On-Demand: WiFi Pentesting Bootcamp

Understand the basics of the WiFi protocol and the various security standards, including WiFi Protected Access 3 (WPA3). Learn the tools to use for recon and attack. Practice in emulated WiFi environments without any hardware requirements.

Recordings of this bootcamp are now available as part of our annual subscription. Subscribe to enjoy:
  • Access to all on-demand bootcamps and relevant labs, including this one
  • 2000+ hands-on labs covering another 130+ subtopics
Write your awesome label here.

What You'll Learn

This on-demand bootcamp will teach you how to pentest personal and enterprise WiFi networks. You will learn the basics of the WiFi protocol, the different security standards, including WiFi Protected Access 3 (WPA3), and their limitations. You will also learn how to use the different recon and attack tools to audit WiFi networks. Along with the instructor sessions, the cloud-based labs will allow you to practice these techniques without the need for your own WiFi hardware.

How? Usually, WiFi pentesting requires hardware labs but our unique “WiFi in the cloud” setup allows students to practice real-world attacks without requiring any local hardware. We do this by simulating multiple software-based WiFi devices which can act as either AP or Client.
  • 11+ Hours of Live Session Recordings

  • Over 25 Lab Exercises

Subscribe to access bootcamp recordings and more!

  • Bootcamp recordings for select topics, accessible anytime

Follow along with instructors as they walk you through both theory and practice! With bootcamp recordings at your fingertips, master in-demand topics at your own pace, without time zone concerns. Take your time to go through our massive content library – you'll need it!
  • Access 135+ topics

Expand your horizons beyond bootcamps with 2000+ hands-on labs and 1500+ video courses! Our annual subscription grants you access to a massive content library – perfect for self-paced learning on an ongoing basis. View our entire list of topics here.
  • Browser-based platform; no VPN needed 

Learning with us is simple. Our labs are completely browser-based and include access to a Terminal/GUI-based Kali, Ubuntu or other operating systems, with the necessary tools and scripts pre-installed. All you need is an internet connection to get started!
  • Real-world scenarios

Our lab scenarios are based on real-world circumstances as much as possible. With realistic scenarios, students are prepared for actual pentesting and Red Team engagements.
  • Earn verifiable badges

Complete challenges to earn badges. Verified by Accredible, badges declare your skill in specific topics and are easily shared on social media to help your profile stand out!

Accessible via our AttackDefense lab platform

Upon logging in to the AttackDefense lab platform, annual subscribers will be able to access recordings of all our on-demand bootcamps and associated labs.

Who is this bootcamp for?

1. Anyone wanting to enter the industry as a network pentester
2. WiFi security enthusiasts and beginners
3. Suitable for beginners – all you need is a laptop and basic working knowledge of Linux.


1. A basic knowledge of computers and networking
2. Familiarity with the Linux operating system

Course reviews

Nishant starts from the basics. My skill level was 0 out of 10 at the beginning, but now I rate myself 9 out of 10… and I’m certified PAWSP! Another great thing about this bootcamp is that you need nothing on your own computer – you don't have to worry about your VM and which version of Kali you have, and you don’t have to invest time and money to build your own lab to test your WiFi skills.
Charles Faes
Network and Security Engineer, Belgium
WiFi Pentesting Batch 1

Bootcamp Syllabus

Module I: Protocol Basics, Traffic Sniffing, and Recon

Before we start pentesting, we need to first understand how WiFi networks operate. Our first lesson therefore starts with WiFi basics – the different protocols and how data is transmitted.

Towards the second half of the session, we’ll move on to recon – the first phase of WiFi pentesting. You’ll learn how to sniff traffic using tcpdump/tshark/airodump-ng, scan the air to locate WiFi devices and understand their relationships. These concepts will be demonstrated in 5 hands-on lab exercises based on real-world pentesting assignments.
  • WiFi standard basics
  • Bands
  • Channels
  • SSID
  • Frame structure and header
  • Transmission basics
  • Basic commands to interact with WiFi interface
  • Traffic sniffing
  • WiFi traffic sniffing
  • Monitor mode
  • Remote sniffing
  • Capturing and storing traffic
  • Discovering wireless networks and clients
  • Analyzing WiFi traffic (header/packet analysis)

Module II: Attacking Personal Networks

In this session, we run through the security standards personal WiFi networks use WEP, WPA/WPA2-PSK – and how their inherent shortcomings can be exploited.

Each security standard comes with 2 hands-on labs, where you will learn different attacks and pentesting tools, including breaking WEP, 4-way handshake cracking, deauth attack and AP-less attacks. At the end of the session, we’ll show you how to protect yourself (or your client) against such attacks.
  • Introduction to WiFi security schemes
  • WEP
  • WEP-40
  • WEP-104
  • Encryption-based
  • WPA (TKIP)
  • WPA2 (CCMP)
  • Management modes
  • Personal Network (PSK)
  • Enterprise network (EAP or MGT)
  • Observing the difference in packets
  • Lab 3 mentioned in module I
  • Cracking WEP
  • Theory and explanation
  • Live WEP cracking
  • Decrypting WEP traffic
  • Cracking WPA/WPA2-PSK
  • Theory and explanation
  • Live WPA-PSK cracking
  • Decrypting WPA-PSK traffic
  • AP-less Attacks

Module III: Attacking Enterprise Networks

Our 3rd session focuses on Enterprise networks – a totally different beast which requires a correspondingly different pentesting approach. We start by learning the differences between enterprise and personal WiFi networks and how enterprise WiFi network security standards (PEAP-GTC/MSCHAPv2, TTLS-PAP/MSCHAPv2) work.

In the second half of the session, you’ll learn how to design and execute honeypot attacks to break into enterprise networks using the latest open-source tools. As usual, you’ll learn both the theoretical and practical and reinforce your learning with 10+ lab exercises.
  • Understanding WPA/WPA2-EAP
  • PEAP
  • GTC
  • MSCHAPv2
  • TTLS
  • PAP
  • MSCHAPv2
  • Honeypot attacks
  • Creating fake networks
  • Evil twin attack
  • Karma attacks
  • Attacking WPA/WPA2-PEAP
  • Theory and explanation
  • Attacking WPA/WPA2-TTLS
  • Theory and explanation

Module IV: Advanced Attacks and WPA3

By this time, you’d have learnt a variety of standard WiFi attacks. The final session will show you more elaborate WiFi attacks – pivoting, which lets an attacker access machines not directly connected to the WiFi network, and advanced PEAP-relay attack on enterprise networks,

As a capstone module, we’ll end the session with a detailed discussion of WPA3 – the newest gold standard of WiFi Security, learn to perform possible attacks and discuss other potential ways to compromise it. You’ll also get to ask any questions about the upcoming exam.
  • PEAP-relay attack
  • WiFi pivoting
  • Introduction to WPA3
  • WPA3-OWE (Opportunistic Wireless Encryption)
  • WPA3-SAE (Simultaneous Authentication of Equals)
  • WPA3-SAE Transition Mode
  • WPA3-Enterprise
  • Proposed attacks on WPA3
Meet the instructor

Nishant Sharma

Nishant Sharma leads R&D at Pentester Academy and Attack Defense. He has 8+ years of experience in the information security field including 6+ years in WiFi security research and development. He has presented research and conducted workshops at Blackhat USA/Asia, DEF CON China, HITB, RootCon, Packet Hacking Village, Wireless Village, IoT village and Demo labs (DEFCON USA).

Nishant’s Twitter handle is also @wifisecguy, which should tell you all you need to know about his research interests.
Nishant Sharma - Instructor

Get informed about future bootcamps!

Thank you!
Thank you!
Created with