WiFi Security Myths Demo: Don't believe that these will protect you!
Ғылым және технология
Get Proton Mail for FREE: davidbombal.wiki/protonvpn1
Big thanks to Proton for Sponsoring the video!
Disclaimer: This video is for educational purposes only.
// Wifi Myths PDF //
PDF: davidbombal.wiki/wifimyths
// Alfa ADAPTORS //
Alfa Long-Range USB Adapter: amzn.to/3yFs99E
Alfa WUS036AXML: amzn.to/4c3rlJV
// David's SOCIAL //
Discord: / discord
X: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZread: / @davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Busting Wi-Fi myths
01:42 - Brilliant sponsored segment
04:05 - Wi-Fi myth #1: Hiding your Wi-Fi name/SSID will protect you
04:21 - Finding hidden Wi-Fi names/SSIDs demo
10:36 - Using Wifite to attack the network
11:44 - Finding hidden Wi-Fi names/SSIDs summary
12:43 - Wi-Fi myth #2: MAC address filtering/whitelisting will protect you
13:12 - Connecting to a hidden network demo
15:30 - Testing on another router
21:20 - How two devices can interfere
22:13 - Wi-Fi myths summary
22:58 - How to properly protect your Wi-Fi
24:11 - Conclusion
myth busting
myth
myths
wifi
wifi myths
cybersecurity myths
kali linux
kali wifi
kali
alfa
alfa network
alfa network adapter
wifi password
wpa
wpa2
hashcat
linux
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#wifi #wpa2 #hashcat
Пікірлер: 203
Get Proton Mail for FREE: davidbombal.wiki/protonvpn1 Big thanks to Proton for Sponsoring the video! Disclaimer: This video is for educational purposes only. // Wifi Myths PDF // PDF: davidbombal.wiki/wifimyths // Alfa ADAPTORS // Alfa Long-Range USB Adapter: amzn.to/3yFs99E Alfa WUS036AXML: amzn.to/4c3rlJV // David's SOCIAL // Discord: discord.com/invite/usKSyzb X: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZread: www.youtube.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Busting Wi-Fi myths 01:42 - Brilliant sponsored segment 04:05 - Wi-Fi myth #1: Hiding your Wi-Fi name/SSID will protect you 04:21 - Finding hidden Wi-Fi names/SSIDs demo 10:36 - Using Wifite to attack the network 11:44 - Finding hidden Wi-Fi names/SSIDs summary 12:43 - Wi-Fi myth #2: MAC address filtering/whitelisting will protect you 13:12 - Connecting to a hidden network demo 15:30 - Testing on another router 21:20 - How two devices can interfere 22:13 - Wi-Fi myths summary 22:58 - How to properly protect your Wi-Fi 24:11 - Conclusion myth busting myth myths wifi wifi myths cybersecurity myths kali linux kali wifi kali alfa alfa network alfa network adapter wifi password wpa wpa2 hashcat linux Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #wifi #wpa2 #hashcat
@y.h8383
27 күн бұрын
Thank you David. I believe majority of your viewers are network engineers/architect, can you please create a video on how can they ride the wave of AI? what should be a transition path for an engineer/architect (with experience of transitional routing, switches, data center, wan/lan etc)? I will really appreciate it.
@rgergigergeergergegergeg
26 күн бұрын
and as for protonmail, they "caant" decrypt your messages, but theyre HUGE fans of working with law enforcement. thye WILL NOT "go get a warrant" they are law enforcement fetishists. this is well documented. good for basic stuff, a trap for hackers or anyone else that runs foul of an establishment tyrant
@Chiph900
26 күн бұрын
Hello! My name is Chisenga or Chi Chie for short. I have just hopped onto the cybersecurity/hacking train. I was looking for solutions to the question explained below when i bumbped into your KZread Chaneel. I have just finished setting up my virtual machine. I am running kali on vmware. I was running updates for kali when i noticed my antivirus(on the host machine) blocking some downloads and access to certain websites. Do you know how I can Fix this?
@Emanuele1973
26 күн бұрын
Thanks again for the detailed video and pdf. Just a small thing, In the description looks that is Brilliant the sponsor. (Brilliant sponsored segment)
@spirit_wolf123
24 күн бұрын
Encrypted email works good unless they open it on a Windows PC was snapshot...
Personal cyber security is somewhat like home security. You can install locks on your doors, security cameras, alarms, a fence around your house, and that will deter most intruders most of the time. Ultimately though, someone with the right talent, determination, and resources can find a way through or around those obstacles in time. Especially since cyber security is a dynamic field. Fortunately, chances are the people you really have to worry about have other plans and priorities.
