Security Consultant Viris (SI)
Danijel Grah has a Bachelor degree in Computer Science at the University of Ljubljana, Slovenia.
He is a Security Consultant at Viris for some time and is involved in penetration testing, security reviews, programming, consulting and research. He has deep understanding into threats, vulnerabilities and trends.
He likes to practice Information Security in everyday life. Danijel is devoted to his work, open minded, enjoys new challenges and he never stops studying.
ELK stack for Hackers
Visualizing Wi-Fi traffic is today more or less limited to console windows and analyzing different logs from aircrack-ng toolset. There are some commercial tools, but if we want to stay in open source area we need to find better solution. So ELK stack was used to gather, hold, index and visualize data. For input modified version of airodump tool was used. With this some amazing dashboards can be created and some interesting data can be correlated and some deep digging can be made for Wi-Fi packets.
When doing penetration tests we often run into big number of different data. One of those fields are also Wi-Fi networks. When doing Wi-Fi analysis we are mostly focused on using aircrack-ng or Kismet toolset. This means, that we are generally limited to terminal windows and text outputs. This kind of data is hard to visualize and since humans can easily analyze data when there is good visual representation, there is place to do some research in this area.
To get data into ELK stack is another thing. Current tools don’t provide any JSON output to logging component of and ELK stack. So we tried different things to get JSON output, but best solution was to just change source code and recompile airodump tool. With this we created right input for Elasticsearch.
Visualization with Kibana from gathered data can be quickly done and doesn’t required any programming skills. With this quick interesting dashboards can be created and very good visibility can be achieved.
We could visualize following data:
• Number of open and protected Wi-Fi networks
• Number of clients connected to different Wifi networks/stations
• Number of clients on stations in time
• Clients that broadcast send most beacons over Wi-Fi
• Manufacturer information about clients and stations.
Are you the next cyber security superstar?
Ready for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
Sponsors & Partners
They help us make this conference possible.
Orange Romania is the leader of the local telecom market and part of the Orange Group, one of the largest global telecommunications operators, connecting hundreds of millions of customers worldwide. With over 11 million customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions to its customers, both individual users and companies, from basic services up to complete voice services, fixed and mobile data, TV services or smart home services, but also mobile financial services. Orange is also a leader in innovation investing yearly over 200 million euros in network infrastructure and R&D initiatives in Romania. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance. In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.
Orange Services was created in 2013 and is a 100% owned subsidiary of Orange Group. As a technology services company, our DNA is in IT, but our teams also work in other domains including mobile networks and a number of commercial and business functions. Orange Services is one of the largest technology hubs in the Orange Group, working internationally for both Orange corporate functions and country operations. Through a unique combination of cutting edge know-how and expertise, our teams provide a broad range of services: development and supervision of IT services in domains such as Big Data, Cloud, M2M, IoT, TV, Connected Objects; design and development of IT infrastructure and desktop solutions; testing & planning for mobile networks; implementation of supply chain solutions and also improvement of commercial & business performance including BI, CRM, Analytics, Digital learning and Customer Care. Visit us on LinkedIn.