Wireless Vulnerability Analysis and Defense: Wifi Security

Duration:

5 days

Prerequisites:

  1. Solid knowledge of TCP/IP and networking
  2. Ability to configure Wireless Access Points and clients
  3. Basic working knowledge of Linux
  4. Solid 802.11 WLAN foundation

This course is ideally suited to specialized military personnel, law enforcement and penetration testers.

Course Description:

This built-from-scratch course, which is approximately 85% hands-on, puts you in the role of attacker.  No long lectures on concepts or memorization of IETF standards, here.  We’ll talk with you about the considerations of the attack, the way you should be thinking and then let you get to doing it.  It’s the best way to learn.  This course does not DIRECTLY teach you how to defend wireless networks; it teaches you how to attack them.  Once compromised you can provide security recommendations to your customer.  The post-mortem procedures will vary from organization to organization or pen tester to pen tester.  This course is not focused on that aspect of WLAN compromise.  Put more succinctly, what you do post-compromise is up to you [and your customer], we’re just here to teach you how to attack the wireless network. It should go without saying that we neither advocate or condone the use of these attacks techniques for illegal, unethical or unsanctioned reasons.  ITdojo only works with industry professionals so this isn’t something that needs to be said over and over.  We all know right versus wrong so we can go ahead and get down to pushing, poking and prodding a WLAN to see how we’re going to get in. When completed you will be a formidable threat to almost every WLAN out there.  We don’t promise they will all bow down before you but you will be someone worthy of their respect.

Course Objectives:

Here is a list of some of the things you are going learn in class:

  • You will become intimate with the aircrack-ng suite of tools.  They are some of the best and most versatile tools out there; you’ll know them like family when completed.
  • You’ll learn how to tell if MAC filters are in use and how to bypass them.
  • If making WLANs stop working is your objective, we’ve got you covered.  There are several ways to deny service to wireless users.  We  show you more than a few ways to commence a WLAN beat-down.
  • We all know that WEP is busted 56 different ways and that it is an awful choice, even on my mother’s home network.  But that doesn’t mean people don’t still use it.  You need to know all the ways in which it can be cracked and how to get your mits on the key as quickly as possible.
  • WPA-PSK is probably the most common security you are going to come up against.  Depending on the situation, there are many ways to attack it.  You will attack WPA-PSK from every angle.
  • WPA attacks need good lists and, sometimes, some good guessing.  We will show you a variety of techniques to create WPA-PSK optimized wordlists and target-specific wordlist.  If that doesn’t open the door we’ll show you how to fully leverage the available brute-force options at your disposal.
  • We’ll also show you how to take WLAN key recovery efforts into the cloud.  There are some powerful tools and powerful servers waiting for you to leverage them.
  • Lots and lots of tools are used in this course.  When you’re serious about attacking WLANs you’ll be using Linux.  Microsoft OS’ are targets, never attackers.  But that doesn’t mean there aren’t some fun things we can do with Microsoft OS’ wireless functionality.  Come to class.  We’ll show you!

WiFi Pineapple Mark V

If you are already in the world of WLAN security and haven’t heard of the Wifi Pineapple Mark V then …congratulations on coming out of your coma!  Welcome back!  Unlike any other course out there we spend a tremendous amount of hands-on time working with the WiFi Pineapple.  It is an incredibly versatile tool that is a powerful addition to your attacks.  We’ll show you how to use the Pineapple Mark V …in detail. Using the Pineapple Mark V we will teach you many things, including:

  • How to leave your Pineapple on-site and always be able to get to it from the comforts of home …even if it is behind a NAT or a Firewall.
  • How to steal passwords and other various login credentials.
  • How to watch what your targets are doing on the Internet.
  • How to set up fake web pages, portals and other credential-grabbing mischief …all from the Pineapple.
  • How to use your Pineapple to perform MitM attacks
  • And more… the WiFi Pineapple is a “living thing”, new functionality is being added and updated all the time.  As it changes, so does the material in this course.

Things you should know before coming to class:

As you read the bulleted list below don’t get discouraged if you aren’t prepared to teach a class on the topics.  We can fill in the gaps or give you a quick refresher if you need some reminding.  But if you have no idea what the bullets below are talking about then this is not the best course for you.  We recommend you start with our WLAN administration & security course.  After that, you will be ready for this course.

  • You should have a good background in the relevant 802.11 WLAN standards
  • 802.11 Operation Modes (Infrastructure, Ad-Hoc)
  • Understanding 802.11 packet types (Beacon Frames, Probe Request, Probe Response, etc.)
  • Client / AP interaction – Specifically, how do client and AP interact as it relates to authentication, association, disassociation, etc.
  • Understanding signal strength – milliwats, dBm, RSSI and what they, in a practical sense, mean for a WLAN.
  • Antenna and hardware selection – Yagi vs Omni vs Parabolic Dish.  Why would you use one versus another and what impact antenna gain has on their use.