@MAX-nv6yj
27 күн бұрын
That’s so true lol, well said, I loved the analogy ❤.
@johndank2209
27 күн бұрын
so we are mostly just protecting ourselves against script kiddies
@rgergigergeergergegergeg
26 күн бұрын
if you dont have a home defense firearm, none of this tech nonsense matters.
@mos8541
18 күн бұрын
DAVE!!... i know its prolly silly, but imagine this, or a collab with LPL... Okay nothing on port 88, some firewall weakness on port 5055, easy hack on port 5555, back to port 88... port is open,... and we're IN.. , very poor, and as always... have a nice day. HAH
@johndank2209
18 күн бұрын
@@mos8541 huh? explain pls
the best security is have nothing to secure, just turn off the wifi and go live in the woods
@geekgee
27 күн бұрын
sounds appealing in so many ways 😉
@newdawn45
26 күн бұрын
😂😂😂
@jeremylemans3005
26 күн бұрын
Until bears buy wifi adapters 😂
@MangyPL
26 күн бұрын
You wouldn't last 3 days in the woods
David Bombal: "WiFi Security Myths - Don't believe that these will protect you!" Every Tinfoil Hat crushed!
I think the best way to protect yourself is using mobile data. If your neighbor is listening on you with an SDR you prolly should change your neighbor. 😂
@IamRansome
27 күн бұрын
Lol that was my thought as well. My neighbor just built one antenna and now has 2. What can you do with thise exactly outside of ham radio or whatever?
@jr.mrleast
27 күн бұрын
@@IamRansome sniffing may be upto 5 kms radius 😂 . Only your neighbor knows how powerful are they. + a tip for you wrap your home with an aluminum foil😂
@IamRansome
27 күн бұрын
@@jr.mrleast lol
Biggest myth: Your VPN will protect You
@Cats_Are_Scary
27 күн бұрын
It will hide your real IP address and keep your ISP from tracking you for ad sales. Just need a legit vpn like Mullvad or Proton.
@sopota6469
27 күн бұрын
If you connect to an open WiFi or a free one that sniffs all the traffic, yes, it will protect you.
@WhoIsJohnblack
27 күн бұрын
Word lmfao
@OH2023-cj9if
27 күн бұрын
Mullvad is OK, don't use honeypots.
@spirit_wolf123
24 күн бұрын
A VPN can protect you from a lot of Hazzard.... If you use a VPN on your device and your router you can hide both your IP address and your Mac address... To make it even harder for the hacker combine that double VPN with alternating proxy chains and write two little scripts to continuously change VPN servers on your device and router... Nothing can guarantee your security only slow the spies and hackers down..
I can't tell whether Bombal is doing the world a great service or disservice with these demos. I guess it depends on who's watching and for what purpose.
Fact : WPS will be the downfall of your network infrastructure.
Everything that is NOT WPA3 is vulnerable, does not matter the settings. If you're still on WPA2, the only thing you can do is disable WPS asap and use a very strong password, is the only mitigation you can do. Password hashes can still be gathered but cracking them is another story if is a strong password.
@MrPir84free
27 күн бұрын
Well, you can also a) turn on device isolation where devices cannot communicate with other devices on the same network and b) configure the router so that the guest/iot networks have internet access at best, with no access to the primary network. Of course, if your access point or router supports it, you can break up the IOT/Guest networks into multiple IOT/Guest networks.. For example, my access point supports 8 SSID's, so I could use one WPA3 for my primary, then create another 6 and split up the WPA2 devices onto different SSIDs, thus making it sort of "better" in case someone targets ONE of my SSID's.
@errlybird1264
27 күн бұрын
Wpa3 is vulnerable, just Google wpa3 vulnerabilities.
Great class on basic attacks to WF networks when ISSD is hidden. As always, super neat content, David. Thanks!
Only thing that will protect you properly is to go fetch that cable
@dreadedmonkey94
27 күн бұрын
It was learned some years ago that even fibre cable can be tapped. The light gives off vibrations which can be read by a transducer. Just when you think you are safe, you are not. Wherever there is a will, there will always be a way...
@DavidStringham
19 күн бұрын
There is a reason that Wired Equivalent Privacy got its name. Quantum networks are being developed to keep bits on a cable from being intercepted.
Nice advice on network segmentation. Thanks for the video!
You know David, you are one of the only one that i can trust & believe when it comes to sponsors. I'm always very skeptical when it comes to promotions and before you verified a interview with proton mail i heard about the journalist that got arrested and i got distrustful until you had that interview. You are a living legend David! It's crazy how i trust you more then anyone in my daily life.
