Wireless Trojans

Welcome back all! I recently watched a presentation with one of my favorite instructors Vivek Ramachandran, in which he introduces a fairly novel penetration testing technique, as well as a wireless firewall. The idea, a wireless remote access tool, is a post exploitation technique that hosts a rogue access point and a bind shell simultaneously, allowing nearby attackers to re-access the victim machine. I love the concept, it's a neat way to leverage persistence on a box within physical terms (great for tracking someone as well) and can be used to jump into a network that you've previously been unable to bust out. The bind shells will host their own rogue access point and bind a port on the gateway to give remote control, whereas the reverse shells would join a preferred network automatically and then call out with a reverse shell to the gateway of said rogue network. Vivek provides a bind shell PoC written in C++ for Windows but I'm following it up with a repo devoted to these shells, mine also uses higher level code (python and powershell), targeting both Linux and Windows. Here is my repo, Wifi Trojans, which includes a PoC bind shell on Windows and a PoC bind shell on Linux, at release. Vivek also provides an epic 40+ video series for free on wireless penetration testing, through Pentester Academy. With this technique (rogue access points) becoming weaponized further and being made more popular, Vivek's wireless firewall may start to gain some traction, meaning these shells will have to be greatly improved upon to bypass future detection and prevention systems. I also wouldn't be surprised if Vivek's wireless firewalls are just an evolutionary stepping stone and one day we will have full frequency firewalls with the popularization of SDR networking.