Wi-Fi Security - Offensive Defence

Provided by

About the course

This two day course provides a comprehensive guide to the assessment and testing of an organisation's security posture with regard to its implementation of Wi-Fi communications. The course spans Wi-Fi standards, their capabilities, operation, intelligence opportunities, threats posed, exploitation and Wi-Fi auditing and pen testing workflow. Attend one day, or all three to suit your needs and or exposure to Wi-Fi security technology and level of hands on required. We will review the wide range of key processes of Wi-Fi networks from discovery to authentication, association, higher level authentication and dissociation. Each of these areas will examine methods of exploitation as well as mitigation. The course is delivered through presentations, discussions, practical demonstrations and hands on labs. You will gain practical hands-on experience of implementing and using technical security controls in labs using real world equipment and will be given the skills and tools to create your own Wi-Fi auditing and pen testing suite. Prerequisites • This course is aimed at security analysts working in public and private sectors who are looking to ensure that they are aware of the vulnerability exposure and defensive countermeasures through the use of Wi-Fi. • Familiarity with Linux command line and basic networking principles is encouraged. Delegates will learn how to • Evolution of 802.11 standards • Passive intelligence exploitation • Building COTS Wi-Fi survey kit • Performing Wi-Fi site survey • Testing Wi-Fi encryption strength • Circumventing Wi-Fi encryption through social engineering • Mitigation techniques • Common post exploitation activities • Audit Scoping and Reporting Outline Day 1 - Wi-Fi Security Foundation – Risks, Flaws and Bad Design • 802.11 Overview • Wi-Fi Fundamentals • Wi-Fi Operating Modes • Wi-Fi Management frames • Wi-Fi Design Flaws • Deauthentication vulnerability • Encryption standards and Vulnerabilities • Intelligence Leakage from Beacons and Probes • Device Vectoring • Device previous locations • Site Survey • Choosing Equipment • Kit List • Kit Preparation • Introduction to the aircrack-ng suite Day 2 - Wi-Fi Security Intermediate – Threats and Countermeasures • Device Vectoring Practical • Site Survey Practical • Rogue access points • Karma Attack • Misconfigured devices • BYOD • Breaking Encryption • Testing WEP • Testing WPA-TKIP • Testing WPA-AES • Testing WPA2 • Encryption circumvention • Post exploitation activities • Device Hardening • Mitigation techniques

Related article

As we become more reliant on digital technologies, the cyber security industry has grown in order to protect organisations against online attacks. ...