Enterprise Security :

OSSA




Web Application
Auditing & Pentesting :


OSWAP




Wireless Security
Auditing & Pentesting :


OSWA




Wireless Investigation
For Law Enforcement :


OSWILEP




Secure Wireless
Deployment & Monitoring :


OSWiSP







Training Class & Certification Exam Schedule

Authorized Training Partners & Training Schedules

Certified Professionals List

Examination Review Board

Security-Database.com BEST IT Security and Auditing Softwares 2007 - Best in Wireless Testing Category

Description


The OSWA-Assistant™ is a free, self-contained, wireless-auditing toolkit for both IT-security professionals and End-users alike.


This toolkit is our contribution to the wireless security/auditing community and, as the "Assistant" moniker implies, and is designed for the following groups of people:

  • IT-security auditors and professionals who need to execute technical wireless security testing against wireless infrastructure and clients;


  • IT professionals who have responsibility for ensuring the secure operation and administration of their organization's wireless networks;


  • SME (Small & Medium Enterprise) and SOHO (SmallOffice-HomeOffice) businesses who do not have either the technical expertise or the resources to employ such expertise to audit their wireless networks;


  • Non-technical-users who run wireless networks at home and who would like to audit the security of their wireless home networks and laptops but don't know how.





Rationale


We found that many IT-security professionals who attended the OSWA™ certification programme frequently requested for a ready-to-use toolkit which they didn't have to install on their corporate laptops as these laptops were often governed by corporate rules on software installation. Additionally, many auditors could not re-partition their company-supplied laptop's hard drive just to install a Linux environment because of those same corporate rules.


They also complained about the user-unfriendliness of many LiveCDs available today in that they assumed that the user was a Linux expert, thus having their tools kept in different locations on the CD, or having menus for some tools while others have no menus at all, and in general not being easy to navigate or use, as well as their non-wireless-specific focus. The wireless auditors just wanted to do the job without having to go hunting all over the place for the tools. Thus, was born the specialized OSWA-Assistant™ wireless auditing toolkit, which is designed to address these gripes.


All IT-security professionals can use the OSWA-Assistant™ for wireless auditing as the toolkit is intended for wireless auditing specifically. We have also not gone down the "look ma, i've got bazillion tools" route because the name of the game here is efficiency and ease of use. The included list of tools is more than sufficient to allow the wireless auditor to complete his/her job in a thorough consistent manner without being confusing in number. In addition, some of the included applications (e.g. Probemapper™ and MoocherHunter) have been specially designed for use as part of the OSWA-Assistant™.


But wait! You mentioned "non-technical users" above! Why release something that end-users can also use? Isn't wireless auditing supposed to be for pros only??


The reason for addressing this second group is because Home-owners and SOHO setups often do not have the money to engage qualified technical professionals to conduct wireless audits, even though they may be owning and running wireless networks. And we also don't believe that the usefulness of a LiveCD-format wireless auditing toolkit should be confined to only the technically-inclined.


Thus, the OSWA-Assistant™ also aims to empower these individuals and small businesses (who would otherwise not be able to pay a security company to audit their wireless networks or have the time to do research on their own) do basic self-help wireless auditing to find out if their wireless networks and clients have any weaknesses and to secure them before any bad guys (hackers, competitors, etc) can attack and compromise them. It does this via a ThinkSECURE-developed onboard help system called the OSWA-Assistant™ ActivityMap™, which we believe to be a first-of-its-kind-in-the-world feature for a LiveCD.





Only On The OSWA-Assistant

MoocherHunter(tm)

    "I would like to personally thank you for creating such a program that finally enables us to complete our job and protect our children from predators and other criminals." - Detective Speakman


MoocherHunter™ is a free mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers, hackers and users of wireless networks for objectionable purposes (e.g. paedophile activity, illegal file downloading, illegal music/video sharing, etc).
(for MoocherHunterLaw Enforcement Edition, please see below)


100% Made-In-Singapore with ThinkSECURE-proprietary code, MoocherHunter™ was first unveiled to Southeast-Asian law enforcement officials at the Singapore Police Force's invitation-only CyberCrime Investigation Workshop 2008 held in Singapore in April 2008.


MoocherHunter™ is licensed under the MoocherHunterLicense as part of the OSWA-Assistant™ wireless auditing LiveCD toolkit (note: only on version 0.9.0.3b and above) which is free for end-user download at http://oswa-assistant.securitystartshere.org.


MoocherHunter™ identifies the location of an 802.11-based wireless moocher or hacker by the traffic they send across the network. If they want to mooch from you or use your wireless network for illegal purposes (e.g. warez downloading or illegal filesharing), then they have no choice but to reveal themselves by sending traffic across in order to accomplish their objectives. MoocherHunter™ enables the owner of the wireless network to detect traffic from this unauthorized wireless client (using either MoocherHunter™'s Passive or Active mode) and enables the owner, armed with a laptop and directional antenna, to isolate and track down the source.


