SILICA 7.39 Release Notes

WPA/WPA2 client-less attack using PMKID

SILICA now supports WPA/WPA2 bruteforcing using PMKID data. This allows SILICA to attack access points even when no stations (clients) are present. When running the "Discover key" module, SILICA will try to connect to the Access Point and parse the response for RSN PMKID data. If present, it will store the handshake and commence bruteforcing immediately. SILICA will also passively detect and capture any WPA handshakes with PMKID data.

DDE Close Handle Local Privilege Escalation (CVE-2019-0803)

An elevation of privilege vulnerability exists when Windows improperly handles closes the objects handle at Dynamic Data Exchange. This module will be run by SILICA automatically after a successful exploitation.