00:00:00
is it true that it's possible to crack
00:00:02
your Wi-Fi password in 60 seconds let's
00:00:04
find
00:00:05
[Music]
00:00:11
out to join a Wi-Fi network the client
00:00:14
needs to authenticate that is to prove
00:00:16
its identity the most common
00:00:18
authentication method for Wi-Fi networks
00:00:21
is pre-shared key basically both the
00:00:24
clients and the access point share the
00:00:26
same pre-shared key now during the
00:00:29
Authentication process the client needs
00:00:31
to prove possession of that pre-shared
00:00:33
key without directly transmitting it
00:00:36
here's where the EOL handshake comes
00:00:38
into play its primary role is to
00:00:40
securely exchange information and derive
00:00:43
a key used to encrypt communication
00:00:45
between the client and the access points
00:00:48
also among other things eil handshake in
00:00:51
WPA2 psk confirms that both the client
00:00:54
and access point have the same
00:00:56
pre-shared key now the plan is to
00:00:58
capture the eil handle shake and later
00:01:01
try to Brute Force the Wi-Fi password
00:01:03
offline Brute Force password cracking
00:01:05
means trying every possible combination
00:01:08
of characters within the defined set
00:01:10
until the correct password is found
00:01:12
alternatively we can capture a pairwise
00:01:14
master key identifier if the network
00:01:17
transmits it pmk ID is used to quickly
00:01:20
identify if a client has previously
00:01:22
authenticated and has a valid key
00:01:25
avoiding the need for a full handshake
00:01:28
every time it's primarily used in
00:01:30
roaming between access points anyway
00:01:32
let's try to capture either the eepo
00:01:34
handshake or pmk ID first step is
00:01:38
identifying your access points SM
00:01:40
address and channel number to do that I
00:01:42
will run the aod dump command followed
00:01:45
by the wireless interface name and the
00:01:48
SS ID of the target Wi-Fi network okay
00:01:51
here's the mag address of the access
00:01:53
points radio and here's the channel
00:01:55
number of the Wi-Fi network next we need
00:01:58
to capture either EO hand shake or pmk
00:02:01
ID to capture only relevant traffic
00:02:04
let's build a filter that we can later
00:02:06
apply during capture to do that I will
00:02:08
run TCP dump followed by- s to set the
00:02:12
size of the frame to capture to 65,000
00:02:15
then let's specify the data link type to
00:02:18
80211 that's Wi-Fi then let's specify
00:02:21
the filter we want to capture traffic
00:02:23
where the source or destination Mac
00:02:26
address is the access point Mac address
00:02:28
or broadcast MA address triple D set the
00:02:32
output format to be compatible with our
00:02:34
traffic capture tool let's save the
00:02:37
result to filter. BPF file and run the
00:02:40
command to sum up TCP dump is not doing
00:02:42
any capturing it just creates a file
00:02:45
with Filter instructions inside next
00:02:47
let's start the hcx dump tool that will
00:02:50
capture the Wi-Fi traffic I will specify
00:02:53
the capture interface name the channel
00:02:55
the network is using then provide the
00:02:58
file with the filter and finally set the
00:03:00
name of the file to save the capture
00:03:03
okay the capture is in progress to speed
00:03:05
things up I will connect to the network
00:03:07
from my mobile plus under P indicates
00:03:10
that the pmk ID has been captured now
00:03:13
plus under three indicates that we got
00:03:16
the eole handshake either one is
00:03:18
sufficient to start the cracking let's
00:03:20
stop the capture now I will use the hcx
00:03:23
pickup NG G tool to convert the capture
00:03:26
to a format readable by hash cut hash
00:03:29
cut is a power ful password cracking
00:03:30
tool let's run hash cut with hashtype
00:03:34
22,000 that's WPA and WPA2 then let's
00:03:38
set the type of cracking to A3 that's
00:03:41
brute force and specify the password
00:03:44
format I'm expecting the password to be
00:03:46
exactly eight characters long that's
00:03:49
minimum length of WPA psk pass phas
00:03:52
question mark h means that I want only
00:03:55
lowercase characters and digits okay 20
00:03:59
seconds later we have the password for
00:04:01
the network oh boy is it really that
00:04:03
simple well yes and no I just showed you
00:04:06
an ideal scenario there are multiple
00:04:08
things to consider first to capture the
00:04:11
eepo handshake the attacker needs to be
00:04:13
in range of your access point but also
00:04:16
in the range of your client as it needs
00:04:18
to if drops on both the frames coming
00:04:21
from the access point but also frames
00:04:23
coming from the client so the first
