Wireless Ethical Hacking | Penetration Testing Crash Course

Why should you choose TONEX for your Wireless Ethical Hacking, Penetration Testing Training?

Wireless Ethical Hacking training course by TONEX provides an in-depth, hands-on comprehensive information on wireless security and Penetration, Testing, and Defenses on wireless systems. Learn Penetration Testing using Kali Linux, security flagship ethical hacking tools and methods, designed and written by the Kali Linux developers. Wireless Ethical Hacking intensive labs give you in-depth knowledge and practical experience with the wireless security systems including WiFi ethical hacking including: 802.11n , 802.11ac/ad, 802.11ax , Bluetooth, Bluetooth LE, Zigbee, GSM/CDMA hacking, UMTS 3G, LTE 4G, and 5G wireless ethical hacking and more. You will learn how intruders escalate privileges and what steps can be taken to secure a wireless system. Attendees will also learn about Penetration Testing and Countermeasures, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. Laptop Required: Throughout the course, students will participate in hands-on exercises after booting into a live Linux environment based on the Kali distribution. A bootable CD will be distributed in the class for all students.

 Course Agenda

Introduction and Overview

• Overview of Wireless Systems
• Overview of GSM, GPRS/EDGE, UMTS, HSPA/HSPA+, CDMA/CDMA2000,, WiMAX, WiFi, 802.1, Bluetooth/BLE, ZigBee, 802.15.4, 6LowPAN,  LTE, LTE-Advanced, LTE-Advanced Pro, and 5G
• Overview of TCP/IP
• Overview of Network and Computer Architecture and Security Attacks
• Ethical Hacking and Penetration Testing
• Footprinting and Reconnaissance
• TCP/IP Basics and Scanning
• Sniffers and Session Hijacking
• Intrusion Detection Systems
• Firewalls
• Ethics and Legal Issues
• Wireless Security Principles
• Wireless LAN and MAN Standards and Architecture
• Radio Frequency (RF) and Physical Layer Transmission Technology
• IEEE 802.xx MAC Layer
• Understanding the Wireless Threat
• Overview of Linux
• Linux Commands
• Kali Linux Tools, Techniques and Implementation
• Kali Linux NetHunter for Nexus and OnePlus
• Wireshark

Labs

• Lab 1: Using basic TCP/IP Tools and Utilities: whois, ipconfig, ping, traceroute, Port Scanning, Sniffing
• Lab 2: Setting the WLAN card operating modes, sniffing in monitor mode
• Tools: Kali Linux, Wireshark

 Wireless Security Applied to 802.xx

• WiFi, Bluetooth/Zigbee and WiMAX Security Principles
• Common Capabilities of the IEEE 802.xx MAC
• Understanding the architecture and operating of ad-hoc and infrastructure networks
• Understanding the operation and behavior of IEEE 802.1X authentication
• Packet framing on wireless networks
• Understanding the 802.11 header format and fields
• 802.11 address field ordering and behavior
• 802.11 management, control and data frames
• 802.11 management action frames
• Rogue Network Threats
• Defining and understanding rogue networks
• Techniques for identifying rogue devices
• Overview of WEP, WPA/WPA2, 802.11i
• Assessing WEP Networks
• IV transmission
• Eavesdropping
• Spoofing
• Sniffing
• WLAN Denial of Service (DoD)
• WLAN Man-in-the-Middle Attacks
• War Driving
• Wireless Security Best Practices

Labs:

• Sniffing MAC Layer
• Locating rogue devices through RSSI signal analysis, triangulation
• Cheating at rogue detection using CDP and MAC address variations
• Identifying rogue AP’s with Nessus, using RSSI characteristics to locate device

 Assessing WPA-PSK and WPA/WPA2 Networks

• TKIP hash weaknesses and countermeasures, Tool: WPA Hand Grenade
• Attacking the passphrase selection of WPA/WPA2-PSK networks
• Denial of Service (DoS) Attacks on Wireless Networks
• IEEE 802.11 MAC attacks, authentication and association floods, deauthenticate and disassociation floods, Beacon DS Set DoS, Invalid Authentication flood, power-management attacks
• 802.11 medium management techniques, hidden node problem, RTS/CTS medium management, medium reservation attacks, RTS/CTS co-opting
• Client attacks including rogue AP DoS, NULL SSID DoS, 802.1X authentication flood

 Wireless Hacking Applied

• Wireless Hotspot Networks
• Labs: Service theft, passive and active session hijacking, Spoofed provider access, direct client attacks
• Hotspot injection attacks, manipulating unencrypted network transmissions
• Wireless Client Exposures and Vulnerabilities
• Publicly Secure Packet Forwarding (PSPF), understanding PSPF filtering, defeating PSPF
• Attacking the Preferred Network List (PNL), Lab: Hotspotter for network redirection, IEEE 802.11 protocol fuzzing, understanding the format of the SSID information element as an example and how an attacker would exploit it, impact of driver bugs, Client fingerprinting techniques
• Techniques for protecting client systems

GERAN, CDMA2000, UMTS, HSPA/HSPA+, WiMAX, LTE, LTE-Advanced. mmWave and 5G Security Attacks

• GSM Family (GERAN, HSPA/HSPA+, LTE, LTE-Advanced, Lte-Advanced Pro, mmWave and 5G) of Network Wireless Attacks
• CDMA Family of Network Wireless Attacks
• WarViewing and exploiting wireless video transmitters, Tool: Mobile WarSpy
• Introduction to next-generation wireless attacks using software defined radio (SDR) and the Universal Software Radio Peripheral (USRP); Tool: USRP and GNURadio
• Introduction to cellular protocols and GSM networks, demodulating GSM traffic, GSM reference sources and data capture and analysis, risks with GSM use, Wireshark and GSM sniffing, exploiting weaknesses in GSM encryption
• Zigbee and Bluetooth/BLE Security Threats
• Exploiting range in Bluetooth networks, Bluetooth attacks including rogue AP s, Bluesnarfing, Blueline, wireless works
• Sniffing Bluetooth networks, hacker techniques for building Bluetooth sniffers
• Exploiting Bluetooth non-discoverable mode, discovering non-discoverable devices;
• Exploiting Bluetooth profile vulnerabilities, audio recording attacks, exploiting Bluetooth headsets, Bluetooth device impersonation attacks;

Bluetooth, BLE, ZigBee, 802.15.4, 6LowPAN,  Thread, Z-wave and IPv6 Security Attacks

• 802.15.1/802.15.4 Wireless Attacks
• Bluetooth and BLE Network Wireless Attacks
• ZIgBee Network Wireless Attacks
• 6LowPAN Network Wireless Attacks
• IPv6 Network Wireless Attacks

Wireless Security Implementation Strategies

• Wireless Security Strategies and Policies
• Establish Wireless LAN Security Policies and Practices
• Design for Wireless Security
• Analyze Protocols
• Restrict AP Connections
• Protect Wireless Devices
• Introduction to IDS/IPS
• Configuring and Securing Wireless Systems
• Managing certificate trust policies