WiFi Pentesting

Understand the basics of the WiFi protocol and the various security standards, including WiFi Protected Access 3 (WPA3). Learn the tools to use for recon and attack. Practice in emulated WiFi environments without any hardware requirements.
Write your awesome label here.
Starts: 03 July 2021  Duration: 4 weeks
Recordings of live sessions included!

What You'll Learn

This 4-week bootcamp will teach you how to pentest personal and enterprise WiFi networks. You will learn the basics of the WiFi protocol, the different security standards, including WiFi Protected Access 3 (WPA3), and their limitations. You will also learn how to use the different recon and attack tools to audit WiFi networks. Along with the instructor sessions, the cloud-based labs will allow you to practice these techniques without the need for your own WiFi hardware.

How? Usually, WiFi pentesting requires hardware labs but our unique “WiFi in the cloud” setup allows students to practice real-world attacks without requiring any local hardware. We do this by simulating multiple software-based Wi-Fi devices which can act as either AP or Client.

In this bootcamp, you won’t have to worry about buying a router or setting up a VM – just learn, practice and get prepared to get certified!
Write your awesome label here.
  • 4 Live Sessions

  • 2.5 hrs per session

  • Over 50 Lab Exercises

  • 1 PAWSP Attempt

  • Recordings of Live Sessions

Build Your Cybersecurity Credentials

  • Become a Pentester Academy WiFi Security Professional (PAWSP)

PAWSP certifies you as a WiFi network pentester – passing the exam is verification of your mastery of the basics of the WiFi protocol and security standards, including Wi-Fi Protected Access 3 (WPA3) and that you’re adept at the tools used by industry professionals for recon and attack.

Specifically, the certification affirms your ability to offer stakeholders a full-fledged WiFi network penetration test, using skills including but not limited to: WiFi recon, traffic sniffing/capture, WEP/WPA2-PSK cracking, honeypot attacks on Enterprise clients and WPA3-SAE attacks.
  • Bootcamp Completion Certificate

Attendees will also get a course completion certificate after attending all 4 live sessions.

Live Session Schedule

Weekly 2 hr 30 min sessions start at 10:00am ET and end at 12:30pm ET.
03 July 2021
10 July 2021
17 July 2021

24 July 2021
Protocol Basics, Traffic Sniffing, and Recon
Security Standards for Personal Networks (WEP, WPA/WPA2-PSK)
Security Standards for Enterprise Networks (PEAP-GTC/MSCHAPv2, TTLS-PAP/MSCHAPv2)
Advanced Pivoting/Relay Attacks, Understanding WPA3

Who should join this bootcamp?

1. Anyone wanting to enter the industry as a network pentester
2. WiFi security enthusiasts and beginners
3. Suitable for beginners – all you need is a laptop and basic working knowledge of Linux.

Prerequisites

1. A basic knowledge of computers and networking
2. Familiarity with the Linux operating system

Course reviews

Nishant starts from the basics. My skill level was 0 out of 10 at the beginning, but now I rate myself 9 out of 10… and I’m certified PAWSP! Another great thing about this bootcamp is that you need nothing on your own computer – you don't have to worry about your VM and which version of Kali you have, and you don’t have to invest time and money to build your own lab to test your WiFi skills.
Charles Faes
Network and Security Engineer, Belgium
WiFi Pentesting Batch 1

Bootcamp Syllabus

Module I: Protocol Basics, Traffic Sniffing, and Recon

Before we start pentesting, we need to first understand how WiFi networks operate. Our first lesson therefore starts with WiFi basics – the different protocols and how data is transmitted.