00:04:25
thing you can do to improve the security
00:04:27
of your Wi-Fi network is to reduce the
00:04:29
signal leakage basically set the
00:04:32
transmission power of your access point
00:04:34
so it covers only the physical area
00:04:36
where it's needed another thing to
00:04:38
consider is the Wi-Fi standard if your
00:04:40
access point is Wi-Fi 7 and your client
00:04:43
is Wi-Fi 7 then the attacker would need
00:04:45
to have a wireless adapter that supports
00:04:48
monitor mode for Wi-Fi 7 that's much
00:04:50
harder to get than a $10 Wi-Fi 5 adapter
00:04:54
with monitor mode support So In general
00:04:56
the more modern equipment and Wi-Fi
00:04:59
standard you use the better another
00:05:01
thing you can do to improve your Wi-Fi
00:05:03
security is to enable protected
00:05:05
management frames this helps protect
00:05:08
against the authentication and
00:05:10
theassociation attacks making it harder
00:05:12
for the attacker to force the client to
00:05:14
reauthenticate mind that to capture the
00:05:17
EO handshake client needs to
00:05:19
authenticate so it's a common practice
00:05:21
by the attacker to force client
00:05:23
disconnection with pmf enabled it's much
00:05:26
harder to do however after enabling pmf
00:05:29
clients that do not support it will no
00:05:32
longer be able to connect another thing
00:05:33
to consider especially if you are not
00:05:36
roaming between access points is to
00:05:38
disable pmk ID some brands of access
00:05:41
points offer to set that option
00:05:43
explicitly or due to Firmware updates of
00:05:46
course the network would be still
00:05:48
vulnerable to capturing the eil
00:05:50
handshake but not vulnerable to pmk ID
00:05:53
capture let's move to the two things
00:05:55
that make the most significant change
00:05:58
first thing is obvious you need need to
00:05:59
use a stronger password long complex and
00:06:03
unique passwords are very difficult to
00:06:05
crack if the password can be guessed
00:06:07
consist of only numbers or is short then
00:06:11
is susceptible to offline dictionary or
00:06:13
Brute Force attacks in the demo I did
00:06:16
use a CPU capable of calculating 50,000
00:06:19
hashes per second if you would use a GPU
00:06:22
for that purpose we would increase this
00:06:24
number to around 2 million hes per
00:06:26
second but it's still not feasible to
00:06:28
crack a 12 character complex password so
00:06:31
a strong complex password is the key
00:06:33
another thing you can do is switch from
00:06:35
WPA 2 to wpa3 wpa3 uses SAE
00:06:40
Authentication Protocol that's much more
00:06:42
secure and resilient to offline
00:06:44
dictionary attacks same story there some
00:06:46
devices don't support wpa3 and they
00:06:49
won't be able to connect there's however
00:06:51
a totally different approach and that's
00:06:53
what we'll be doing today we'll add a
00:06:55
radio server to our Wi-Fi network but
00:06:58
what a radio server is is and how will
00:07:00
it help in simple terms radius is a
00:07:03
service that provides user
00:07:05
authentication by verifying their
00:07:07
credentials against database or another
00:07:10
authentication Service like Lup or
00:07:12
active directory it utilizes EAP
00:07:15
protocols that allow secure
00:07:16
authentication over potentially insecure
00:07:18
networks radios can work with access
00:07:21
points or switches granting or denying
00:07:24
network access for the clients based on
00:07:26
predefined policies what issues does it
00:07:29
solve Sol first it offloads the
00:07:31
authentication burden from access points
00:07:34
second of all when using the radio
00:07:36
server each user has its individual
00:07:38
username and password so you have the
00:07:40
accountability next thing is with radius
00:07:43
you have Central management of all users
00:07:46
it can lock accounting information like
00:07:48
when a user joined the network and so on
00:07:50
moreover radio supports much stronger
00:07:53
authentication methods or even
00:07:55
certificates to authenticate that makes
00:07:57
it resilient to offline dictionary at
00:07:59
tax let's look at a simplified diagram
00:08:02
from a high level perspective when a
00:08:04
client called this applicant wants to
00:08:06
join the network it initiates a request
00:08:08
to the access point called the
00:08:10
authenticator the authenticator places
00:08:12
the connection in an unauthenticated
00:08:15
State meaning the client cannot
00:08:16
communicate freely on the network but
00:08:19
can only exchange EAP messages the
00:08:22
authenticator acts as a relay forwarding
00:08:25
these EAP messages between the
00:08:27
supplicant and the radius server without
