9 October 2020
In the previous article of this series, “Wireless Pentesting Part 3 – Common Wireless Attacks”, we discussed various scenarios to give you a better grasp of how wireless networks and clients can be attacked. The real possibility of a compromise of your systems is the reason we need to test for vulnerabilities and see if they can be exploited during a wireless pentest. Successful exploitation of wireless vulnerabilities is just the beginning of what a cybercriminal could do or the sensitive information they could access. In this fourth and final part of the series, we are going to discuss how to conduct a wireless network pentest. This article will bring together what has been discussed up to this point. Once you are finished with this series, you should have a better idea on how to conduct wireless pentests and be prepared to do a pentest after some practice in a lab setting.
25 August 2020
In the previous article of this series, “Wireless Pentesting Part 2 – Building a WiFi Hacking Rig”, we discussed building a WiFi hacking rig. We covered the hardware, operating systems, and software requirements for setting up your own wireless pentesting rig. In this third part of the series, we are going to introduce common wireless attacks and the tools you use to perform them which will prepare you for the fourth and final part of the series, where we will take look at how to conduct a wireless pentest.
15 November 2019
In the first article of this series, “Wireless Pentesting Part 1 – An Overview”, we reviewed some penetration testing basics with the PTES and what one can expect to know about a system before starting an engagement. We also covered three general assessment levels and the differences between them. But most importantly in regards to a wireless pentest, we covered why wireless networks assessments should be a stand-alone item yet still be a part of the scope of a wider pentest. Even though you'll learn some effective WiFi hacking tricks, the overall goal is to incorporate them into the job aspects of a professional. In this second part of the series, it’s time to get the right equipment for your tool bag. We are going to discuss the hardware, operating systems, and software requirements for setting up your own wireless pentesting rig. Your mileage may vary, but, based on years of experience and numerous engagements, this is a great WiFi hacking rig to get you started and should cover most needs. As you gain experience, you may find that some tools are better than others while also finding the need to expand beyond this simple setup for more advanced requests from clients.
2 October 2019
As networks and computing systems have become more secure through the evolution of next generation firewalls, intrusion prevention systems (IPS), and endpoint security, attackers have shifted their focus. Web applications, mobile devices and apps, IoT (Internet of Things), wireless networks and the human element via social engineering have become more attractive targets for threat actors. Each of these targets are large enough subjects for books themselves, but in this article series we are going to focus on wireless network attacks. Although there are numerous types of wireless technologies such as Bluetooth, LTE and NFC, this series will cover wireless networks or WLANs (Wireless Local Area Network) using WiFi technology. In this four-part series on wireless pentesting we are going to discuss the following;
- Part 1 – An Overview
- Part 2 – Building a Rig
- Part 3 – Common Wireless Attacks
- Part 4 – Performing an Actual Wireless Pentest
22 July 2019
Typically during penetration tests, scanners are used to detect vulnerabilities. Sometimes security professionals may want to go undetected to test the response of the blue team (aka defensive security) and the security controls of an organization. However, vulnerability scanners are quickly detected due to the amount of network traffic generated by these tools. There are also times that standard, automated scans may miss vulnerabilities. To solve for these issues, manual vulnerability testing is required. Vulnerability scanners should always be used during pentests to ensure that you detect the easy-to-find vulnerabilities quickly and more efficiently, but manual testing should also be done alongside regular scans. Manual vulnerability detection takes more effort and knowledge, but it is a much-needed skill for the advanced pentester. This article will show you how!