One month following our initial alpha release, we are pleased to introduce version alpha.3
. Building upon valuable
insights gained from real-world testing at DEF CON and BSides LV in Las Vegas, this latest version incorporates key
improvements as well as new features.
Let’s take a look at the updates and changes in alpha.3
.
OK, before we start: There was a significant bug discovered immediately after building alpha.2
and alpha.3
fixes
it. You did not miss a release.
Changelog
- New Feature: 802.11/WiFi Network Monitoring (Details below)
- New Feature: 802.11/WiFi Bandit Detection (Details below)
- New Feature: Alerting, Subscriptions and Actions (Details below)
- Fixes excessive warning logs from
DB CLOCK
health indicator - Debian tap package was overwriting configuration files without confirmation
- Several 802.11 parser bugfixes (Thank you @uskr)
- The
is_active
flag was not honored for ethernet interfaces in tap config (Thank you @uskr) - New tap buffer size configuration options for performance tuning (Thank you @uskr)
- Several smaller bug fixes all across the product
- 140 files changed, 6331 insertions(+), 862 deletions(-)
An early release of network monitoring and alerting ran at the Las Vegas conferences. A lot of the feedback has been incorporated into the product released today, and you can expect it to be in an incomplete, but well functioning state.
New Feature: 802.11/WiFi Network Monitoring
At the heart of nzyme WiFi security is network monitoring. Essentially, you set an expected state for your network infrastructure. This includes defining specific attributes such as access point fingerprints, security configurations, and utilized channels. If there’s a deviation from this expected state, say an attacker tries to mimic your network, nzyme promptly raises an alert.
While many of the attributes nzyme monitors can potentially be spoofed, it certainly elevates the challenge for attackers aiming to go undetected.
However, elements like fingerprints and signal tracks/characteristics present a much steeper challenge for spoofing. They serve as reliable indicators, helping in the accurate identification of malicious entities within the WiFi spectrum.
New Feature: 802.11/WiFi Bandit Detection
We’ve put effort into fingerprinting widely-used WiFi attack platforms and have incorporated these fingerprints as default settings. This means that nzyme can now recognize platforms like ESP32 Marauder, Flipper Zero Evil Portal, Pwnagotchi, and several iterations of the WiFi Pineapple (including Nano, Tetra, Mark IV), even when they operate in different attack or reconnaissance modes.
Should any of these platforms be detected, alerts will be triggered. And, looking ahead, future alpha versions of nzyme will allow users to specify their own Bandit fingerprints.
New Feature: Alerting, Subscriptions and Actions
Detections, no matter how accurate, lose their usefulness if they can’t generate notifications or actions. To address this, the existing actions, which previously allowed subscription to system events, can now also be tied to detection events. Currently, there’s a Send Email action available, but we plan to roll out more soon. As with all of our features, this is seamlessly integrated with nzyme’s multi-tenancy functionality.
Download & Upgrading
All packages are available for donwload on the downloads page. Upgrading is easy. Please follow the release notes on the downloads page.
New installations should follow the installation documentation.
How can I help?
You are some of the first users to try out nzyme v2.0.0, and we are looking for any kind of feedback:
- What didn’t work, what bugs did you experience?
- What was confusing or seemingly unnecessarily complex?
- What is missing?
- What do you think should be changed?
Again, this is an early release and no feelings will be hurt.
You can file issues on GitHub, join the nzyme Discord or post in the discussion forums to provide your feedback or ask questions.