Thankyou for this video. This was a real eye opener and thank-you for your tips on how to try to mitigate the issue.
I really miss those videos. Having courses hell and University semesters -not related to IT topics- since 8 months, now almost finished, I can resume watching my lovely daily Bombal’s videos❤.
3:35 Most easy fix is to just use PGP encryption in your email (Proton uses it also) that way you need to both accept eachothers public key's to send messages
There are security benefits to hiding the SSID. As you said, just by making it a 2 step prose's. Anyone doing a "drive-by hacking" is unlikely to target you. 75% of security is to say to your thief/attacker: target someone else, my place is not worth your time. But as in physical security, when you are the primary target you need better defense that obscurity
Thank you for the information
@davidbombal
27 күн бұрын
You're welcome!
Thanks David for your valuable lessons.
@davidbombal
27 күн бұрын
You're welcome!
Thank you for this informative video. Very much appreciated.
Great video david ive been learning this subject for the last 4 years now ever since my neighbour hacked my wifi
Thanks David for great video! - Don't have your kids gaming pc on same VLAN as your corporate computer. - Only access your router on secure VLAN or VPN
Thanks fro debunking those myths!
Used this to find all the hidden networks at my college back in the day, super easy to find hidden networks.
@g1zmo85
27 күн бұрын
This was an assignment not malicious lol
Nice one, David 👍
Thanks so much I appreciate you the way you change many people life through education
@davidbombal
27 күн бұрын
Thank you :)
Such a wonderful explanation David. Can u plz tell us how to overcome these problems?
Put guests and IOT on a network, or preferably two networks that are both isolated from other devices, and from your primary network. Each network SSID should have a unique password to it, preferably a different network name and password. If your router supports [WPA2/WPA3] settings, set it to that setting. Note that some routers will have a [WPA/WPA2], [WPA2 only], [WPA2/WPA3] and [WPA3 only] setting- so choose the settings that are the highest for the devices you plan on putting on that network. For example, since my main network only has newer devices that support WPA3, I select [WPA3 only] setting. As my guest networks are a mix of WPA2/WPA3, i select [WPA2/WPA3]. None of my IOT devices support WPA3, so for that network, I select [WPA2 only] although [WPA2/WPA3] is just as valid. On the guest and IOT networks, the option to isolate devices from each other is selected, and neither of those two networks have access to the primary network; those networks only have internet access - PERIOD. If need be, in the future, if IOT devices start supporting WPA3, I will be putting such devices on an IOT network that is set for WPA3. The main reason NOT to segregate IOT from GUEST network is in case I need to add in a custom firewall rule to allow device or devices to internal resources or other specific network rules can also be put in place as need be, I can; but for now, it's essentially internet only. My older tablet is on the GUEST, where as my newer tablet is on the primary network;
Thanks for posting
I have setup several enterprise wireless networks. In high security environments, I use radius with certificate authentication and an internal PKI protected by an HSM. Since the same certificate is used for VPN access, I use Key Attestation to store the client certificates in the TPM. This is not hard to do and really raises the bar to keep hackers out.
@dreadedmonkey94
27 күн бұрын
Very good
David should make a show called My IT busters XD (myth) Setting the IT in my Brain not the H 😝 Great work David!
When I talk to some "IT Managers" (who have obtained an email diploma) and they talk about "The Security" or "100% Security" I already know that they don't know what they are talking about. There is only a "Security Level" depending on how much you want to spend in money, time and hassle in using a system. If there's a door someone can get in. ....but I've also seen people install an expensive security door made of Unobtanium into a house made entirely of plaster sheets that a 10 year old can punch through.
My view is that these methods help as part of a defense-in-depth strategy.
WifiAnalyzer for android will show you which room your neighbors hidden access points in...
Valuable Content ❤
Thank you for explaining this... Love from India ❤
@davidbombal
27 күн бұрын
You're welcome! Glad you liked it!!
WPA3 is the way to go but problem is the older networking devices can't be upgraded to make use of the new standard. For now a super long password is one way to make things harder for the hacker till you can use WPA3. WPA3 isn't perfect either but still better than WPA2.
Thank you David. I believe majority of your viewers are network engineers/architect, can you please create a video on how can they ride the wave of AI? what should be a transition path for an engineer/architect (with experience of transitional routing, switches, data center, wan/lan etc)? I will really appreciate it.
david make a video on setting up a vlan for setting up your iot devices on another network
I think other Email Services initially also did that privacy security. once they get a lot of customers, then let's say they are "tempted" to do something for their customers. When many people have entrusted many things to the email service system they use, there is an intrigue to change the new user agreement to the user. where changes to the user agreement are made long and difficult for ordinary users to understand. as far as I have understood.. I hope I'm wrong.. so can Proton guarantee it?
