top of page

[MWH] Modern Wi-Fi Hacking

By Michael Kruger

3 Days

This training course has been delivered successfully at BlackHat (USA) in the past is schedules to be delivered again this year. It will also be delivered at DEFCON and other major conferences this year.

EarlyBird - $2750 (+ GST)

General - $3000 (+ GST)

Late - $3300 (+ GST)

GST is 10% in Australia
Course Abstract:

Wireless networks are the backbone of our day-to-day life. We all rely on them to provide us access but rarely ever think about the access we could achieve through compromising them.
Learning about modern Wi-Fi hacking can be a
pain. Several new advances in Wi-Fi security have been released, along with some new attacks. But public literature still has lots of outdated material for technologies we rarely see deployed in the real world anymore. Numerous tools overly rely on automation, and leave you wondering when they don't work, because neither the fundamentals nor the underlying attacks are understood. Even worse, some popular attacks will rarely work in the real world.
Our course will change that and expose you to the fundamentals and the techniques used to approach and attack wireless networks to achieve real world compromise and overcome complexities.


Course Syllabus:
This course is:
* 60% practical and 40% theoretical
* Immersive practicals with a wide spread of coverage
* Delivered by active penetration testers
Key Modules:
Module 1 – Introduction
* How & Why
* When and why to use Wi-Fi attacks
* Physical & Low Level
* Understanding spectrum, signals and propagation
* Peculiarities of crowded Wi-Fi spectrum & resulting behaviour in Tx & Rx
* Understanding hardware - cards, antennas. Practical recommendations
* Specifics of Wi-Fi signalling
Module 2 – Monitor Mode
* How it works. What you get. Why it isn't promiscuous.
* Prism/Radiotap headers & how driver implementations differ.
Module 3 - Probing, Tracking & Deanonymisation
* Management frames - beacons & probes
* Device probe'ing behaviour
Module 4 - WPA/2/3 PSK
* What it is
* IEEE & WEP history
* 4-way handshake crypto
* Handshakes
* Capturing, deauthing
* Broken handshake debugging
* PMKID attacks
* WPS attacks
* Advanced attacks
* Approaches and methodologies for the real world
* WPA3
* The Dragonfly handshake
* Other WPA3 improvements/defences
* Opportunistic Wireless Encryption (OWE) overview
Module 5 - EAP
* What it is
* Generic EAP flow
* Specific EAP types and how they work
* Deep inside the second tunnel
* CVE-2019-6203
* EAP-GTC downgrade attack (LootyBooty)
Module 6 - EAP-TLS
* What it is
* Understanding/breaking cert validation
Module 7 - Tunnelled EAP Relays
* What it is
* How to abuse it

Michael Kruger

Michael is a security analyst at SensePost and previously completed an honours degree in Computer Science at Rhodes University. He spends most of his time procrastinating writing reports, and in between manages to persist at Wi-Fi hacks others told him would never work. 

SensePost is an elite ethical hacking team of Orange Cyberdefense that has been training worldwide since 2002. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. The trainers you will meet are working penetration testers, responsible for numerous tools, talks and 0day releases. This provides you with real experiences from the field along with actual practitioners who will be able to support you in a wide range of real-world security discussions. We have years of experience building environments and labs tailored for learning, after all education is at the core of SensePost and Orange Cyberdefense.

bottom of page