This is republished from the original on the SensePost blog.

In preparation for our wireless training course at BlackHat Vegas in a few weeks, I spent some time updating the content on rogue/spoofed access points. What we mean by this are access points under your control, that you attempt to trick a user into connecting to, rather than the “unauthorised access points” Bob in Marketing bought and plugged into your internal network for his team to use.

I’ll discuss how to quickly get a rogue AP up on Kali that will allow you to start gathering some creds, specifically mail creds. Once you have that basic pattern down, setting up more complex attacks is fairly easy.

This is a fairly detailed “how-to” style blog entry that gives you a taste of what you can grab on our training course.

For the last little while, Christopher Soghoian has attempted to highlight the dangers of the zero-day exploit market. The basics are that some vulnerability researchers are selling exploits to make money, without vetting who the end user will be, and in some cases knowingly selling them to militaries (he phrases it as governments, but the implication is that they aren't using them for defence). Soghoian, as I read it, is trying to highlight this trade, and get some sort of legislation passed to regulate it. (A darker reading would make it seem that he has a more, aggressive agenda, but let's leave that aside for a moment.)

The worrying thing here is neatly summed up by Haroon: 

The scariest thing about you, is how certain you are that you are right. Regulation is a scary instrument