Because it is not based on fixed or statically-positioned hardware, MoocherHunter™ allows the user to move freely and walk towards the actual geographical location of the moocher/hacker. And of course, as part of the free OSWA-Assistant wireless auditing LiveCD toolkit, MoocherHunter™ is also FREE for end-users to use on their existing laptops (so long as it is only run within the OSWA-Assistant™ environment) with off-the-shelf supported wireless cards.


In residential and commercial multi-tenant building field trials held in Singapore in March 2008, MoocherHunter™ allowed a single trained operator to geo-locate a wireless moocher with a geographical positional accuracy of as little as 2 meters within an average of 30 minutes.


Download MoocherHunter™ and the OSWA-Assistant™ here.


Notes:
(i) For accurate and proper results, please remember to use a directional antenna, and not an omni-directional one, regardless of whether it claims to be high-gain or not.

(ii) If you get a Segmentation Fault while running MoocherHunter™ (e.g. your WNIC shuts itself down halfway), please make sure the process is killed before restarting. You can issue a "ps -eaf" command, look for the process ID tied in to the segfaulted process and then type "kill (process ID)" where (process ID) is the PID number.

(iii) As of version 0.6.5, please make sure you select the correct chipset which your wireless card is based on, otherwise your results will be wrong, even if the program starts up. The officially-supported chipsets for MoocherHunter™ ver 0.6.9a & up are: Prism54G(HARDMAC), Atheros (all models before AR9xxx series), RTL8187, RT2500, RT2570, IPW2200 and IPW2915.




You can view a little video clip we've put together below during our field testing cycle in Singapore in early Jan 2008 which describes MoocherHunter™ and a basic summary of how to use it.
However, if you are interested in getting formal training on the proper techniques regarding effective deployment & use of MoocherHunter™ (or how to become a certified Organizational Systems Wireless Investigation & Law Enforcement Professional™ (OSWILEP™)), please click here or email the following address:
View image to see ThinkSECURE's enquiry email address









MoocherHunter(tm) Law Enforcement Edition



For police and other legitimate Asian law-enforcement organizations in who have auditing compliance requirements, or who require a low-profile, covert solution during prosecution of a wireless-using suspect, we also provide the MoocherHunterLaw Enforcement Edition to meet your needs.


MoocherHunterLaw Enforcement Edition is a totally-redesigned, standalone, low-profile/covert-tracking commercial software solution which adds in some additional nifty features such as a remote-control web interface, 802.11a support, AP-hunting, evidence-logging and more. Please note that the MoocherHunterLaw Enforcement Edition is NOT found on the OSWA-Assistant™!


Please contact us regarding purchasing this separate commercial solution.
(note: please send your enquiry from a law-enforcement or similar corporate/organization address - we will not release any information to enquiries originating from free email service providers)








OSWA-AssistantAwards


Security-Database.com Best IT Security Tools for 2009: Winner in Wireless Auditing and Wireless Hacking Categories

In their Best IT Security Tools for 2009 report, Security-Database.com listed the OSWA-Assistant™ as the WINNER in BOTH the "Wireless Auditing" and "Wireless Hacking" categories!

In case the above links are no longer live, you can see the report PDF here.



Security-Database.com BEST IT Security and Auditing Softwares 2007 Best in Wireless Testing Category Recommended/Excellent in LiveCD Category

In their December 2007 article BEST IT Security and Auditing Softwares 2007, Security-Database.com listed the OSWA-Assistant™ as BEST in the "Wireless Testing" category and also RECOMMENDED / EXCELLENT in the "LiveCDs" category.

In case the above links are no longer live, you can see the pages of the article in these screenshots: Page1, Page2, Page3 and the Last Page.



The OSWA-Assistant™ has also been used and showcased by the Wall-Of-Sheep (WOS) team at both BlackHat and DEFCON in 2008, 2009 and 2010 :

OSWA-Assistant at WOS DEFCON 2008
(click on picture to go to a news article at TGDaily.com)

OSWA-Assistant at WOS DEFCON 2010











This Website Is Designed To Be Viewed At 1024x768 Resolution and 24-bit color using Arial, Stencil Std & Lucida Console fonts.




Copyright © 2004-2012 THINKSECURE® PTE LTD ("ThinkSECURE"). All Rights Reserved. Any reproduction, storage or transmission of any of the contents of this website, without the express and written consent of ThinkSECURE Pte Ltd is strictly prohibited. Use of this site is subject to our Terms & Conditions. The "THINKSECURE" brand name is a registered trademark of THINKSECURE PTE LTD in Singapore and a trademark of THINKSECURE PTE LTD in certain other countries. The ThinkSECURE device is a trademark of THINKSECURE PTE LTD in Singapore and certain other countries.