Duration:
5 days or 10 Days
Course Code: OFFWIFI
Audience:
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites:
- Solid knowledge of TCP/IP and networking
- Ability to configure Wireless Access Points and clients
- Basic working knowledge of Linux
- Solid 802.11 WLAN foundation
- This course is ideally suited to specialized military personnel, law enforcement and penetration testers.
Course Description:
This built-from-scratch course, which is approximately 90% hands-on, puts you in the role of attacker. No long lectures on concepts or memorization of IETF standards, here. We’ll talk with you about the considerations of the attack, the way you should be thinking and then let you get to doing it. It’s the best way to learn. This course does not DIRECTLY teach you how to defend wireless networks; it teaches you how to attack them. Once compromised you can provide security recommendations to your customer. The post-mortem procedures will vary from organization to organization or pen tester to pen tester. This course is not focused on that aspect of WLAN compromise. Put more succinctly, what you do post-compromise is up to you [and your customer], we’re just here to teach you how to attack the wireless network. It should go without saying that we neither advocate or condone the use of these attacks techniques for illegal, unethical or unsanctioned reasons. ITdojo only works with industry professionals so this isn’t something that needs to be said over and over. We should all know right versus wrong so we can go ahead and get down to pushing, poking and prodding a WLAN to see how we are going to get in. When completed you will be a formidable threat to almost every WLAN out there. We don’t promise they will all bow down before you but you will be someone worthy of their respect.
Course Objectives:
- You will become intimate with the aircrack-ng suite of tools. They are some of the best and most versatile tools out there; you’ll know them like family when completed.
- You’ll learn how to tell if MAC filters are in use and how to bypass them.
- If making WLANs stop working is your objective, we’ve got you covered. There are several ways to deny service to wireless users. We show you more than a few ways to commence a WLAN beat-down.
- By now we should all know that WEP is busted 56 different ways and that it is an awful choice, even on my mother’s home network. But that doesn’t mean people don’t still use it. From time-to-time it is still encountered. To make sure you are a well-rounded attacker, ready for any situation, we will show you multiple different ways to recover a WEP key, even when the only thing you have to target is a client.
- WPA2-PSK is the most common security you are going to come up against. Depending on the situation, there are many ways to attack it. In class, you attack WPA-PSK from every angle.
- WPA attacks need good lists and, sometimes, some good guessing. We will show you a variety of techniques to create WPA-PSK optimized wordlists and target-specific wordlist. If that doesn’t open the door we’ll show you how to fully leverage the available brute-force options at your disposal.
- Lots and lots of tools are used in this course. You will find a near complete list of tools used in class down below. When you’re serious about attacking WLANs you’ll be using Linux; Microsoft Windows is poorly suited to being a WLAN attack platform. But that doesn’t mean there aren’t some fun things we can do with Microsoft OS’ wireless functionality. In class we will show you!
- We will examine the current state of affairs for security in WPA3 networks.
- Strategies for attacking networks that use enterprise-level WLAN security (PEAP, EAP-TLS). Theses networks can be significantly more formidable but there are some tools and techniques that can be used to gain access to the network.
Operating Systems Used:
- Kali Linux
- Microsoft Windows
- MacOS
- Apple iOS
- Android
Standard Linux Tools Used:
vim, nano, ifconfig, ip, apt, lynx, wget, wc, grep, uniq, sort, tail, time, less, git, zcat, yum, chmod, nmcli, curl, etc.
Wireless tools / other utilities used:
Some custom python scripts, crunch, tshark, wireshark, gpsd, cgps, gpsmon, iw, iwlist, iwconfig, rfkill, hcxtools, bettercap, eaphammer, airgeddon, pwnagotchi, wifite, aircrack-ng suite (airmon-ng, airodump-ng, aircrack-ng, aireplay-ng, airbase-ng, airdecap-ng, ), wpa-supplicant, wifite, pw-inspector, wpa_cli, cowpatty, genpmk, wifiphisher, dnsmasq, msfvenom, msfconsole, Fluxion, mdk3, wash, hostapd, hostapd-wpe, reaver, pixieWPS, wpaclean, Kismet, macchanger, airport (MacOS), netsh (Windows), crunch, noobify, RSMangler, JTR (John the Ripper) and hashcat,
Hardware used in class:
This course leverages the Raspberry Pi as the attack platform. We also use Alfa WLAN adapters to provide a consistent, expected level of performance from the tools you utilize.
Things you should know before coming to class:
As you read the bulleted list below don’t get discouraged if you aren’t prepared to teach a class on the topics. We can fill in the gaps or give you a quick refresher if you need some reminding. But if you have no idea what the bullets below are talking about then this is not the best course for you. We recommend you start with our WLAN administration & security course. After that, you will be ready for this course.
- You should have a good background in the relevant 802.11 WLAN standards
- 802.11 Operation Modes (Infrastructure, Ad-Hoc)
- Understanding 802.11 packet types (Beacon Frames, Probe Request, Probe Response, etc.)
- Client / AP interaction – Specifically, how do client and AP interact as it relates to authentication, association, disassociation, etc.
- Understanding signal strength – milliwats, dBm, RSSI and what they, in a practical sense, mean for a WLAN.
- Antenna and hardware selection – Yagi vs Omni vs Parabolic Dish. Why would you use one versus another and what impact antenna gain has on their use.
- Some fundamental knowledge of Python will serve you well in this course. It is not a requirement but certainly a plus.