Why would a TSCM want to inject traffic and potentially alert the adversary to the detection? Have you seen some of the spectrum analyzers built on HackRF?
because for me, doing TSCM is only half of what I'm wanting to do.
There's a lot of wireless stuff out there, not using 802.11__ or BT specs and frequencies. Are these things secure? Probably not. Are they encrypted? Perhaps. Do they defend against replay? Likely not.
But in the end, how do we assess? Standard TSCM gear can do a good job scanning and finding peaks. But its not for protocol decoding and device assessments. My goal is to "Identify signals, categorize protocols for signals found, decode if possible, and attempt to access/exploit".
