The future of wireless security assessment.
In your pocket.
SILICA, SILICAQ and now SILICAU define the state of the art in wireless penetration testing and security assessment.
This first to market technology allows security professionals to perform wireless network security penetration tests while behaving innocuously.
The information below describes Immunity's hardware units SILICA and SILICAQ. Immunity is excited to now also offer SILICAU - SILICA/Q software only! This option is best suited for highly proficient wireless security engineers only. Hardware and software requirements are very specific; email us at silica@immunityinc.com for details.
SILICAU software only: $3,640.00. For a custom software and hardware setup, email silica@immunityinc.com.
For those clients that would like assistance installing and configuring the SILICAU software, Immunity offers this as an additional consulting service.
Immunity's approach to WLAN security, as it is with all other security challenges, is aggressive. SILICA and SILICAQ are the only automated wireless LAN exploitation solutions on the market. The units come pre-configured and ready to go straight out of the box. The small, portable, PDA-like devices allow you to perform all the usual penetration testing exercises, automatically, from your pocket! SILICA and SILICAQ will quickly and automatically grab screen-shots or password hashes, upload and execute software on target systems, or intercept and record network data. Both units include standard Wi-Fi auditing features such as capturing live signal, spectrum and packet data. Immunity's advanced research team continues to contribute updates to the software so the latest attacks are programmed in.
SILICA is focused on insecure access points and vulnerable systems connected to those networks. This affordable, ultra-lightweight device makes site surveys even easier by including GPS functionality to track access point location.
SILICAQ widens the attack surface. It unlocks previously inaccessible networks due to its proprietary WEP cracking functionality. From there, SILICAQ users can quickly and automatically grab screen-shots or password hashes, upload and execute software on target systems, or intercept and record network data.
The advanced SILICAQ hardware platform also allows up to ten times speed performance improvements over SILICA for network scanning and vulnerability exploitation, large-scale MITM attacks, a broad range of exploits, and easy reproduction and analysis of the exploitation process.
SILICAQ uses advanced researched methods to extend and fully automate the process of recovering a WEP key. It features unique extensions to the currently known WEP cracking algorithms that cannot be found anywhere else, including improved mathematical algorithms, error correction, increased probability of successful attack, speed improvements, less data capture, and a drastically improved automation. WPA cracking functionality is also included in SILICAQ.
Scanning options an be configured via an automatically configured preferences menu, that presents the user with options relevant to each selected scan. Scans run in Probe, Attack, or Man-in-the-Middle modes, gathering information using Immunity's industry-leading capabilities in reconnaissance, or actually exploiting vulnerabilities to take control of vulnerable access points and systems. MITM mode captures web traffic in order to allow the user to perform subsequent session hijack attacks. All those combined with a layer I (wireless) assessment provide a complete way of checking your infrastructure for security problems.
SILICA and SILICAQ scan 802.11 b/g networks with no additional hardware needed. SILICA also scans wired Ethernet networks with the use of a Bluetooth access point.
Some of the ways Immunity's customers use SILICA and SILICAQ...
Covert analysis tool: With the unit in your pocket running in non-stop attack or probe modes, you will continuously target every visible access point, automatically connecting to and attacking all insecure networks.
Recovering WEP keys: SILICAQ offers a unique way of completely recovering WEP keys from a network. It will automatically detect shared or open authentication and bypass both.
Recovering WPA key: SILICAQ offers an automated way of recovering a WPA1 and WPA2 key. It can then further automate a post action from a preselected radio box such as Attack, Probe, Man in the middle and Sniffer.
Bypassing 802.11b/g security: Enable hidden session identification discovery and the unit will reveal the non-broadcasted SSID of remote access points. Fed up of being filtered from MAC protection lists? Enable MAC address evasion and escape any MAC address filters set by the AP administrator. If you already know an allowed MAC, this feature also allows it to be manually set in order to audit your network. This feature can also be used to reveal hidden SSID's configured by system administrators.
