SecureState Releases New Version of Popular Tool

Updated version of EAPeak released

(Cleveland, Ohio) SecureState is releasing an updated version of EAPeak today. EAPeak is a suite of source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It is meant to give useful information relating to the security of these networks for PenTesters to use while searching for vulnerabilities. Version 1.4 now includes additional features and multiple bug fixes. The new features introduced in Version 1.4 include support for viewing TLS certificates in EAPeak and a new tool in beta-status called EAPScan.

The certificate support within EAPeak now allows users to view details regarding what certificates certain EAP types are using. This can often aid an attacker in creating a malicious certificate by being able to imitate the original with authenticated information. In addition, EAPeak now has a certificate export wizard that can be used to write x509 certificates to files. The export wizard can export the certificates in either DER or PEM format for use and inspection with other utilities.

EAPScan, the other major addition in Version 1.4 of EAPeak, changes EAPeak from a standalone tool to a suite that begins to bridge the gap from passive analysis to active attacks. EAPScan is used for scanning wireless access points to determine what EAP types they are configured to use for authentication. The benefit of this approach is that the attacker can generate the traffic necessary to footprint the network without having any clients present. EAPScan also begins to introduce functionality for wireless frame injection that will continue to be used in future enhancements.

For more information on EAPeak, see the original blog post at: www.blog.securestate.com/

The EAPeak Suite can be found at: www.code.google.com/p/eapeak

About SecureState

SecureState provides information security assessments and information protection to help our clients obtain and maintain their desired state of security. SecureState information protection consultants work to provide the very best physical, logical and personnel security services through audit and compliance, attack and penetration tests, data forensics, and security program building. Our clients span a variety of industries giving SecureState the experience of working in unique environments. We take that experience, combined with our consultants' experience of working for Military Intelligence, Big X Consulting, government agencies and various other law enforcement entities, and apply it to your organization.