About the course
Cert: GAWN GIAC Assessing and Auditing Wireless Networks
SEC617 will give you the skills you need to understand the security strengths and weaknesses in wireless systems. In this course, you will learn how to evaluate the ever-present cacophony of Wi-Fi networks and identify the Wi-Fi access points and client devices that threaten your organization; assess, attack, and exploit deficiencies in modern Wi-Fi deployments using WPA2 technology, including sophisticated WPA2-Enterprise networks; use your understanding of the many weaknesses in Wi-Fi protocols and apply it to modern wireless systems; and identify and attack Wi-Fi access points and exploit the behavioural differences in how client devices scan for, identify, and select access points.
What You Will Learn
This course is designed for professionals seeking a comprehensive technical ability to understand, analyze, and defend the various wireless technologies that have become ubiquitous in our environments and, increasingly, key entrance points for attackers.
The authors of SEC617, as penetration testers themselves, know that many organizations overlook wireless security as an attack surface, and therefore fail to establish required defenses and monitoring, even though wireless technologies are now commonplace in executive suites, financial departments, government offices, manufacturing production lines, retail networks, medical devices, and air traffic control systems. Given the known risks of insecure wireless technologies and the attacks used against them, SEC617 was designed to help people build the vital skills needed to identify, evaluate, assess, and defend against these threats. These skills are 'must-have' for any high-performing security organization.
NOW COVERING WI-FI, ZIGBEE, Z-WAVE, DECT, RFID, AND SOFTWARE -DEFINED RADIO
For many analysts, "wireless" was once synonymous with "Wi-Fi," the ever-present networking technology, and many organizations deployed complex security systems to protect these networks. Today, wireless takes on a much broader meaning -- not only encompassing the security of Wi-Fi systems, but also the security of Bluetooth, Zigbee, Z-Wave, DECT, RFID, NFC, contactless smart cards, and even proprietary wireless systems. To effectively evaluate the security of wireless systems, your skillset needs to expand to include many different types of wireless technologies.
EXPLORE WI-FI ATTACKS AGAINST WINDOWS, MacOS, iOS, AND ANDROID
SEC617 will give you the skills you need to understand the security strengths and weaknesses of wireless systems. You will learn how to evaluate the ever-present cacophony of Wi-Fi networks and identify the Wi-Fi access points (APs) and client devices that threaten your organization. You will learn how to assess, attack, and exploit deficiencies in modern Wi-Fi deployments using WPA2 technology, including sophisticated WPA2 Enterprise networks. You will gain a strong, practical understanding of the many weaknesses in Wi-Fi protocols and how to apply that understanding to modern wireless systems. Along with identifying and attacking Wi-Fi access points, you will learn to identify and exploit the behavioral differences in how client devices scan for, identify, and select APs, with deep insight into the behavior of the Windows 10, macOS, Apple iOS, and Android Wi-Fi stacks.
EXAMINE BLE TECHNOLOGY WITH NEW INSIGHT, CERTIFYING DEVICES FOR USE
A significant portion of the course focuses on Bluetooth and Bluetooth Low Energy (BLE) attacks, targeting a variety of devices, including wireless keyboards, smart light bulbs, mobile devices, audio streaming devices, and more. You will learn to assess a target Bluetooth device, identify the present (or absent) security controls, and apply a solid checklist to certify a device's security for use within your organization.
LEARN TO ATTACK POPULAR WIRELESS TECHNOLOGY BEYOND WI-FI TARGETS
Beyond analyzing Wi-Fi and Bluetooth security threats, analysts must also understand many other wireless technologies that are widely utilized in complex systems. SEC617 provides insight and hands-on training to help analysts identify and assess the use of Zigbee and Z-Wave wireless systems used for automation, control, and smart home systems. The course also investigates the security of cordless telephony systems in the worldwide Digital Enhanced Cordless Telephony (DECT) standard, including audio eavesdropping and recording attacks.
ATTACK AND MANIPULATE RFID AND NFC SYSTEMS
Radio frequency identification (RFID), near field communication (NFC), and contactless smart card systems are more popular than ever in countless applications such as point of sale systems and data center access control systems. You will learn how to assess and evaluate these deployments using hands-on exercises to exploit the same kinds of flaws discovered in mass transit smart card systems, hotel guest room access systems, and more.
