WiFi Pentesting

Understand the basics of the WiFi protocol and the various security standards, including WiFi Protected Access 3 (WPA3). Learn the tools to use for recon and attack. Practice in emulated WiFi environments without any hardware requirements.
Write your awesome label here.
Starts: 20 April 2022  Duration: 4 weeks
Recordings of live sessions included!

What You'll Learn

This 4-week bootcamp will teach you how to pentest personal and enterprise WiFi networks. You will learn the basics of the WiFi protocol, the different security standards, including WiFi Protected Access 3 (WPA3), and their limitations. You will also learn how to use the different recon and attack tools to audit WiFi networks. Along with the instructor sessions, the cloud-based labs will allow you to practice these techniques without the need for your own WiFi hardware.

How? Usually, WiFi pentesting requires hardware labs but our “WiFi in the cloud” setup allows students to practice real-world attacks without requiring any local hardware. We do this by simulating multiple software-based WiFi devices which can act as either AP or Client.

In this bootcamp, you won’t have to worry about buying a router or setting up a VM – just learn, practice and get prepared to get certified!
Write your awesome label here.
  • 4 Live Sessions

  • 2.5 hrs per session

  • Over 50 Lab Exercises

  • 1 PAWSP Attempt

  • Recordings of Live Sessions

Build Your Cybersecurity Credentials

  • Become a Pentester Academy WiFi Security Professional (PAWSP)

PAWSP certifies you as a WiFi network pentester – passing the exam is verification of your mastery of the basics of the WiFi protocol and security standards, including Wi-Fi Protected Access 3 (WPA3) and that you’re adept at the tools used by industry professionals for recon and attack.

Specifically, the certification affirms your ability to offer stakeholders a full-fledged WiFi network penetration test, using skills including but not limited to: WiFi recon, traffic sniffing/capture, WEP/WPA2-PSK cracking, honeypot attacks on Enterprise clients and WPA3-SAE attacks.
  • Bootcamp Completion Certificate

Attendees will also get a course completion certificate after attending all 4 live sessions.

Live Session Schedule

Weekly 2 hr 30 min sessions start at 11:00pm ET and end at 01:30am ET.
20 April 2022
27 April 2022
04 May 2022

11 May 2022
Protocol Basics, Traffic Sniffing, and Recon
Security Standards for Personal Networks (WEP, WPA/WPA2-PSK)
Security Standards for Enterprise Networks (PEAP-GTC/MSCHAPv2, TTLS-PAP/MSCHAPv2)
Advanced Pivoting/Relay Attacks, Understanding WPA3

Enterprise-grade Training

Our WiFi Pentesting bootcamp is led by Black Hat instructor Nishant Sharma. Our instructors are subject matter experts and active researchers who have presented at top industry conferences and have authored open-source tools.

With fewer than 100 Black Hat instructors you can learn from in any year, this is your chance to get enterprise-quality training at a fraction of the cost!
Meet the instructor

Nishant Sharma

Nishant Sharma is a Security Research Manager at INE where he manages the development of next-generation on-demand labs. Prior to INE, he worked as R&D Head of Pentester Academy (Acquired by INE) where he has led a team of developers/researchers to create content and platform features for AttackDefense. He has also developed multiple gadgets for WiFi pentesting/monitoring such as WiMonitor, WiNX and WiMini. With over 9+ years of experience in development and content creation, he has conducted trainings/workshops at Blackhat Asia/USA, HITB Amsterdam/Singapore, OWASP NZ day, DEFCON USA villages. He has presented/published his work at Blackhat USA/Asia Arsenal, DEFCON USA/China, Wireless Village, Packet Village and IoT village. He has also conducted WiFi Pentesting training at Blackhat USA 2019, 2021. He had started his career as a firmware developer at Mojo Networks (Acquired by Arista) where he worked on new features for the enterprise-grade WiFi APs and maintenance of state-of-the-art WIPS. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi, Azure and Container security.
Nishant Sharma - Instructor

Who should join this bootcamp?

1. Anyone wanting to enter the industry as a network pentester
2. WiFi security enthusiasts and beginners
3. Suitable for beginners – all you need is a laptop and basic working knowledge of Linux.

Prerequisites

1. A basic knowledge of computers and networking
2. Familiarity with the Linux operating system

Course reviews

Nishant starts from the basics. My skill level was 0 out of 10 at the beginning, but now I rate myself 9 out of 10… and I’m certified PAWSP! Another great thing about this bootcamp is that you need nothing on your own computer – you don't have to worry about your VM and which version of Kali you have, and you don’t have to invest time and money to build your own lab to test your WiFi skills.
Charles Faes
Network and Security Engineer, Belgium
WiFi Pentesting Batch 1

Bootcamp Syllabus

Module I: Protocol Basics, Traffic Sniffing, and Recon

Before we start pentesting, we need to first understand how WiFi networks operate. Our first lesson therefore starts with WiFi basics – the different protocols and how data is transmitted.

