Wireless Network Penetration Testing Advanced Techniques

Performing tests from the point of view of a skilled attacker is essential to ensure that the wireless networks in your company are secure. This course will teach you advanced techniques with a focus on red teaming attacks.
Course info
Level
Intermediate
Updated
Aug 1, 2017
Duration
1h 23m
Table of contents
Description
Course info
Level
Intermediate
Updated
Aug 1, 2017
Duration
1h 23m
Description

As attackers shift their techniques to attack not only technology but people, it is imperative that you are as vigilant as ever. In this course, Wireless Network Penetration Testing Advanced Techniques, you'll focus on red teaming attacks so that you can identify the weaknesses in your own wireless networks and stop a potential compromise from ever occurring. First, you'll delve into rogue access points and fake captive portals. Next, you'll learn about man-in-the-middle attacks, which can intercept and modify data in transit. Lastly, you'll explore denial-of-service techniques that attackers use to distract incident response teams. By the end of this course, you'll be able to perform a wireless penetration test using advanced techniques, targeting not only technologies, but also people.

About the author
About the author

"Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 10+ years of IT experience, 6 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

More from the author
Planning, Deploying, and Maintaining QRadar
Intermediate
2h 50m
Sep 20, 2018
SIEM Administration with QRadar
Intermediate
3h 10m
May 29, 2018
More courses by Ricardo Reimao
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Ricardo, and welcome to my course, Wireless Network Penetration Testing Advanced Techniques. I am a cyber security consultant, and I'll be showing you some advanced techniques that will step up your wireless penetration testing skills. You may be familiar with the regular wireless penetration testing, where you find insecure protocols, and try to get the passwords. But what if I tell you that you can test not only the technology, but also people? Think about that. Hackers would not spend 30 days trying to break a secure WPA2 password if they can simply lure users to connect to a rogue access point. And that's what differentiates a basic wireless penetration testing to an advanced one. In this course, we are going to cover not only the technical attacks, but also social engineering techniques so you'll be able to perform a penetration test exactly as a malicious attacker would do. This is a very hands on course, if you do demos and attack techniques, then you can refer to this in your own test environment. The course is divided into five modules. In the first one, we will be discussing the difference between normal penetration testing, and advanced penetration testing, which is also known as a red team penetration test. In the second module, we will discuss how to prepare for the tests, and this is what differentiates a script kiddie to a professional pen tester. Remember, being prepared is being professional. The third and fourth modules have a lot of demos, they cover several advanced wireless penetration techniques, such as decrypting WEP and WPA packet captures, creating rogue access points, creating fake captive portals, denial of service attacks, and much more. And in the last module, we will be discussing some pen test best practices, and the main techniques attackers use to cover their traces. By the end of this course, you'll be able to perform wireless penetration testing using advanced techniques, targeting not only the technology, but also people. Remember, the idea of this course is performing an attack exactly as a malicious attacker will do. As this course is an advanced course, before getting started you should be familiar with the Linux operational system, and a basic understanding of wireless networks and wireless vulnerabilities. Also, this course is a continuation of the course, Wireless Networks Penetration Testing, here from Pluralsight, so if you haven't watched it, I do recommend you checking it out. So I hope you join me on this journey to learn advanced techniques of wireless penetration testing, here at Pluralsight.

Preparing for the Tests
Being prepared before starting any test we'll be put in a huge advantage. Knowing your targets will help you to plan the attacks, increasing your chance of success. Having a plan before starting any exploitation is what differentiates a mature pen tester from a professional pen tester. Information gathering and creating an attack strategy are keys to the success of a red teaming exercise. Remember, we are trying to exploit not only the technologies, but also the people that work in the company, so we need to understand both protocols, and also employees. In this module, we'll be covering the preparations for our tests. In the first section, we will learn about the pre-engagement phase, where we define the scope, define the attacks, and understand the targets. In the second section of this module, we will dive into the preparation for the test, including mapping of the targets, and necessary gear for the tests, such as network cards, and antennas.

Advanced Penetration Testing Techniques – Non-disruptive Attacks
In this module will you be learning the non-disruptive attacks of this course. By non-disruptive, I mean attacks that do not effect users that are already connected to your company network. The test may lure users to connect to different networks, but it will not cause denial of cause denial of services in existing wireless connections. The attacks covered in this module are the eavesdropping, which is listening to the traffic and trying to capture sensitive information, such as passwords or cookies, rogue access points, or also known as a fake Wi-Fi which you will try to lure users to connect to, and fake captive portals, in which we will try to lure users to type their passwords.