5 days or 10 Days
Course Code: OFFWIFI


Employees of federal, state and local governments; and businesses working with the government.


  1. Solid knowledge of TCP/IP and networking
  2. Ability to configure Wireless Access Points and clients
  3. Basic working knowledge of Linux
  4. Solid 802.11 WLAN foundation

This course is ideally suited to specialized military personnel, law enforcement and penetration testers.

Course Description:

This built-from-scratch course, which is approximately 85% hands-on, puts you in the role of attacker.  No long lectures on concepts or memorization of IETF standards, here.  We’ll talk with you about the considerations of the attack, the way you should be thinking and then let you get to doing it.  It’s the best way to learn.  This course does not DIRECTLY teach you how to defend wireless networks; it teaches you how to attack them.  Once compromised you can provide security recommendations to your customer.  The post-mortem procedures will vary from organization to organization or pen tester to pen tester.  This course is not focused on that aspect of WLAN compromise.  Put more succinctly, what you do post-compromise is up to you [and your customer], we’re just here to teach you how to attack the wireless network. It should go without saying that we neither advocate or condone the use of these attacks techniques for illegal, unethical or unsanctioned reasons.  ITdojo only works with industry professionals so this isn’t something that needs to be said over and over.  We all know right versus wrong so we can go ahead and get down to pushing, poking and prodding a WLAN to see how we’re going to get in. When completed you will be a formidable threat to almost every WLAN out there.  We don’t promise they will all bow down before you but you will be someone worthy of their respect.

Course Objectives:

Here is a list of some of the things you are going learn in class:

  • You will become intimate with the aircrack-ng suite of tools.  They are some of the best and most versatile tools out there; you’ll know them like family when completed.
  • You’ll learn how to tell if MAC filters are in use and how to bypass them.
  • If making WLANs stop working is your objective, we’ve got you covered.  There are several ways to deny service to wireless users.  We  show you more than a few ways to commence a WLAN beat-down.
  • We all know that WEP is busted 56 different ways and that it is an awful choice, even on my mother’s home network.  But that doesn’t mean people don’t still use it.  You need to know all the ways in which it can be cracked and how to get your mits on the key as quickly as possible.
  • WPA-PSK is probably the most common security you are going to come up against.  Depending on the situation, there are many ways to attack it.  You will attack WPA-PSK from every angle.
  • WPA attacks need good lists and, sometimes, some good guessing.  We will show you a variety of techniques to create WPA-PSK optimized wordlists and target-specific wordlist.  If that doesn’t open the door we’ll show you how to fully leverage the available brute-force options at your disposal.
  • We’ll also show you how to take WLAN key recovery efforts into the cloud.  There are some powerful tools and powerful servers waiting for you to leverage them.
  • Lots and lots of tools are used in this course.  When you’re serious about attacking WLANs you’ll be using Linux.  Microsoft OS’ are targets, never attackers.  But that doesn’t mean there aren’t some fun things we can do with Microsoft OS’ wireless functionality.  Come to class.  We’ll show you!

WiFi Pineapple

If you are already in the world of WLAN security and haven’t heard of the Wifi Pineapple then …congratulations on coming out of your coma!  Welcome back!  Unlike any other course out there we spend a tremendous amount of hands-on time working with the WiFi Pineapple.  It is an incredibly versatile tool that is a powerful addition to your attacks.  We’ll show you how to use the Pineapple …in detail. Using the Pineapple we will teach you many things, including:

  • How to leave your Pineapple on-site and always be able to get to it from the comforts of home …even if it is behind a NAT or a Firewall.
  • How to steal passwords and other various login credentials.
  • How to watch what your targets are doing on the Internet.
  • How to set up fake web pages, portals and other credential-grabbing mischief …all from the Pineapple.
  • How to use your Pineapple to perform MitM attacks
  • And more… the WiFi Pineapple is a “living thing”, new functionality is being added and updated all the time.  As it changes, so does the material in this course.

Equipment used:

Course Equipment:
Various WLAN Adapters including:
 Panda Wireless PAU09 N600 USB WLAN adapter
 AWUS036NEH Long Range WIRELESS 802.11b/g/n Wi-Fi USBAdapter
 TP-Link N150 Wireless High Gain USB Adapter (TL-WN722N)
802.11 Access Points:
COTS APs running DD-WRT Firmware
Wifi Pineapple Tetra and Nano
The Pineapple has many internal tools but also includes p0f, SSLsplit, DWall, ettercap & DNSMasq
Operating Systems Used:
Kali Linux
Microsoft Windows
Apple iOS
Amazon AWS EC2 Instances
Standard Linux tools:
vim, nano, ifconfig, ip, apt, lynx, wget, wc, grep, uniq, sort, tail, time, less, git, zcat, yum, chmod, nmcli,
Wireless tools / utilities used:
some custom python scripts, crunch, tshark, wireshark, gpsd, cgps, iw, iwlist, iwconfig, pyrit, aircrack-ng suite (airmon-ng, airodump-ng, aircrack-ng, aireplay-ng, airbase-ng, airdecap-ng, ), wpa-supplicant, wifite, pw-inspector, wpa_cli, cowpatty, genpmk, wifiphisher, dnsmasq, msfvenom, msfconsole, Fluxion, mdk3, wash, hostapd-wpe, john (jtr), wpaclean, reaver, pixiewps, kismet, macchanger, wifi-honey, krack attack scripts (new), airport (MacOS), netsh (Windows)

Things you should know before coming to class:

As you read the bulleted list below don’t get discouraged if you aren’t prepared to teach a class on the topics.  We can fill in the gaps or give you a quick refresher if you need some reminding.  But if you have no idea what the bullets below are talking about then this is not the best course for you.  We recommend you start with our WLAN administration & security course.  After that, you will be ready for this course.

  • You should have a good background in the relevant 802.11 WLAN standards
  • 802.11 Operation Modes (Infrastructure, Ad-Hoc)
  • Understanding 802.11 packet types (Beacon Frames, Probe Request, Probe Response, etc.)
  • Client / AP interaction – Specifically, how do client and AP interact as it relates to authentication, association, disassociation, etc.
  • Understanding signal strength – milliwats, dBm, RSSI and what they, in a practical sense, mean for a WLAN.
  • Antenna and hardware selection – Yagi vs Omni vs Parabolic Dish.  Why would you use one versus another and what impact antenna gain has on their use.