Towards the second half of the session, we’ll move on to recon – the first phase of WiFi pentesting. You’ll learn how to sniff traffic using tcpdump/tshark/airodump-ng, scan the air to locate WiFi devices and understand their relationships. These concepts will be demonstrated in 5 hands-on lab exercises based on real-world pentesting assignments.
  • WiFi standard basics
  • Bands
  • Channels
  • SSID
  • BSSID
  • Frame structure and header
  • Transmission basics
  • Basic commands to interact with WiFi interface
  • Traffic sniffing
  • WiFi traffic sniffing
  • Monitor mode
  • Remote sniffing
  • Capturing and storing traffic
  • Discovering wireless networks and clients
  • Analyzing WiFi traffic (header/packet analysis)

Module II: Attacking Personal Networks

In this session, we run through the security standards personal WiFi networks use WEP, WPA/WPA2-PSK – and how their inherent shortcomings can be exploited.

Each security standard comes with 2 hands-on labs, where you will learn different attacks and pentesting tools, including breaking WEP, 4-way handshake cracking, deauth attack and AP-less attacks. At the end of the session, we’ll show you how to protect yourself (or your client) against such attacks.
  • Introduction to WiFi security schemes
  • WEP
  • WEP-40
  • WEP-104
  • Encryption-based
  • WPA (TKIP)
  • WPA2 (CCMP)
  • Management modes
  • Personal Network (PSK)
  • Enterprise network (EAP or MGT)
  • Observing the difference in packets
  • Lab 3 mentioned in module I
  • Cracking WEP
  • Theory and explanation
  • Live WEP cracking
  • Decrypting WEP traffic
  • Cracking WPA/WPA2-PSK
  • Theory and explanation
  • Live WPA-PSK cracking
  • Decrypting WPA-PSK traffic
  • AP-less Attacks

Module III: Attacking Enterprise Networks

Our 3rd session focuses on Enterprise networks – a totally different beast which requires a correspondingly different pentesting approach. We start by learning the differences between enterprise and personal WiFi networks and how enterprise WiFi network security standards (PEAP-GTC/MSCHAPv2, TTLS-PAP/MSCHAPv2) work.

In the second half of the session, you’ll learn how to design and execute honeypot attacks to break into enterprise networks using the latest open-source tools. As usual, you’ll learn both the theoretical and practical and reinforce your learning with 10+ lab exercises.
  • Understanding WPA/WPA2-EAP
  • PEAP
  • GTC
  • MSCHAPv2
  • TTLS
  • PAP
  • MSCHAPv2
  • Honeypot attacks
  • Creating fake networks
  • Evil twin attack
  • Karma attacks
  • Attacking WPA/WPA2-PEAP
  • Theory and explanation
  • PEAP-GTC
  • PEAP-MSCHAPv2
  • Attacking WPA/WPA2-TTLS
  • Theory and explanation
  • TTLS-PAP
  • TTLS-MSCHAPv2

Module IV: Advanced Attacks and WPA3

By this time, you’d have learnt a variety of standard WiFi attacks. The final session will show you more elaborate WiFi attacks – pivoting, which lets an attacker access machines not directly connected to the WiFi network, and advanced PEAP-relay attack on enterprise networks,

As a capstone module, we’ll end the session with a detailed discussion of WPA3 – the newest gold standard of WiFi Security, learn to perform possible attacks and discuss other potential ways to compromise it. You’ll also get to ask any questions about the upcoming exam.
  • PEAP-relay attack
  • WiFi pivoting
  • Introduction to WPA3
  • WPA3-OWE (Opportunistic Wireless Encryption)
  • WPA3-SAE (Simultaneous Authentication of Equals)
  • WPA3-SAE Transition Mode
  • WPA3-Enterprise
  • Proposed attacks on WPA3
Meet the instructor

Nishant Sharma

Nishant Sharma leads R&D at Pentester Academy and Attack Defense. He has 8+ years of experience in the information security field including 6+ years in WiFi security research and development. He has presented research and conducted workshops at Blackhat USA/Asia, DEF CON China, HITB, RootCon, Packet Hacking Village, Wireless Village, IoT village and Demo labs (DEFCON USA).

Nishant’s Twitter handle is also @wifisecguy, which should tell you all you need to know about his research interests.
Nishant Sharma - Instructor

Can't attend this bootcamp? Get informed about future bootcamps!

Thank you!
Thank you!