GAIN NEW INSIGHT INTO WIRELESS PROTOCOLS WITH SOFTWARE-DEFINED RADIO
In addition to standards-based wireless systems, we also dig deeper into the radio spectrum using software-defined radio (SDR) systems to scour for signals. Using SDR, you will gain new insight into how widely pervasive wireless systems are deployed. With your skills in identifying, decoding, and evaluating the data these systems transmit, you will be able to spot vulnerabilities even in custom wireless infrastructures.
JUMPSTART YOUR TOOLKIT WITH SOFTWARE AND HARDWARE ASSESSMENT TOOLS SUPPLIED IN CLASS
SEC617 is a technical, hands-on penetration testing skill-development course that requires a wide variety of super-useful hardware and software tools to successfully build new skills. In this course, you will receive the SANS Wireless Assessment Toolkit (SWAT), which is a collection of hardware and software tools that will jumpstart your ability to assess wireless systems. The toolkit includes a high-powered 802.11b/g/n Wi-Fi card, a long-range Bluetooth Classic/Low Energy adapter, a high-frequency RFID reader and writer, and a software-defined radio receiver. You will also receive a customized Linux software environment so you can work on assessing systems and avoid fighting hardware/software incompatibility.
You Will Be Able To
- Identify and locate malicious rogue access points using free and low-cost tools
- Conduct a penetration test against low-power wireless devices to identify control system and related wireless vulnerabilities
- Identify vulnerabilities and bypass authentication mechanisms in Bluetooth networks
- Utilize wireless capture tools to extract audio conversations and network traffic from DECT wireless phones
- Implement a WPA2 Enterprise penetration test to exploit vulnerable wireless client systems for credential harvesting
- Utilize Scapy to force custom packets to manipulate wireless networks in new ways, quickly building custom attack tools to meet specific penetration test requirements
- Identify Wi-Fi attacks using network packet captures traces and freely available analysis tools
- Identify and exploit shortcomings in the security of proximity key card systems
- Decode proprietary radio signals using Software-Defined Radio
- Mount a penetration test against numerous standards-based or proprietary wireless technologies
What You Will Receive
- Step-by-step instructions for all lab exercises
- Cheatsheets used for quick reference to detailed information sources
- Access to associated software, files, and analysis resources
- MP3 audio files of the complete course lectures
SWAT Hardware Kit:
Panda PAU6 Wi-Fi card
Bluetooth UD100 adapter
ACR122U RFID read/writer
RTL-SDR radio and antenna (R820T2)
MIFARE Ultralight key fob
Raspberry Pi 3 CanaKit (617.PiPoint.01) (16gb) (SD Card)
4 port USB hub
Cat5 Cable Retractable
SWAT Hardware Kit:
ACR122U RFID read/writer #2
Raspberry Pi 3 CanaKit (617.PiSense.01) (16gb) (SD Card)
Note: this comes with a US plug. International students, please obtain an adapter.
MIFARE Classic 1K smart card
Syllabus (36 CPEs)
SEC617.1: Wi-Fi Data Collection and Analysis
SEC617.2: Wi-Fi Attack and Exploitation Techniques
SEC617.3: Enterprise Wi-Fi, DECT, and Zigbee Attacks
SEC617.5: RFID, Smart Cards, and NFC Hacking
SEC617.6: Capture the Flag Event
GIAC Assessing and Auditing Wireless Networks
The GAWN certification is designed for technologists who need to assess the security of wireless networks. The certification focuses on the different security mechanisms for wireless networks, the tools and techniques used to evaluate and exploit weaknesses, and techniques used to analyze wireless networks. Students will not only gain experience using tools to assess wireless networks, they will understand how the tools operate and the weaknesses in protocols that they evaluate.
- 802.11 Fuzzing Attacks, Attacking Weak Encryption, Bluetooth Attacks, and Bluetooth Low Energy Attacks
- Bridging the Air Gap, DECT, DoS on Wireless Networks, High-Frequency RFID Attacks, and RFID applications
- Hotspots, Low-Frequency RFID Attacks, NFC, Practical SDR Attacks, and Rogue Networks
- Sniffing Wireless, Wireless Basics, Wireless Client Attacks, WPA2, and Zigbee