back to workshop overview

Workshop

Modern Wi-Fi Hacking

Register

April 23rd & 24th, 2024

2 days training, by Michael Kruger
This training will be given in ENGLISH

Normal price: CHF 2’000.–
Student price: CHF 1’500.- (limited availability)

Description

If you want to really understand what’s going on and master Wi-Fi attacks in such a way that you can vary them when you encounter real world complexities, this course will teach you what you need to know.

This course is highly practical, with concepts taught through theory delivered while your hands are on the keyboard, and semi-self-directed practicals at the end of each section to reinforce the learning. The course is hosted in a “Wi-Fi in the cloud” environment we invented several years ago, which means no more fiddling with faulty hardware or turning the classroom into a microwave. Designed, developed and delivered by the team behind some of the most commonly used Wi-Fi hacking tools such as hostapd-mana, berate_ap and wpa_sycophant. This course aims to expose you to the Wi-Fi hacking methodologies used by active penetration testers on their day to day journey with clients and assessments.

About the trainer

Michael Kruger is a senior security analyst at SensePost and previously completed an honours degree in Computer Science at Rhodes University. He spends most of his time procrastinating writing reports, and in between manages to persist at Wi-Fi hacks others told him would never work.

SensePost Training is a division of Orange Cyberdefense South Africa focused on the creation and delivery of world-class ethical hacking trainings. Providing real-world trainings derived from the work performed for clients it is practical and lab driven. SensePost have trained 1000s of students over the last 2 decades.

Course outline

Module 1 – Introduction

  • How & Why
  • When and why to use Wi-Fi attacks
  • Physical & Low Level
  • Understanding spectrum, signals and propagation
  • Peculiarities of crowded Wi-Fi spectrum & resulting behaviour in Tx & Rx
  • Understanding hardware – cards, antennas. Practical recommendations
  • Specifics of Wi-Fi signalling

Module 2 – Monitor Mode

  • How it works. What you get. Why it isn’t promiscuous.
  • Prism/Radiotap headers & how driver implementations differ.
  • Investigating different frequencies such as 5GHz and 6GHz.

Module 3 – Probing, Tracking & Deanonymisation

  • Management frames – beacons & probes
  • Device probe’ing behaviour

Module 4 – WPA/2/3 PSK

  • What it is
  • IEEE & WEP history
  • 4-way handshake crypto
  • Handshakes, Capturing & Deauthing
  • Broken handshake debugging
  • PMKID attacks
  • WPS attacks
  • Advanced attacks
  • Approaches and methodologies for the real world
  • WPA3
  • The Dragonfly handshake
  • Other WPA3 improvements/defences
  • Opportunistic Wireless Encryption (OWE) overview

Module 5 – EAP

  • What it is
  • Generic EAP flow
  • Specific EAP types and how they work
  • PEAP
  • Deep inside the second tunnel
  • CVE-2019-6203
  • EAP-GTC downgrade attack (LootyBooty)

Module 6 – EAP-TLS

  • What it is
  • Understanding/breaking cert validation

Bonus Module (If time permits) – Tunnelled EAP Relays

  • What it is
  • Understanding defences

Practical exercises per module and to be completed throughout.

Course requirements

Pre-Requisites

  • Knowledge with linux command line
  • Understanding of computer networking

Software requirements

  • A working laptop with a modern browser (FireFox/Chrome Preferred)

Organized by

Sponsors

Technology partners

Partner events

Scroll to Top