Aggressive attack: Want to enumerate which systems can be broken into remotely? SILICA and SILICAQ will attempt to gain unrestricted access to all systems connected to your access points and extract valuable information in the form of screen-shots, password hashes, or configuration details. The unit will even upload and execute your own remote access utility on target systems, giving you remote wireless access to insecure systems.
Evading personal firewalls: Unique passive operating system identification techniques will even identify machines running a personal firewall.
Gather usage data: Ever wanted to identify the most commonly used access points in a geographical location? Use probe mode along with non-stop scan, walk in an area collecting access point type information and configuration details such as encryption methods and signal levels. This scan will extract a list of operating systems and machines behind the wireless access point or ad-hoc network, allowing you to evaluate what networks are the most heavily used.
Map a network: Walk around running SILICA in non-stop scanning mode with GPS enabled. It will map out an entire area by constantly seeking for new access points and ad-hoc networks. GPS locations on the reports can be used to plot over mapping applications or services.
Security compliance: Launch the software in interactive scan mode with the attack option selected. Eliminate false-positives with our unique methods of breaking in to verify that a flaw does exist and is exploitable.
Advanced man-in-the-middle attacks: Our software allows interception of all HTTP traffic in a switched network between the wireless router, including any bridged wired network and all associated clients. The data includes cookie and authentication data within HTTP requests, which can be fed into a separate web browser session to allow email review, capture of sensitive authenticated traffic such as banking information, viewing of network device administration, password gathering, etc.
System identification: SILICA and SILICAQ have unique methods for extracting information remotely from network printers, embedded devices, PDA's, Windows systems, routers, Unix workstations, and more. Our remote identification and reconnaissance methods are found no-where else.
Rogue access point detection: Leave the unit running in your desk while in non-stop mode and it will identify any new access points or Ad-hoc networks discovered in range. This is particularly useful for monitoring buildings for suspicious devices being inserted into the premise without permission, or monitoring unapproved ad-hoc networks from open laptops.
Detect network misconfiguration: Often enough employees will open up wireless ad-hoc connections in their laptops, bridging them to a wired network without realizing the security implications. This imposes a serious threat to a company's perimeter security. The software can detect this if launched in probe mode with any type of scanning method. Immunity recommends a scan-all scan that specifically targets your network. If anything is found it will be included in the report.
Pinpointing access points: Ever discovered a suspicious access point and wanted to find its location? Both SILICA and SILICAQ allow you to do this by viewing the interactive signal meter which displays various information about the device while you move around and approach it. Noise levels and quality may increase or drop depending how close you are to the access point. Alternatively, SILICA includes GPS.
Client-side exploitation: Both devices will allow you to bypass any firewall or host protection mechanisms by directing the attack on a client side application through an advanced connection hijaking attack which cannot be found in any other software.
Pricing & Functionality
| SILICA | SILICAQ | |
| Access Point recon and analysis | Yes | Yes |
| Automatic connect to open APs | Yes | Yes |
| AP exploits | Yes | Yes |
| GPS | Yes | No |
| Automated exploitation | Yes | Yes |
| WEP & WPA 1,2 unlocking | No | Yes |
| MITM | Yes | Yes |
| Number of hosts exploited in parallel | 3 | 10 |
| Time to break into a single host | 15 minutes | less than 2 minutes |
| Wired scanning | via Bluetooth AP | Scheduled Q2 2009 |
| USB | Host only | Both |
| Report retrieval | SSH | USB |
| Lifetime in idle speed | 5-7 days | 3-4 hours |
| Price per unit | $3600.00 | $8500.00 |
Price includes hardware device with pre-installed and configured software, and software updates and support for one year.
silica@immunityinc.com
Phone: +1 212 534 0857
Fax: +1 917 591 1850
| Contact | Privacy Policy | Usage Policy |
Copyright 2002-2004 - Immunity, Inc. All Rights Reserved. |