00:08:29
going into much details a TLS tunnel is
00:08:33
established between the client and the
00:08:35
radio server with the access point
00:08:37
acting as a pass through for the EAP
00:08:39
packets this encrypted tunnel is used to
00:08:41
protect the inner authentication process
00:08:44
depending on the protocol the inner
00:08:46
authentication could involve methods
00:08:48
such as papap that's password
00:08:51
Authentication Protocol where a clear
00:08:53
text username and passwords are sent or
00:08:56
challenge response protocols like chop
00:08:59
or Ms chap V2 alternatively a
00:09:02
certificate based approach can be used
00:09:04
where a single TLS tunnel performs both
00:09:07
authentication and encryption relying
00:09:10
entirely on Mutual certificate
00:09:12
authentication once the radio server
00:09:15
receives the client credentials it
00:09:17
validates them against Value store in
00:09:19
its backend database the free radius
00:09:22
server that will be using supports
00:09:24
multiple backend databases such as flat
00:09:27
files elap SQL databases active
00:09:30
directory and more if the credentials
00:09:32
are valid the radio server sends an
00:09:35
access accept message to the
00:09:38
authenticator which then allows the
00:09:40
client to join the network so to sum up
00:09:43
there are two layers in EAP based
00:09:45
authentication the outer layer is a
00:09:47
secure TLS tunnel that protects the
00:09:49
communication between the client and the
00:09:51
authentication server the inner layer
00:09:54
handles the actual authentication such
00:09:56
as using a plain text username and
00:09:58
password or other authentication methods
00:10:01
there are various EAP methods but the
00:10:03
three most common ones are peap that
00:10:06
stands for protected EAP this uses TLS
00:10:09
on the outside for security and Ms chab
00:10:12
version two on the inside for
00:10:14
authentication eapt TLS which stands for
00:10:17
EAP tunnel TLS it's similar to peap it
00:10:20
has TLS on the outside but supports more
00:10:23
inner authentication protocols such as P
00:10:26
chap Ms chap version two and others and
00:10:29
E TLS this relies entirely on TLS
00:10:32
certificates for both the client and the
00:10:35
server providing Mutual authentication
00:10:37
and encryption without requiring other
00:10:40
credentials lastly the access point acts
00:10:43
as a relay between the client this
00:10:45
applicant and radio server the radio
00:10:47
server validates the credentials and
00:10:49
notifies the access point to either
00:10:51
Grant or deny network access let's do a
00:10:54
very basic setup I'm using Davin 12 I
00:10:57
will start with installing fre radius
00:10:59
server freeradius uus and EOL test
00:11:02
utility once installed let me stop the
00:11:05
freeus server so we can perform its
00:11:07
configuration for this demo we'll be
00:11:09
storing users in a flat file I will open
00:11:12
the file containing the users now at the
00:11:15
end of the file I will add a new user
00:11:17
let's name it Philip with clear text
00:11:20
password password then let's save the
00:11:22
file next let's look at the client's
00:11:25
configuration file it defines the
00:11:27
devices that can connect to the radio
00:11:29
server for example switches access
00:11:32
points wireless controllers and so on by
00:11:34
default there's an entry for a client
00:11:36
called Local Host that is allowed to
00:11:39
connect from 127 001 IP using testing
00:11:44
123 as the password the thing is every
00:11:47
time a device connects to the radio
00:11:49
server it needs to provide that password
00:11:51
mind that each device configur in this
00:11:53
file can have its own passphrase and
00:11:56
access list okay it's all set instead of
00:11:58
starting in the freeradius server with
00:12:00
system CTL start I will run Freer r-x
00:12:04
that will start the server in debug mode
00:12:06
sending all the diagnostic messages to
00:12:08
the screen this is useful for
00:12:09
troubleshooting okay server is ready to
00:12:12
process requests I'll do one more thing
00:12:14
that is start traffic capture on loopb
00:12:16
UDP Port 1812 that's the default radius
00:12:20
Port then let's test our setup to do
00:12:22
that we'll use the provided rout test
00:12:25
utility first parameter is the username
00:12:28
then there's the user password then the
00:12:30
IP of the radius server we are
00:12:32
connecting to the Local Host then an
00:12:34
integer that doesn't matter and finally
00:12:36
the secret required to connect we saw
00:12:39
that secret in the client's
00:12:40
configuration file okay let's run the
00:12:42
command we've sent an access request