Towards the second half of the session, we’ll move on to recon – the first phase of WiFi pentesting. You’ll learn how to sniff traffic using tcpdump/tshark/airodump-ng, scan the air to locate WiFi devices and understand their relationships. These concepts will be demonstrated in 5 hands-on lab exercises based on real-world pentesting assignments.
  • WiFi standard basics
  • Bands
  • Channels
  • SSID
  • BSSID
  • Frame structure and header
  • Transmission basics
  • Basic commands to interact with WiFi interface
  • Traffic sniffing
  • WiFi traffic sniffing
  • Monitor mode
  • Remote sniffing
  • Capturing and storing traffic
  • Discovering wireless networks and clients
  • Analyzing WiFi traffic (header/packet analysis)

Module II: Attacking Personal Networks

In this session, we run through the security standards personal WiFi networks use WEP, WPA/WPA2-PSK – and how their inherent shortcomings can be exploited.

Each security standard comes with 2 hands-on labs, where you will learn different attacks and pentesting tools, including breaking WEP, 4-way handshake cracking, deauth attack and AP-less attacks. At the end of the session, we’ll show you how to protect yourself (or your client) against such attacks.
  • Introduction to WiFi security schemes
  • WEP
  • WEP-40
  • WEP-104
  • Encryption-based
  • WPA (TKIP)
  • WPA2 (CCMP)
  • Management modes
  • Personal Network (PSK)
  • Enterprise network (EAP or MGT)
  • Observing the difference in packets
  • Lab 3 mentioned in module I
  • Cracking WEP
  • Theory and explanation
  • Live WEP cracking
  • Decrypting WEP traffic
  • Cracking WPA/WPA2-PSK
  • Theory and explanation
  • Live WPA-PSK cracking
  • Decrypting WPA-PSK traffic
  • AP-less Attacks

Module III: Attacking Enterprise Networks

Our 3rd session focuses on Enterprise networks – a totally different beast which requires a correspondingly different pentesting approach. We start by learning the differences between enterprise and personal WiFi networks and how enterprise WiFi network security standards (PEAP-GTC/MSCHAPv2, TTLS-PAP/MSCHAPv2) work.

In the second half of the session, you’ll learn how to design and execute honeypot attacks to break into enterprise networks using the latest open-source tools. As usual, you’ll learn both the theoretical and practical and reinforce your learning with 10+ lab exercises.
  • Understanding WPA/WPA2-EAP
  • PEAP
  • GTC
  • MSCHAPv2
  • TTLS
  • PAP
  • MSCHAPv2
  • Honeypot attacks
  • Creating fake networks
  • Evil twin attack
  • Karma attacks
  • Attacking WPA/WPA2-PEAP
  • Theory and explanation
  • PEAP-GTC
  • PEAP-MSCHAPv2
  • Attacking WPA/WPA2-TTLS
  • Theory and explanation
  • TTLS-PAP
  • TTLS-MSCHAPv2

Module IV: Advanced Attacks and WPA3

By this time, you’d have learnt a variety of standard WiFi attacks. The final session will show you more elaborate WiFi attacks – pivoting, which lets an attacker access machines not directly connected to the WiFi network, and advanced PEAP-relay attack on enterprise networks,

As a capstone module, we’ll end the session with a detailed discussion of WPA3 – the newest gold standard of WiFi Security, learn to perform possible attacks and discuss other potential ways to compromise it. You’ll also get to ask any questions about the upcoming exam.
  • PEAP-relay attack
  • WiFi pivoting
  • Introduction to WPA3
  • WPA3-OWE (Opportunistic Wireless Encryption)
  • WPA3-SAE (Simultaneous Authentication of Equals)
  • WPA3-SAE Transition Mode
  • WPA3-Enterprise
  • Proposed attacks on WPA3
Meet the instructor

Nishant Sharma

Nishant Sharma is a Security Research Manager at INE where he manages the development of next-generation on-demand labs. Prior to INE, he worked as R&D Head of Pentester Academy (Acquired by INE) where he has led a team of developers/researchers to create content and platform features for AttackDefense. He has also developed multiple gadgets for WiFi pentesting/monitoring such as WiMonitor, WiNX and WiMini. With over 9+ years of experience in development and content creation, he has conducted trainings/workshops at Blackhat Asia/USA, HITB Amsterdam/Singapore, OWASP NZ day, DEFCON USA villages. He has presented/published his work at Blackhat USA/Asia Arsenal, DEFCON USA/China, Wireless Village, Packet Village and IoT village. He has also conducted WiFi Pentesting training at Blackhat USA 2019, 2021. He had started his career as a firmware developer at Mojo Networks (Acquired by Arista) where he worked on new features for the enterprise-grade WiFi APs and maintenance of state-of-the-art WIPS. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi, Azure and Container security.
Nishant Sharma - Instructor

Can't attend this bootcamp? Get informed about future bootcamps!

Thank you!
Thank you!
Created with