********************************************************************************
***BEGIN THOTCON TRANSMISSION***************************************************                                                           
    
 ********** **      **   *******   **********   ******    *******   ****     **
/////**/// /**     /**  **/////** /////**///   **////**  **/////** /**/**   /**
    /**    /**     /** **     //**    /**     **    //  **     //**/**//**  /**
    /**    /**********/**      /**    /**    /**       /**      /**/** //** /**
    /**    /**//////**/**      /**    /**    /**       /**      /**/**  //**/**
    /**    /**     /**//**     **     /**    //**    **//**     ** /**   //****
    /**    /**     /** //*******      /**     //******  //*******  /**    //***
    //     //      //   ///////       //       //////    ///////   //      /// 
      
What: THOTCON 0xE - Chicago's Hacking Conference
When: 2027
Where: TOP_SECRET

********************************************************************************

# THOTCON 0xE WiFi

## THOTCON-Open : Open insecure network

This is the wild wild west, you have been warned.

## THOTCON : WPA2-Enterprise secured

User: thotcon  
Pass: thotcon

This is a very secure network if you configure your client the right way. 
Be sure you are checking the certificate for wifi.thotcon.org was issued 
by SSL.com. The root cert has a SHA1 fingerprint of 
`b7ab3308d1ea4477ba1480125a6fbda936490cbb`. Also if your client supports 
it verify that the server is wifi.thotcon.org. More details below...

## THOTCON-WPA3 : WPA3 secured

PSK: thotconwpa3  

WPA3 personal blends high security with the ease of pre-shared keys. If 
your device supports WPA3 this is an easy option for those that don't want 
to fuss with certificates. Be aware that while nobody can decrypt your 
traffic (even with the same psk) there is always a possibility of evil 
twin networks.

### Certificate Chains for WPA2-Enterprise

-------
Not all built in certificate stores will trust SSL.com certificates out of 
the box. We suggest you import the "SSL_COM_RSA_SSL_SUBCA" certificate 
from 
[https://www.ssl.com/download/dv-ov-intermediate-files/](https://www.ssl.com/download/dv-ov-intermediate-files/) 
in to your trusted root store. That way you can check that the cert handed 
to you is ours (SHA1 fingerprint of 
`4a92e1bec3a56b5a209ec31ef6859fff3ffbd226`)

#### Windows

-------
Windows users can utilize the netsh command to import a wireless profile 
we've created that verifies the server name (wifi.thotcon.org) and the 
trusted root CA SHA1 fingerprint 
(b7ab3308d1ea4477ba1480125a6fbda936490cbb). To use this profile download 
the zip, decompress, and then in a command prompt run the following from 
the decompressed folder. `netsh wlan add profile filename="THOTCON.xml"`

#### MacOS/iOS

-------
Unfortunately we don't have the capability to create a MacOS/iOS mobile 
profile that would include the certificate bundle. You will have an option 
to inspect the certificate before trusting it so we suggest that you 
compare the fingerprint against what we have listed here to ensure you are 
connecting to our network.

#### Linux - wpa_supplicant

-------
Below is an example wpa_supplicant config which expects the certificate 
chain to be appropriately installed.

``` bash
network={
        ssid="THOTCON"
        priority=1
        proto=RSN
        key_mgmt=WPA-EAP
        pairwise=CCMP
        auth_alg=OPEN
        eap=PEAP
        identity="thotcon"
        password="thotcon"
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"
        # YOUR CA PATH MAY VARY
        ca_path="/etc/ssl/certs/"
        altsubject_match="DNS:wifi.thotcon.org"
        }
```

#### Linux - nmcli

-------
Below is an example of how to create a profile with nmcli after the 
certificate chain is appropriately installed.

`nmcli dev status`

- Turn on the wireless interface if it's off

`sudo nmcli radio wifi on`

- Create "THOTCON-Secure" profile

`sudo nmcli con add type wifi con-name THOTCON-Secure ssid THOTCON`

- Edit "THOTCON-Secure" profile

`sudo nmcli con edit THOTCON-Secure`

- Input commands for secure connection w/ cert checking

``` bash
set ipv4.method auto
set 802-1x.eap peap
set 802-1x.phase2-auth mschapv2
set 802-1x.identity thotcon
set 802-1x.password thotcon
set wifi-sec.key-mgmt wpa-eap
# YOUR CA PATH MAY VARY
set 802-1x.ca-path /etc/ssl/certs/
set 802-1x.altsubject-matches DNS:wifi.thotcon.org
set 802-1x.system-ca-certs yes
set 802-11-wireless-security.proto rsn
set 802-11-wireless-security.pairwise ccmp
set 802-11-wireless-security.group ccmp
set 802-11-wireless-security.auth-alg open
save
quit
```

- Connect to network

`sudo nmcli con up THOTCON-Secure --ask`

Warning: The network manager GUI does not show some of these options.  
Making changes from the GUI can easily invalidate this config.

***END THOTCON TRANSMISSION*****************************************************
********************************************************************************

THOTCON INFOBLOX v.D
510K RAM FREE

Ready.

Main Menu:
1. Home 2. About
3. Call For Papers 4. Call for Villages
5. Contests 6. Speakers
7. Schedule 8. Venue
9. Registration A. Sponsors
B. Contact C. Links
D. Archive E. Exit
Select: _

© 2009- THOTCON Infinity NFP