15 November 2019
In the first article of this series, “Wireless Pentesting Part 1 – An Overview”, we reviewed some penetration testing basics with the PTES and what one can expect to know about a system before starting an engagement. We also covered three general assessment levels and the differences between them. But most importantly in regards to a wireless pentest, we covered why wireless networks assessments should be a stand-alone item yet still be a part of the scope of a wider pentest. Even though you'll learn some effective WiFi hacking tricks, the overall goal is to incorporate them into the job aspects of a professional. In this second part of the series, it’s time to get the right equipment for your tool bag. We are going to discuss the hardware, operating systems, and software requirements for setting up your own wireless pentesting rig. Your mileage may vary, but, based on years of experience and numerous engagements, this is a great WiFi hacking rig to get you started and should cover most needs. As you gain experience, you may find that some tools are better than others while also finding the need to expand beyond this simple setup for more advanced requests from clients.
2 October 2019
As networks and computing systems have become more secure through the evolution of next generation firewalls, intrusion prevention systems (IPS), and endpoint security, attackers have shifted their focus. Web applications, mobile devices and apps, IoT (Internet of Things), wireless networks and the human element via social engineering have become more attractive targets for threat actors. Each of these targets are large enough subjects for books themselves, but in this article series we are going to focus on wireless network attacks. Although there are numerous types of wireless technologies such as Bluetooth, LTE and NFC, this series will cover wireless networks or WLANs (Wireless Local Area Network) using WiFi technology. In this four-part series on wireless pentesting we are going to discuss the following;
- Part 1 – An Overview
- Part 2 – Building a Rig
- Part 3 – Common Wireless Attacks
- Part 4 – Performing an Actual Wireless Pentest
22 July 2019
Typically during penetration tests, scanners are used to detect vulnerabilities. Sometimes security professionals may want to go undetected to test the response of the blue team (aka defensive security) and the security controls of an organization. However, vulnerability scanners are quickly detected due to the amount of network traffic generated by these tools. There are also times that standard, automated scans may miss vulnerabilities. To solve for these issues, manual vulnerability testing is required. Vulnerability scanners should always be used during pentests to ensure that you detect the easy-to-find vulnerabilities quickly and more efficiently, but manual testing should also be done alongside regular scans. Manual vulnerability detection takes more effort and knowledge, but it is a much-needed skill for the advanced pentester. This article will show you how!