Red-Team RF Attacks Workshop by Tonex
Modern enterprises depend on wireless systems that quietly move data, unlock doors, track assets, and control operations. This workshop brings those hidden surfaces into the light, showing how real attackers discover, profile, and exploit radio-frequency attack paths. You will learn practical, standards-aware techniques to map RF environments, decode protocols, craft payloads, and demonstrate impact with professional discipline. Cybersecurity teams gain a rare, hands-on red-team mindset for wireless. You will connect RF exploitation to tangible business risk, strengthen threat modeling, and translate findings into defensible controls that uplift overall cybersecurity posture across IT, OT, and IoT estates.
Learning Objectives
- Understand the RF attack surface across IT, OT, and IoT environments
- Identify, capture, and analyze wireless signals using professional workflows
- Reverse engineer common device protocols and frame structures
- Craft and transmit test payloads responsibly for red-team assessments
- Map findings to risk, controls, and reporting for stakeholders
- Improve incident readiness by aligning detections to RF TTPs
- Strengthen enterprise cybersecurity through validated RF threat coverage
Audience
- Red teamers and penetration testers
- RF and wireless security engineers
- SOC analysts and threat hunters
- OT and industrial security practitioners
- Security architects and risk managers
- Cybersecurity Professionals
Course Modules
Module 1 – RF Threat Landscape
- RF spectrum fundamentals for security
- Wireless standards and allocations
- Adversary goals and constraints
- RF kill chain and TTP mapping
- Legal and ethical boundaries
- Safety, scope, and communications
Module 2 – Signal Discovery & Capture
- Antennas, front ends, filtering
- SDR platforms and toolchains
- Scanning, sweeping, and logging
- Gain, dynamic range, and noise
- IQ recording and metadata hygiene
- Artifact management and baselining
Module 3 – Protocol Analysis & Reverse Engineering
- Framing, modulation, symbol timing
- Preambles, pilots, and sync words
- Error control, whitening, interleaving
- Feature extraction and clustering
- Deinterleaving and descrambling steps
- Building parsers for custom stacks
Module 4 – Payload Crafting & Injection
- Replays versus true forgeries
- PHY and MAC layer constraints
- Timing, jitter, and channel reuse
- Building test packets and frames
- Validation with round-trip checks
- Safety gates and rollback plans
Module 5 – Targeted RF Attack Scenarios
- Sub-GHz ISM devices and remotes
- BLE beacons and GATT services
- Wi-Fi management and data frames
- NFC and contactless ecosystems
- GNSS spoofing risk discussion
- IoT mesh and proprietary links
Module 6 – Reporting, Controls & Detection
- Finding severity and business impact
- Mapping to controls and standards
- Telemetry for RF threat detection
- Compensating controls and hardening
- Executive reporting and narratives
- Purple-team follow-through actions
Elevate your team’s ability to see and stop wireless adversaries. Enroll your engineers in the Red-Team RF Attacks Workshop by Tonex to turn invisible RF risk into measurable, managed cybersecurity strength.