Red Team Wi-Fi: Modern techniques

Why choose this course?

Save time, and hack fast!

Many publications exist documenting ways to attack Wi-Fi networks. However, the gap between old methods that have become obsolete and the current state and outdated tools can be frustrating for someone who wants to learn or even update his knowledge in this field.

This course aims to learn the modern ways of assessing the security of Wi-Fi networks and how to apply these attacks against organizations during a Red Team engagement. Indeed, during this course, we will be able to start from the very beginning by talking about old, current, and new attacks and opportunities to allow attendees to fulfill their pentest or Red Team engagements in the future based on our recent experiences.

About the training

What the class will teach?

Throughout this course, you will discover:

Introduction on actual Wi-Fi setups, standards, and common attacks
Monitoring and capturing signals over-the-air
Analyzing the signal
Using the right tools at the right moment
Attacking communications (injection, cracking, etc.)
Attacks in WEP, WPA/WPA2
Study the case of WPA3
The case of open networks and rogue APs
Stack protocol vulnerabilities
Working with 2.4 GHz, 5 GHz, but also 6 GHz frequencies
Red Team tricks
etc.

Initial content

Part 1: Fingerprinting and observations

This part will introduce all the essential concepts of Wi-Fi. Indeed, starting with usages, topologies, and standards, attendees should have a well-condensed reminder to be able for the attacks later. Then we go through different techniques to identify the other network to focus on our target(s) and investigate for potential openings.

Assignment 1: Network enumeration

Scanning networks
Identifying our targets

Assignment 2: Frequency analysis

Studying and analysing different frequencies from 2.4 GHz to 6 GHz

Assignment 3: Capturing traffic

Use of promiscuous mode
Switching to monitor mode
Using dedicated tools for efficient Wardriving

Assignment 4: Playing with packets

Analyzing packets
Modifying and forging own packets with Scapy

Part 2: Attacks

After learning about monitoring, captures, and packet manipulations, we will see different cases and understand the opportunities an attacker can take when attacking a network. This part will go through old vulnerabilities that can still exist in some context to the newest attack opportunities, including existing tools.

Assignment 1: WEP

Identifying the target
Attacking it efficiently
Capturing the secret

Assignment 2: WPA/WPA2 PSK

Identifying the target
Sniffing handshakes
Attacking the target
Capturing the secret

Assignment 3: WPA2 MGT

Identifying the target
Targeting a client
Attacking the network
Capturing the secret
Going further inside the Active Directory

Further attacks

We finish by looking at different ways and other opportunities we can acquire during a penetration test or a Red Team test, including some good Red Team tricks when all these skills are implemented.

Additional/custom content (for Private trainings only)

The content of private trainings can be arranged depending on your needs. We also provide additional content as follows:

Fuzzing the Wi-Fi stacks
Reversing FullMAC firmware
etc.

Class requirement

Knowledge of Linux administration
Understanding of pentesting (network and applications) or Red teaming

Pricing (prices exclude 20% VAT in France)

Remote Single person

2 500€ for one person

2-day remote live training, including slides, a complete RF kit (a Wi-Fi dongle and preinstalled Raspberry Pi 4 target), scripts/tools, and captures. The content can be customized depending on the means and required days for the training.

POPULAR

Remote Private group

2 150€ /attendee

+ possible discount

An extra discount can be negotiated depending on the number of attendees.

Tailored content

Content can be fully tailored depending on your needs.

Red Team Wi-Fi: Modern Techniques