Offensive Wifi and Mitigation Techniques
Course Duration
10 Days
Audience
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites
Things you should know before coming to class: As you read the bulleted list below don’t get discouraged if you aren’t prepared to teach a class on the topics. We can fill in the gaps or give you a quick refresher if you need some reminding. But if you have no idea what the bullets below are talking about then this is not the best course for you. We recommend you start with our WLAN administration & security course. After that, you will be ready for this course.
Course Description
This built-from-scratch course, which evolves as tactics and techniques evolve, is ~90% hands-on and puts you in the offensive position. You learn to attack 802.11 Wireless LANs, as well as explore techniques to analyze and prosecute Bluetooth and ZigBee networks. No long lectures on concepts or memorization of IETF standards, here. You explore attack considerations, approaches and techniques. Our goal is to create the perspective and mindset you need, equip you with the skills and then let you get busy doing it. Defense of WLAN networks is an indirect consequence of this course. Through an offensive mindset you will be better able to defend wireless LANs but this course emphasizes the offensive, cyber warfare perspective. Post-compromise actions vary from organization to organization. We help you with whatever direction your mission objectives take you. This course, however, focuses on WLAN compromise and exploitation. What happens after the compromise is ultimately up to you and your customer. We neither advocate or condone the use of these attacks techniques for illegal, unethical or unsanctioned reasons. We provide these services to legitimate organizations with a need to use these techniques for lawful purposes. ITdojo only works with industry professionals so this isn’t something that needs to be said over and over. We should all know right versus wrong so we can go ahead and get down to pushing, poking and prodding a WLAN to see how we are going to get in.
Learning Objectives
- hcxtools
- hcxdumptool
- AngryOxide
- Kismet
- Reaver / Bully
- Bettercap
- Aircrack-ng (Suite)
- Wireshark/tshark
- EAP Hammer
- Other tools like Airgeddon, Wifite, Wifiphisher, Fluxion & WiFi Pumpkin
- Bluetooth and BlueZ
- BTScanner
- nRF Connect for Bluetooth and ZigBee captures
- PMKID attacks vs 4-Way Handshakes
- WPA3 – The current state of affairs regarding compromise opportunities (this is an evolving topic that can/will change over time)
- Detecting and bypassing MAC filters
- Denial of service attacks
- Evil Twin attacks
- Creating your own purpose-specific tools using scapy and python
- Enterprise-level attacks. The challenges and complexities of attacking enterprise WLAN networks (good ones)
- WEP compromise. Amazingly, it is still out there so knowing how to defeat it in the odd chance you need to, you will learn it.
- Ubertooth One
- Linux (Debian-based: Ubuntu, PopOS, Kali, ParrotOS, etc.)
- Microsoft Windows
- MacOS
- Apple iOS
- Android