Full Report
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1). To get it up and running make sure you do: [crayon-69019d4e465fd548881084/] Running Gerix Wireless 802.11 Hacking Tool [crayon-69019d4e46606241175628/] You can download Gerix here: […]
Analysis Summary
# Tool/Technique: Gerix WiFi Cracker
## Overview
Gerix WiFi Cracker is an easy-to-use, Graphical User Interface (GUI) based tool designed for Wireless 802.11 hacking operations. It was initially developed for the BackTrack Linux distribution and has been updated to run on Kali Linux (2018.1).
## Technical Details
- Type: Attack Tool
- Platform: Linux (specifically BackTrack and Kali Linux)
- Capabilities: 802.11 Wireless network auditing/hacking.
- First Seen: The article is dated December 17, 2018, referencing an updated version for Kali 2018.1.
## MITRE ATT&CK Mapping
Based on the stated purpose of 802.11 hacking/cracking:
- **T1090 - Proxy** (Indirect relevance due to potential use in testing network access control)
- *No specific sub-techniques clearly defined by the scope of the tool's description.*
- **T1560 - Archive Collected Data** (If keying material or captured packets are stored)
- *No specific sub-techniques clearly defined by the scope of the tool's description.*
*(Note: For a dedicated wireless cracking tool, techniques typically fall under Initial Access (e.g., T1433 - Brute Force), or Discovery (T1046 - Network Service Scanning), but without explicit functionality description beyond "Hacking Tool," the mapping is conservative.)*
## Functionality
### Core Capabilities
- Provides a Graphical User Interface (GUI) for wireless hacking tasks.
- Designed for auditing and attacking Wireless 802.11 networks.
### Advanced Features
- Updated to be compatible with Kali Linux 2018.1, suggesting maintenance and feature parity with modern penetration testing environments.
## Indicators of Compromise
- File Hashes: Not provided in the context.
- File Names: `gerix.py` (execution script), `gerix-wifi-cracker-master.zip` (download source).
- Registry Keys: Not applicable (Linux utility).
- Network Indicators: None provided.
- Behavioral Indicators: Execution via Python (`python gerix.py`).
## Associated Threat Actors
- No specific threat actors are named as using this tool in the provided context; it is presented as a general penetration testing utility.
## Detection Methods
- **Signature-based detection:** Potential detection signatures for the `gerix.py` execution script. System monitoring for the installation dependency (`apt-get install qt4-dev-tools`).
- **Behavioral detection:** Monitoring for execution of Python applications interacting with wireless interfaces to perform packet injection or capture.
- **YARA rules:** Not available in the context.
## Mitigation Strategies
- **Prevention measures:** Implement strong WPA3/WPA2-Enterprise security protocols instead of weaker modes vulnerable to handshake capture/brute-forcing.
- **Hardening recommendations:** Limit physical access to the network infrastructure; ensure wireless drivers and operating systems (like Kali) are patched and updated.
## Related Tools/Techniques
- Other 802.11 auditing tools (e.g., Aircrack-ng suite, Kismet, Wifite).
- BackTrack and Kali Linux (Operating systems hosting the tool).