Hackers often go for the lowest hanging fruit. The more steps you take to prevent them, the better. Hiding your SSID won't stop them but it's still recommended. You could get lucky and they'll choose the next person instead 🤷♂
Very informational video
@davidbombal
27 күн бұрын
Glad you liked it
I know about those myths and I was kind of expecting a lot more than the two myths for Wi-Fi networks.
Nice video David. You never spoke about WP3 encryption. Is there a way to crack it ?
Apple actually recommends against hiding SSID on their website.
@michaelvandermaas5871
27 күн бұрын
Apple also seems to claim it's better in security. Yet they released a processor that has a permanent exploit that cannot be patched out. I have an issue trusting apples advice with their claims vs what reality is.
I really love your accent, it's awesome.
What if the Wi-Fi network has been configured to prevent new device connections? please answer
@simmsimmons3690
27 күн бұрын
Atta kers can always imitate your Mac address, send death pkts, then try and capture the handshake. Mac addresses can be found by company, manufacturer, etc.
I hacked the CIA with my Flipper Zero.
Thanks for the video, is WAP2/WAP3 vulnerable like your demonstration or does the WAP3 side of the selection increase protection difficulty?
@curtispavlovec
27 күн бұрын
It is. WPA3 only mode (often called “WPA3 SAE” is the only way to be secure. On mixed mode you are vulnerable because an attacker can choose the weaker encryption WPA2 and obviously they would.
Gmail should have that like Proton mail!!
Wish I could use wpa3… most the device on the network doesn’t support it :(
@curtispavlovec
27 күн бұрын
This is a real problem agreed. WPA3 was finalized in 2019 and 5 years later the device support is woeful still.
Secure email is an oxymoron.
For a time, I thought "AP Isolation" was a good measure too, if you don't need devices "seeing" each other, however, that only works within the same network. You should test that setting too if mitigates what you tested here. Thanks for the advices!
@MrPir84free
27 күн бұрын
Different routers and access points call the feature different things; Netgear, at least mine, calls the feature "Wireless Client Isolation"..
@curtispavlovec
27 күн бұрын
Yes because the client isolation is layer 2, not 3. A firewall can do the same thing on layer 3.
Good tutorial ❤ ❤❤❤
I noticed there were some check boxes to the left hand side of each device in your tp-link router. Did you try selecting those and clicking save with whitelist also selected for you MAC Filtering?
Hiding your SSID is just a stop for newbie hackers that don’t know better. Out of sight out of mind.
Is this video totally about WiFi handshake capturing with Alfa WiFi adapter ( in hands on demo ) 👍🏼
You are a brilliant hacker!
What is a reality is that all wifi are trash in term of security. Any sniffer can do the job
Hey David did you notice that awus036nha (ar9271) cannot scan all channels? It's missing channel 12, 13 cause a crda setup to china. Can you make a short video where explain how to fix that? Is relatively easy and similar to the unlock procedure for tx-power... Thanks.
About that Proton ad/demo... Can you do another demo video on how to crack that password?
its time for wpa3
Top Way to Protect Your Wifi: Just use ethernet and usb to ethernet adapters. Without a wireless signal, how is one gonna attack you?
@jr.mrleast
27 күн бұрын
Me outside wire tapping you 😂
Dropbox is a no go zone, too bad.
I’m 52, about to be 53, and I currently make really good money. I like my job but would like to do more. I love the aspect of being an ethical hacker. Currently learning networking. I’m not necessarily thinking about quitting the work I do but the thought of being an ethical hacker gets me excited. Maybe as a side hustle? Is this a crazy idea? Is it unrealistic due to my age and/or current position?
@blyatprojects4893
26 күн бұрын
It all depends on your personal skills, and the field that you've been in for some years. It's never too late to start, just be open to new opportunities and get familiar with the topic. Learning is the key to success, and never give up trying. The day that you give up trying is the day that you lose. There will be some motivational highs and lows.
Does protected management frames prevent wpa2 deauth?
@ariasm8911
27 күн бұрын
yes it does, however compatibility issue may arise on older devices
@David can you make a video about Piggybacking (data transmission) and how to prevent?
We are not going to make it.
Security would be different when all these programs weren't invented yet, like kali which basically bundles every tool you would need, wifite etc.. OG's had to make those programs themselves.. but they ARE here now
Hiding SSID is like using Blur/Mosaic to censor.
David, do you have, or can you direct me to, a good beginner video that explains how to add a LAN for IOT devices?
