About me

About Me

My name is Yunfei Yang. I was born in 1990s.

I am a security researcher focusing on red teamming, wireless security and IoT security. I have extensive experience in wireless penetration testing and defense. I used to work at 360 Technology, and now I’m employed by Tencent.

I made several talks about wireless security and pentesting on KCON, Blackhat, Codeblue, FIT, DC010, Overdrive, Infosec-City, ISC etc. I developed a “SheepWall” public Wi-Fi threat experience system which was settled in the China Science and Technology Museum, and multiple security exhibitions.

External Links

Twitter / Weibo
Github

Feel free to drop me a line.

qingxp9#gmail.com

Talks

2018
- FIT2019 “无线电安全场控之谜”
- BlackHat EU “Drosera: Using wireless honeypot to protect your enterprise“
- GreHack “Detecting all type of illegal Access Points on enterprise network“
- CodeBlue “RCE with Captive Portal“
- Infosec-CIty “Invisible Battle:Wireless Offence & Defence “
- OverDrive “Drosera: Using wireless honeypot to protect your enterprise”
2017
- DEFCON GROUP 010 “How to build a portable PPPoE Password Sniffer”
- FIT “路由器宽带帐号便携式窃取攻防实验”
- KCON “如何DIY一套低成本反无人机系统”
- HITCON “How to Build an Anti-Drone System in Your Mom’s Garage”
- CCF YOCSEF “公共无线安全的现状与未来”

Articles

2020
- 黑客视角揭秘WiFi钓鱼，零信任带来防护突破
  https://www.freebuf.com/articles/wireless/261280.html
- 红蓝对抗中的近源渗透
  https://security.tencent.com/index.php/blog/msg/167
2019
- WPA3 标准被曝严重漏洞，WiFi 密码可遭窃取？
  https://www.leiphone.com/news/201904/hG33GmuLxzlkUqBP.html
- 影响所有苹果设备的无线漏洞，可被强行接入恶意热点
  https://www.freebuf.com/vuls/203484.html
- 有VPN保护就可以随意连接公共热点？大错特错
  https://www.anquanke.com/post/id/169938
2018
- 开启Wi-Fi就会泄漏身份信息，还有这种骚操作？
  https://www.anquanke.com/post/id/161892
- 一二三四五，企业无线渗透说清楚
  https://www.anquanke.com/post/id/158717
- 利用PMKID破解PSK的实际测试与影响评估
  https://www.freebuf.com/articles/system/180837.html
- 初探WPA3中的Wi-Fi Easy Connect
  https://www.anquanke.com/post/id/150324
- DEFCON CHINA议题解读 | SmartCfg无线配网方案安全分析
  https://www.anquanke.com/post/id/144865
- 拒绝成为免费劳动力：检测含有挖矿脚本的WiFi热点
  http://www.freebuf.com/web/161010.html
- 解密古老又通杀的路由器攻击手法：从嗅探PPPoE到隐蔽性后门
  http://www.freebuf.com/articles/wireless/163480.html
- HITB议题-Ghost Tunnel：适用于隔离网络的WiFi隐蔽传输通道
  http://www.freebuf.com/articles/wireless/171108.html
2017
- 通向内网的另一条路：记一次无线渗透测试实战
  https://www.anquanke.com/post/id/86520
- 聊聊WiFi Hacks：为何你的Karma攻击不好使了
  https://www.freebuf.com/articles/wireless/145259.html
- WPA2 KRACK Attacks 分析报告
  https://www.anquanke.com/post/id/87023
- WPA2漏洞原理分析与防御（WIPS产品对抗KRACK漏洞）
  https://www.anquanke.com/post/id/87032
2016
- 企业级无线渗透之PEAP
  https://www.jianshu.com/p/367ecc71518b
- 企业级入侵检测系统及实时告警的开源实现
  https://www.anquanke.com/post/id/84904