00:12:45
message to the radio server in the
00:12:46
message was included the username and
00:12:49
clear text password we did receive an
00:12:51
access accept reply two things to notice
00:12:55
Nas in the context of radius means
00:12:57
network access server and it's the
00:13:00
device that made the request to the
00:13:01
radio server on behalf of the client so
00:13:04
in a Wi-Fi network the Nas is the access
00:13:07
point second thing is by default the
00:13:09
traffic is not encrypted if we look at
00:13:11
the capture we'll see the properties in
00:13:13
plain text don't be fooled by this line
00:13:16
saying the password is encrypted it's
00:13:18
only obfuscated let's see what will
00:13:21
happen if we provide a wrong password we
00:13:23
got an access reject message what if we
00:13:26
provide the wrong secret to the radio
00:13:28
server our client is sending multiple
00:13:31
requests but does not get any replies
00:13:33
radius server is performing a silent
00:13:35
discard that's to prevent information
00:13:38
leakage if we look at the server logs we
00:13:40
see the shared secret is incorrect
00:13:42
passwords can be stored in various
00:13:44
formats let's try sha 256 I will
00:13:47
calculate the Sha 256 sum of the
00:13:49
password string using the op SSL command
00:13:52
now let me copy the hash and open our
00:13:54
user database I will add a new user
00:13:57
Philip 2 identif ified by the shadow 56
00:14:00
encoded password let's save the file and
00:14:02
run our free radius server in debug mode
00:14:05
finally let's see if the credentials
00:14:07
work with rat test command yep we got
00:14:10
the access access reply mind that we are
00:14:12
still sending the password in clear text
00:14:14
only that change is the way passwords
00:14:17
are stored in the database to test the
00:14:19
8021 X authentication we'll use the eepo
00:14:22
test command it replicates the behavior
00:14:24
of a real world supplicant that would
00:14:26
typically use wp2 Enterprise or w pa3
00:14:29
Enterprise authentication in Wi-Fi
00:14:31
networks remember the TLs tunnel I've
00:14:33
told you ear that's used to exchange
00:14:35
authentication data upon installation
00:14:38
Freer radius generates a self-signed
00:14:40
certificate you can find a path to that
00:14:42
certificate in the EP configuration file
00:14:45
if we look at the certificate it's
00:14:48
self-signed and it's valid for 10 years
00:14:51
good enough for now okay let's start by
00:14:53
creating a configuration file needed by
00:14:55
EOL test tool let's name the file EOL
00:14:58
test inside we'll create a network
00:15:00
definition we'll set the key management
00:15:02
protocol to WPA so it's not WPA
00:15:05
pre-shared key but WPA Enterprise I will
00:15:08
set the I method to ttls that's tunnel
00:15:11
TLS we want to establish an encrypted
00:15:13
tunnel between the client and the radio
00:15:15
server then I will provide the username
00:15:18
and password finally I'd like to use Pap
00:15:20
that's plain username and password
00:15:23
authentication after the tunnel is
00:15:25
established okay let's save the file I
00:15:27
will start the free radius server in
00:15:29
debug mode then I will enable traffic
00:15:31
capture on UDP Port 1812 finally let's
00:15:35
run the eepo test tool Dash c specifies
00:15:37
a path to the configuration file - A
00:15:40
sets the radio server ip- p is the radio
00:15:44
server Port - s is the shared secret
00:15:47
that we've seen in the client
00:15:48
configuration file of the radio server
00:15:50
let's run the command Okay
00:15:52
authentication was successful if we look
00:15:54
at the traffic capture we'll see the
00:15:56
authentication data is encrypted Within
00:15:59
the TLs tunnel now it's time for a real
00:16:01
test I will open the client's
00:16:03
configuration file to allow my access
00:16:05
point to connect to the r server to do
00:16:08
that let's define a new client I will
00:16:10
name it unify the allowed IP will be
00:16:15
192168101 that's the IP of my access
00:16:18
point you should put the IP of your
00:16:20
device here let's define the shared
00:16:22
secret as testing 1 23 let's save the
00:16:25
file and start the free radius server in
00:16:27
debug mode now I will go to my Wi-Fi
00:16:30
controller I'm using UniFi but these
00:16:32
steps are similar for other brands let's
00:16:35
go to profiles radius and create a new
00:16:38
radius profile I will name the profile
00:16:40
free radius then I will put the IP of my
00:16:43
radius server and shared secret the same
00:16:45
we did Define in the client
00:16:47
configuration then let's click add okay
00:16:50
the profile has been created mind that
