Bring Your Own Credentials!

How to exploit commonly deployed enterprise Wi-Fi configuration to steal credentials from a mobile device?

Dear Members and Friends,

We invite you to this ISACA technical series presentation where we will introduce an attack which consists in stealing corporate user credentials by exploiting commonly deployed enterprise Wi-Fi configuration on mobile devices.

A live-demo of this attack scenario will be performed. Practical exploitation will show that this technique could also be extend to any corporate workstations deployed with a common enterprise Wi-Fi configuration.
Counter-measures of this attack will be discussed and show the importance of systems hardening (e.g. Mobile Device Management, workstation group policy hardening).

The conference will be animated by Joany BOUTET, security consultant working for security audits and governance services at Telindus (www.telindus.lu), and will be followed by a networking cocktail.

We are looking forward to meeting you for this event.

-- ISACA Luxembourg Chapter --

Joany BOUTET's bio:

Since November 2008, Joany Boutet is Security Consultant working for Security Audits and Governance Services, a Telindus Luxembourg CyberSecurity department. His main focus is on Ethical Hacking and technical vulnerability assessments. He is responsible for network, application and wireless penetration testing, product security evaluations, and risk assessments of critical infrastructure for Telindus' customers.
Concerning certifications and qualifications, Joany obtained a large set of two OSSTMM Certifications (OPST & OPSA) and nine GIAC technical certifications covering penetration testing (including mobile and Wi-Fi security), intrusion analysis, incident handling and forensics.
Joany started to work on mobile security since early 2010 during his GPEN (GIAC Certified Penetration Tester) certification, for which he graded the Gold level with his paper on Android Spyware development using Application Reverse Engineering.
Joany frequently attends SANS Training and security conferences and also provided different talks at infosec conferences such as ISACA Information Security Days, ITdays and hack.lu.