@MrPir84free
27 күн бұрын
Your router has to support it; or access point. Most decent consumer wifi routers have a "Guest" network- which is where I'd start. Look for two sets of settings; one that sets the clients so that the clients on that network do not have access to the primary network ( called different things by different brands of routers ), and another feature that isolates clients on the same network ( on a netgear, it's often called "Wireless Client Isolation" ). Some wifi routers support a third network; some don't. some support 4 networks; some access points will support up to 8 SSIDs, but usually that requires the use of VLAN's.. Sorry I can't recommend a video; learned things on my own since, well, forever..
@notaras1985
25 күн бұрын
@@MrPir84freeso my ISP 's dirt cheap 10$ router will probably not have guest sub netting capabilities
I have a question, when two device with same mac address is connected to WiFi shouldn't they both be able to ping other devices? because unlike Ethernet which echo answer is returned to specific port on WiFi both device should be able to receive echo reply because it is transmitted through WiFi and both device assuming are in range of AP should get the transmitted radio wave. i am missing something obviously because ping failed can anyone correct me?
How the hell did you know my SSID was "Homer_Simpson"?
Use a legit firewall and WPA3 APs. Segment your network with VLans; no crappy IOT stuff on your important networks, i.e., network you do your banking on. Have a dedicated AP for guest. Never give your critical APs WiFi passwords out to anyone. Ensure you do your chores: reboot your hardware monthly, and check for software updates for your network hardware weekly.
What about IPS's centralize router ?
Hello pleade make full video tutorial for DIY WiFi Pineapple MK7 with some TP-Link router that support WiFi Pineapple MK7 firmware with OpenWRT for 2.4G and 5Ghz.
Hi David Please make a video for bitlocker
disable wifi entirely
@jr.mrleast
27 күн бұрын
🗿
One more tip: disable WPS.
Back in the day my asus router to say in the settings that having a nameless network ( hidden) was a security risk …
wifi pineapple video will this come?
@davidbombal
27 күн бұрын
I can make videos about the Hak5 pineapple if you want me to :)
@alc2347
27 күн бұрын
Mate, just keep releasing videos of literally anything🤣 We'll keep watching regardless@@davidbombal
@user-lc9wt3ze8v
27 күн бұрын
@davidbombal I wait impatiently
So, what you are saying is that if I hide the SSID, I'm totally safe .... or did you mention something about that like 200 times ? :D
I wish there was a video with Turkish subtitles
It's True that it does not protect against you but it protects agaist the annoying Neightboor trying to get your wifi
Sir please tell us about wpa3 Is there any known vulnerabilities that we can use to hack
Hi sir, I am unable to access my apache2 server from other devices and it only working for local device and have use all the methods mentioned on the internet to correct it. I even used chat gpt and reinstalled the Kali Linux as well. Kindly help me with the issue by either providing me with other server I can use or with a method the fix the issue. Thankyou
why are you using virtualbox
But can attackers spoof Mac addresses and corresponding IP addresses concurrently if Arp binding is enabled?
How to get reverse shell with dom xss
If you have the password to the network none of that matters
@notaras1985
25 күн бұрын
Why would the attacker have it
please how can i know wifi adaptor that support monitor mode and package injection? please give me a link for a good WIFI adaptor
If you think you have been hacked, where can you get help? Example I see strange I.P addresses connected to my WiFi.
This is something people were doing 15years ago. Show us a proper WiFi attack on a computer or phone connected to WiFi, like a man in the middle one. Say for example on your own device in a coffee shop. You will not be able to!
Cant just overload wpa 3
Is there a Brute force way to crack passwords? Most of attacks in wifite don't seem to work for isp routers.
Oh
Good luck cracking WPA-2 and 16+ digit random passwords.
@curtispavlovec
27 күн бұрын
Really depends on your profile. Unless you are a high value target I’d agree, the odds are quite low. Simply because the attacker isn’t going to spend the effort or money to crack it now. But if you are a target, you would be surprised how easily that can be accomplished with the cloud hacking resources someone would employ. It’s not like an attacker is going to sit there with just his personal PC or laptop. They’re going to send it to the cloud where massive computing power and resources will be thrown at it (limited only by the price they are willing to pay).
My wifi is 100% unhackable....i don't have wifi
Lets see this work on WPA2
@davidbombal
27 күн бұрын
This is WPA2 as mentioned in the video.
@bama1992champs
27 күн бұрын
@@davidbombal I saw one of the scans it said WPA thats why I mentioned it. Thanks for the clarification. Ive had almost zero luck on WPA2.
That's what I learned in 1985 .