send a deauthentication packet to the router, telling the router that we want to disconnect. At the same time, we spoof our MAC address to the AP MAC address, and tell the target client that it needs to re-authenticate itself. Then, the connection will be lost. Let's see how to do it, using a tool called aireplay-ng: - First of all, we need to run airodump-ng on the target network, because we want to see which clients are connected to it. This time, we will not need the --write option, so we are just going to remove it. All we need are airodump-ng, the --channel (we put the channel of the target network), and the --bssid (the MAC address of the target network). The command will be as follows: airodump-ng --channel 10 --bssid 00:10:18:90:2D:EE wlan0 We hit Enter, and we're sniffing on the target network, Test. This method will work on any device, whether it's a Linux, Windows, Mac, or Android device—it doesn't matter; they all use the same method of transferring packets: Now, we're going to run aireplay-ng, to disassociate one of the devices from the network. We can run it to disassociate all devices, but I have found that when we do that, it doesn't really disassociate all of them, because there are too many targets to disassociate. So, we will choose one target, which will be the device 6C:C4:D5:6F:A6:DC. - Using aireplay-ng, we will add --deauth (for a deauthentication attack), and then put the number of deauthentication packets that we're going to send; we will just put a very large number, to keep the device disconnected. Then, we will put the target AP (the MAC address of our target AP), and the source (or the client's MAC address), which is the device that we want to disconnect. We will also include wlan0, our Wi-Fi card in monitor mode. If we hit Enter, aireplay-ng will now send the deauthentication packets. The command will look as follows: aireplay-ng --deauth 10000 -a EC:1A:59:5A:E1:46 -c 6C:C4:D5:6F:A6:DC wlan0 The output will be something like this: Go to the target device and see if it still has an internet connection. We'll be able to see that it has lost connection, and it's trying to reconnect; it won't be able to, because we are still sending our deauthentication packets. We can launch this attack on any network that we choose; we don't need to know the password or key. Want to get a step-by-step guide of how to connect to a wireless adapter? [Click the link and check out the book]( It's free! [ChatGPT offering $20,000 bug bounty]( Did someone mention ChatGPT? Unless you've been living in a cave (and also ignoring your weekly updates from _secpro...), you probably know a fair bit about ChatGPT by now. In the wake of growing questions about the platforms security, OpenAI - the company behind the revolutionary software - has offered a [$20,000 bug bounty]( for anyone who can find an "exceptional discovery". What that entails, we're not 100% sure. But if you are the kind of person who is into trying to break things, this is a golden opportunity. [FIND OUT MORE HERE!]( Have You Tried...? With the RSA Conference around the corner, it couldn't be a better time to get up to scratch with cryptography! - [sobolevn/awesome-cryptography]( - Need a master list of resources? Start here. - [randombit/botan]( - A toolkit for working on cryptography. Easy. - [golang/crypto]( - Go-specific libraries for working on cryptography. - [Legrandin/pycryptodome]( - Same again, but this time for Python. - [dint-dev/cryptography]( - Working on mobile? Here's a Flutter kit too. [FORWARDED THIS EMAIL? SIGN UP HERE]( [NOT FOR YOU? UNSUBSCRIBE HERE]( Copyright © 2023 Packt Publishing, All rights reserved. As a GDPR-compliant company, we want you to know why you’re getting this email. The _secpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _secpro, you can opt out of our emails using the unsubscribe link below. Our mailing address is: Packt Publishing Livery Place, 35 Livery StreetBirmingham, West Midlands, B3 2PB United Kingdom [Add us to your address book]( Want to change how you receive these emails? You can [update your preferences]( or [unsubscribe from this list](.