Flipper Zero masterclass: An Air Force veteran's 1-hour intel gathering speed run

Grey Fox, a U.S. Air Force veteran, gave a talk/training scenario to a crowd of eager Flipper Zero enthusiasts at this year's DEFCON 33 hacking conference. With 20 years of experience in digital network intelligence, cyberspace warfare, and digital defense tactics, Grey Fox guided users through a training scenario that showcases the capabilities of the popular hacking device and incorporates some practical social engineering tactics for good measure. However, as Grey Fox mentioned in his talk, this information is mainly for educational purposes only, as the use of the Flipper Zero to manipulate the property of others is broadly prohibited.

For those unfamiliar with the Flipper Zero, it is an easy-to-use, open-source, highly customizable gadget equipped with a variety of sensors to interact with a range of wireless protocols. Whether it's WiFi, Bluetooth, RF, or NFC, the Flipper Zero can interface with it to some degree. Given these capabilities, the Flipper Zero has gained a reputation for being an approachable platform for wireless hacking beginners, while also maintaining the flexibility to be helpful to professionals, such as Grey Fox.

In this scenario, Grey Fox guides users through a situation in which an intelligence officer has just arrived in a city, where they have been tipped off about two hostile individuals residing in a hotel near a local diplomatic office. Due to a luggage mishap, the officer is left with only a Flipper Zero and some of its dev boards to gather as much intel on the suspects as possible to authorize military countermeasures before a suspected attack can be executed. While not ideal, having the Flipper Zero is better than nothing, and due to its streamlined functionality, it conveniently breaks the process down into the following steps:

1. Use the WiFi dev board with Marauder FW to scan the area for information relevant to your target
2. Gather info on preferred network lists being broadcast to cross-reference on intel sites like wigle.net
3. Run a deauthentication attack on the suspect's device to identify them by potentially triggering a physical reaction as they try to reconnect to WiFi
4. Using the information gathered earlier, verify the target's device by measuring signal strength based on proximity to the target

While this is enough to offer more confidence in verifying a target, Grey Fox goes into greater detail by explaining how to clone hotel keycards and car fobs as well. However, it is worth noting once again that this information is provided for educational purposes only. Those seeking more information can find the full presentation below.