00:16:52
UniFi has a building radio server but
00:16:54
for this demo we are using an external
00:16:56
server next let's go to our Wi-Fi
00:16:58
network I have a network created already
00:17:01
now I will switch the security protocol
00:17:02
from wpa3 to wpa3 Enterprise I could
00:17:06
also select WPA 2 Enterprise then I will
00:17:09
configure that network to use our new
00:17:11
free radius profile and apply the
00:17:14
changes now let's do a connection test I
00:17:16
will join the free radius Network here
00:17:18
I'm prompted for the username and
00:17:20
password let's provide that and click
00:17:23
okay here I'm presented with the self
00:17:25
signed certificate from the free radio
00:17:27
server let's accept the certificate and
00:17:29
we are in if we look at the network
00:17:31
details we'll see that the security type
00:17:33
is wpa3 Enterprise technically at this
00:17:36
point we could stop we have a radio
00:17:38
server with a self signed certificate it
00:17:40
allows us to add and remove users it
00:17:43
supports the popular PMS chap version 2
00:17:46
authentication method if needed we could
00:17:48
easily add an L up back end with GUI to
00:17:51
manage the users also we could replace
00:17:53
the certificate with our own so long
00:17:55
story short if you want to improve your
00:17:57
Wi-Fi network security and and get rid
00:17:59
of shared keys that can be cracked but
00:18:01
don't have a dedicated wireless
00:18:03
controller that has a build-in radio
00:18:05
server you can go that route let's go
00:18:07
one step further we could configure the
00:18:09
free radio server to forward the
00:18:11
authentication request to Microsoft
00:18:13
Azure entra ID using o out2 so that
00:18:17
whenever someone tries to join the
00:18:18
network the credentials will be sent to
00:18:20
radio server that in turn instead of
00:18:23
looking at the local user database we
00:18:25
proxy the request to Microsoft Azure
00:18:27
active directory let's do that I'm using
00:18:30
Azure free tier here's the entra ID
00:18:32
users console let me create a new user I
00:18:35
will name it Philip let's copy the
00:18:38
password and click create I will refresh
00:18:41
the view okay the user is there now let
00:18:44
me go to my signin page and try to login
00:18:47
I will provide the username at my free
00:18:50
Azure domain and click next then let's
00:18:53
provide the copied password upon first
00:18:55
login I'm prompted to change the
00:18:58
password let's provide the old password
00:19:00
and enter the new password twice finally
00:19:04
let's click sign in okay we are in I'll
00:19:07
start the demo with the final result let
00:19:09
me go to my Windows PC here's the
00:19:12
self-signed certificate from the radio
00:19:14
server I will rename the file to CRT now
00:19:18
I will double click on that certificate
00:19:20
and click install then let's select the
00:19:22
current user and place the certificate
00:19:25
in trusted root certification
00:19:27
authorities okay okay the import was
00:19:29
successful long story short in the EAP
00:19:32
ttls authentication method that we are
00:19:35
using the client needs to be able to
00:19:37
validate the certificate of the radio
00:19:39
server against certificate Authority the
00:19:42
certificate I've just imported has the
00:19:45
full certificate chain including the ca
00:19:48
certificate now let's go to network
00:19:50
settings then WiFi and manage no
00:19:54
networks I will add a new network my
00:19:56
Wi-Fi network name is freeo I will set
00:19:59
the security type to wpa3 Enterprise
00:20:03
then I will set up the EAP method to EAP
00:20:05
ttls that's TLS tunnel let's also select
00:20:09
the connect automaticly and click save
00:20:12
next I will go to Advanced properties
00:20:14
security settings and Des select
00:20:17
identity privacy as you can see the
00:20:20
internal authentication is set to papap
00:20:23
that's plain username and password let's
00:20:25
click okay now I will click on the free
00:20:28
radius Wi-Fi and click connect it did
00:20:30
ask me for credentials let's provide the
00:20:33
username and password that we've created
00:20:35
in Azure now I got ask if I want to
00:20:37
continue connecting and see the server
00:20:39
certificate why not let's click connect
00:20:42
and we are in if we look at the
00:20:44
connection details we see the security
00:20:46
type is wpa3 Enterprise and the signin
00:20:49
type is EAP ttls if I disable Wi-Fi and
00:20:52
reenable it back the connection will
00:20:54
automatically establish how cool is that
00:20:57
let me show you the steps to set it up
00:21:00
first we need to create a new oout
