Hackers of India

APAD: An EDR Grade Agent for Wi-Fi Access Points

By  Vivek Ramachandran  on 23 Sep 2019 @ Rootcon

This talk covers following tools where the speaker has contributed or authored
APAD

Presentation Material

Abstract

Wi-Fi is ubiquitous and the de facto way to connect to the Internet. With increasing Wi-Fi speeds and the gradual disappearance of the network port on our laptops, it might soon be the only way. Being entrusted with such an important responsibility, one would assume that Wi-Fi access points would have sufficient built-in security and attack detection. Unfortunately, this is farther away from the truth as it could be! Wi-Fi access points in the personal and SMB space have barely evolved over the past decade! This puts users at great risk - we routinely hear about attackers redirecting DNS and other traffic, attacking users behind an access point, etc. One would ask - why are the Access Point vendors not doing anything about this? Simple answer: hardware vendors typically don’t care much about software. So, we’ve decided to take matters into our own hands :)

In this talk, we will be releasing - Access Point Attack Detector (APAD): an enterprise-grade access point monitoring agent built from the grounds up. APAD will have a kernel and user mode components which will continuously monitor your access point platform for attacks and intrusion attempts! The tool should be easily portable to most Linux based access point platforms. For our demo - we will be using OpenWRT along with a hardware access point! Enough said - looking forward to seeing you at the talk!