What will you learn about:
Wireless Protocol Basics; Hardware and Channel Basics; Security Protocols (OPN, WEP, WPA, WPA2); WEP Attacks; WPA/WPA2 attacks; Non-broadcasting SSID attacks; Brute Force Attacks on WEP; Brute Force Attacks on WPA/WPA2; Automated Attack Tools
What will you practice:
Each week during the course you will face challenges that will test your knowledge and teach you the skills needed to become an expert on wireless security attacks.
The tasks we have planned for you include:
- PCAP challenge for finding cloaked SSID;
- Active decloak attack using BTK3;
- WEP IV attack;
- WPA cracking using dictionary and brute force techniques (John or oclHashcat);
- WPA2 cracking;
Shad Malloy is a Network Security Analyst with a wide range of experience including virtualization, firewalls, SCADA, and enterprise security. Shad has over 16 years of experience as an information technology professional, with 6 years of penetration testing experience. He has worked with commercial and government clients including creation of the penetration testing program for Indian Health Services.
As a Network Security Analyst, Shad evaluates the internal and external security postures of enterprise networks. He surveys the client's network infrastructure, finding and reporting on exposed or at-risk configurations. After demonstrating how vulnerabilities in the client's network can be exploited to grant access and/or reveal sensitive data, he educates clients on the best ways to safeguard their environments.
Shad’s research focuses on the development of a Shellshock User-agent scanner and wireless attacks. He received his Bachelors of Computer Information Systems (B.S.) in 2003 from National American University.
Certified Information System Security Professional (CISSP)
Certified Ethical Hacker (CEH)
Certified Security Analyst (ECSA)
Certified Intrusion Prevention Specialist (CIPS)
The challenges assume that you have at a minimum the follow list of hardware:
- Linux based computer – I will be using a Kali Linux virtual machine running in VMWare Workstation
- Wireless Access Point – Almost all modern access points can be configured to use WEP, WPA, WPA2, and WPS. I purchased a second hand Linksys router and connected it to my primary wireless router. Many of the configurations that we will be testing are vulnerable and you should take care to put your WLAN in a secure posture after testing.
- Wireless Network Card capable of packet injection – I use an external Rosewill RNX-G1. This is solely due to using a virtual machine for testing. Steps to test for packet injection are included later if you are unsure of your cards capabilities.
- Wi-Fi enabled device – Many of the attacks that we will perform work more efficiently if a station is connected to the access point. Any device will work for this; during the examples I will have laptop computers or cell phones connected to the access point.
- Topic 1: Wireless Networking Basics and Terminology
- Topic 2: 802.11 Signal Coverage and Channel Usage
- Topic 3: 802.11 Security Protocols (OPN, WEP, Pre-Shared Key, WPA, Radius/802.1X, WPA2, WPS)
- Topic 4: Lab Hardware Setup
- Topic 5: Lab Software Setup and Configuration
- Challenge 1: MAC Filtering Bypass and Traffic Capture
- Topic 1: Wireless IV Weaknesses and Decloaking
- Challenge 1: Non-Broadcasting SSID, Decloaking using Wireshark, Decloaking using Airodump-ng
- Challenge 2: WEP Attacks, Passive IV Capture
- Topic 1: WPA Handshake and WPS Weaknesses
- Topic 2: Password Attacks, Distributed Services, GPU Attacks
- Challenge 1: WPA Attack
- Challenge 2: WPS Attack
- Topic 1: Wifite, Bully, MDK3, Crackq
- Challenge 1: WPA2 Attack
- Challenge 2: Automated Tool Attacks
What software will you use:
To achieve all of that you will need to have some powerful tools at your disposal.
Here is a list of software we want you to utilize:
If you are not familiar with those don’t worry, we’ll guide you through them!
If you have any questions, please contact us at [email protected].