Why would a TSCM want to inject traffic and potentially alert the adversary to the detection? Have you seen some of the spectrum analyzers built on HackRF?
because for me, doing TSCM is only half of what I'm wanting to do.
There's a lot of wireless stuff out there, not using 802.11__ or BT specs and frequencies. Are these things secure? Probably not. Are they encrypted? Perhaps. Do they defend against replay? Likely not.
But in the end, how do we assess? Standard TSCM gear can do a good job scanning and finding peaks. But its not for protocol decoding and device assessments. My goal is to "Identify signals, categorize protocols for signals found, decode if possible, and attempt to access/exploit".
This is awesome and thanks for sharing it, do you know if the circle city con talks are going to be recorded? I'd love to see a walk through of this stuff
Ive never attended CircleCityCon before, but in my experience, hacker cons do record. The problem I find is the smaller cons end up hosting the videos on a private server.
You could certainly ask them over twitter. In my experience they return questions in an hour or 2.