IMMUNITY : Knowing You're Secure

Redefining wireless assessments


Understanding the vulnerabilities of your WiFi network can be challenging as users can easily create networks on demand, or even perhaps unintentionally. But as recent events have demonstrated, scanning your WiFi network is an important part of understanding your security posture.

Most vulnerability assessment tools simply take their current network scanners and point them at the wireless infrastructure. This approach does not give you the information that is unique to wireless networks. Immunity has built the first automated, WiFi specific, vulnerability assessment and penetration tool.

Unlike traditional scanners that merely identify possible vulnerabilities, SILICA determines the true risk of a particular access point. SILICA does this by unintrusively leveraging vulnerabilities and determining what assets behind the vulnerable access point can be compromised.

Additionally while traditional scanners can enumerate the vulnerabilities of a particular target, they cannot evaluate whether a mitigating control is in place on the target or in the surrounding environ- ment. With SILICA’s unique methodology it can report on whether vulnerability can be successfully exploited.

More than simple scanning, the benefits of using SILICA include:

1) Improved security posture
2) Simplified trouble shooting
3) Network mapping
4) Create real threat profiles and vulnerability assessments
5) Build WiFi risk and vulnerability analysis for PCI, SOX
6) Rogue access point detection
7) Auditing wireless client security

With SILICA you can:

1. Recover WEP, WPA 1,2 and LEAP keys

2. Passively hijack web application sessions for email, social networking and Intranet sites.

3. Map a wireless network and identify its relationships with associated clients and other access points.

4. Identify vendors, hidden SSIDs and equipment passively.

5. Scan and break into hosts on the network using integrated CANVAS exploit modules and commands to recover screenshots, password hashes and other sensitive information.

6. Perform man-in-the-middle attacks to find valuable information exchanged between hosts.

7. Generate reports for wireless and network data.

8. Hijack wireless client connections via access point impersonation.

9. Passively inject custom content into client's web sessions.

10. Take full control of wireless clients via CANVAS's client-side exploitation framework (clientD).

11. Decrypt and easily view all WEP and WPA 1/2 traffic.

HIPAA Typical SILICA users include:

1. Forensics teams working to re-create an incident.

2. Security Management teams that want a purpose-build vulnerability scanning and exploitation tool for their WiFi network, including remote identification of systems and mobile devices even when running personal firewalls.

3. Network administrators who want to discover ad-hoc, unauthorized clients, or weakly authenticated WiFi access points, and to test/recover WEP, LEAP and WPA 1,2 keys.

4. Compliance officers looking for real risk management profiles.

5. Security Assessment teams that are tired of the false positives from traditional scanners use SILICA's man-in-the-middle and aggressive remote exploitation capability.

SILICA Product Features:

Access Point recon and analysis

Automated client discovery

Access Point exploits

Automated exploit launch and run

Automated SSID discovery

WEP, WPA 1/2 and LEAP credential recovery

Man-In-The-Middle capability

Number of hosts analyzed simultaneously: 256

Average time to compromize a host: < 1 minute

Average time to break a WEP network: 10 minutes

Average time to break a LEAP, WPA 1/2 network: depends on key strength

Report Format: HTML

Report retrieval: USB

Frequency ranges: 802.11 a/b/g/n

Installation: Bootable USB drive

Wireless cards: USB, PCMCIA, PCCARD, ExpressCard

Virtual machine support

SILICA is a self-contained solution that runs on a standard Intel based laptop. The SILICA software and base operating system (Ubuntu) is shipped on a bootable USB drive that enables you to run SILICA without any software modifications to your laptop. Included on the drive is partition containing a virtual machine with the same SILICA image giving you even greater flexibility and ease of use.

Also included with SILICA is a high performance Ubiquity WiFi USB adapter that greatly increases the wireless performance over the base WiFi chip sets that are included in most commercial laptops.

This self-contained solution provides support for 802.11 a/b/g/n networks. This product is ideal for security personnel who wish to integrate WiFi testing into an existing test platform with our security testing tools.


- SILICA 7.8 WPS attack
- SILICA 7.5 - New Features
- SILICA overview
- Wireless Window
- Key retrieval (WEP, LEAP, WPA1,2)
- Passive session hijacking (Facebook, Twitter, GMail, etc.)
- Access point impersonation
- Custom traffic injection