2016-08-31

WIFISH 2016 - No Hacking Required.

There I said it. There was no hacking required. Just plain old smarts and creativity were all you needed to get through all 3 challenges, ultimately finding and 0wning all the WiFi Sheep Hunt Access Points.  I know, I know... "WTF are you talking about? This is DEFCON, we are supposed to hack!!" Now, now kids... sometimes the simplest solutions work the best. let's get started from the beginning.

To start with, it is essential that you always have the correct gear and resources for whatever activity it is you're planning to do. If you're going to the beach, you prep your beach stuff. If you're hitting the gym you'll prep your oly shoes, lifting belt, wrist wraps...etc. Your daily ruck/bag/purse always have your essentials -  cell phone, battery pack, cables, wifi pineapple, swiss army knife, cash, paracord,...etc. 

Then there is prepping "to go to DEFCON", and there is prepping for "a contest in DEFCON".  The regular DEFCON prepping, like getting a burner phone and a burner laptop is all good, but it is not enough be competitive.  Additional gear or software are required if you want to do well in any contest you decide to play.  

In addition to your gear, months of practice and research will go a long way.  For WIFISH, being a wireless challenge presents a lot of protocol you might encounter, so you'll have to prep for basically everything wireless - bluetooth, infrared, NFC, WiFi, RF (ham radio).  You won't know what you will be presented with until the day of the challenge.

For this year, we had 3 challenges...  RF, NFC and WIFI.

The most ideal gear to have for the challenges are as follows.
RF - a ham radio, and a directional fox hunting gear.
NFC - an Android device with an NFC tag reader app, or better yet a ProxMark II
WIFI - Kali laptop and Aircrack.

<unfinished blog post>