00:21:02
application I'm in my Azure console I'll
00:21:04
go to app registrations and click new
00:21:07
registration let me name the application
00:21:10
free radius and click register let's
00:21:12
copy the client ID we'll need it later
00:21:15
now let's go to certificates and secrets
00:21:18
and create new client secret it will be
00:21:20
needed for free radius to connect to
00:21:22
Azure let's name it free radius and
00:21:24
click add now I will copy the value of
00:21:27
that secret finally let's go to API
00:21:29
permissions click add permission select
00:21:32
Microsoft graph application permissions
00:21:35
and search for directory I will select
00:21:37
directory read all and click add
00:21:39
permission finally let's click Grant
00:21:41
admin consent for our domain okay aure
00:21:45
site is set now let's go to our free
00:21:47
radius installation I will open the file
00:21:50
containing our users and remove the two
00:21:53
users that we've created now let me
00:21:55
install a few prerequisites then let's
00:21:58
go to the opt folder and download free
00:22:01
radius oout module from GitHub now let's
00:22:04
set it up first I will open the free
00:22:06
radius proxy configuration here we can
00:22:08
Define that we want to forward
00:22:10
authentication requests for various
00:22:12
domains to various servers I will
00:22:14
configure that for my own Microsoft
00:22:17
domain the authentication request should
00:22:19
be forwarded using oout to protocol to
00:22:21
Azure let's set up the URL then let's
00:22:25
put the client ID that we've copied in
00:22:28
the previous step let's also provide the
00:22:30
client secret that we've copied in the
00:22:32
previous step as well finally I will set
00:22:34
the cach to true this will improve user
00:22:36
experience so we don't have to ask Azure
00:22:39
every time for password okay let's save
00:22:41
the proxy configuration next let's open
00:22:44
the Freer dictionary file and include
00:22:47
values from allout module okay let's
00:22:50
save that file now let's enable the aout
00:22:53
module by creating a symbolic link in
00:22:55
the mods enable folder let's also set
00:22:59
policy by creating a symbolic link in
00:23:01
the policy folder next we need to modify
00:23:03
the default configuration for handling
00:23:05
radius requests let's go to the
00:23:07
authorized section then search for Lup
00:23:10
and just after Lup at oout 2 now let's
00:23:14
go to authenticate section and at the
00:23:16
very end add the allout authentication
00:23:19
type finally let's go to post out
00:23:21
section uh find the elab bline and add
00:23:24
the O out to entry okay let's save that
00:23:27
configuration file next we need to make
00:23:29
exactly the same modification for the
00:23:31
inner tunnel let's open the inner tunnel
00:23:34
file find the authorized section search
00:23:36
for L up line and add all out to entry
00:23:40
now let's go to authenticate section and
00:23:42
at the very end let's add allout to
00:23:45
authentication type finally in the post
00:23:48
out section let's find the Lup line and
00:23:51
add the allout to entry okay let's save
00:23:54
the inner tunnel configuration file next
00:23:56
let's start the free radio server in
00:23:58
debug mode it started successfully now I
00:24:00
will check if the authentication works
00:24:02
by using the rat test tool the syntax
00:24:05
should be familiar rat test followed by
00:24:07
username and password then IP address of
00:24:10
the radus server that's Local Host and
00:24:13
the shared secret okay it took a bit
00:24:15
longer but we got access accept reply if
00:24:19
we rerun the test one more time it's
00:24:21
much faster due to caching mechanism if
00:24:24
we look at Azure sign in logs we see
00:24:27
those successful Authentication attempts
00:24:29
if we go to free radius locks we see
00:24:31
database replication let me stop free
00:24:34
radius server then open theout to module
00:24:37
configuration and change the
00:24:38
synchronization frequency to every 1
00:24:41
hour let's restart the free radio server
00:24:44
so there you have it from cracking WPA 2
00:24:47
with Brute Force we are setting up a
00:24:49
simple local radio server to setting up
00:24:52
an Azure ad integration we've covered
00:24:55
some basic concepts related to securing
00:24:57
a Wi-Fi Network remember strong
00:24:59
passwords and mod authentication methods
00:25:02
are key my recommendation use long and
00:25:05
complex passwords upgrade to wpa3 if
00:25:08
your access points and clients support
00:25:10
it and finally consider implementing
00:25:12
radius thanks for watching and stay
00:25:15
secure
00:25:20
[Music]
