Advanced WiFi Penetration Test

by Chai Kunzhe & Yang Yunfei, Qihoo 360

We will take an in-depth look at the security challenges of wireless technologies, exposing you to wireless security threats through the eyes of an attacker. Knowing how to attack will help us to establish the appropriate protection strategy. 
 
This workshop will instruct attendees on how to carry out wireless pentest against personal and enterprise network. You will learn how to gain access to WPA2 personal and enterprise network, bypass captive portals, and build a phishing WiFi network. You will experience why it is so easy to attack enterprise over the WiFi network. 
 
In addition, we will introduce researches done by Qihoo 360 PegasusTeam in the last few years. These will include a wireless threat perception system, an anti-drone system, a portable WiFi attack and defence platform, and GhostTunnel — a wireless backdoor way using out-of-band data transmission. 
 
Outline
  • WiFi Security Basics
    • History
    • Protocol
    • Security Events
  • Basic Wireless Attacks
    • Cracking WEP, WPA/WPA2 Personal
    • Cracking the WPS PIN
    • Bypassing Authentication — Captive Portal, MAC Filtering 
    • Getting Passwords from WiFi Password Sharing APP
  • Advanced Wireless Attacks against Enterprise Network
    • Using Evil Twin Attacks to Attack WPA2-PEAP Network
    • Gaining Entry by Attacking Employees' Self-built WiFi Network
    • WiFi Phishing with Captive Portal
  • PegasusTeam's Wireless Security Researches
    • A Wireless Threat Perception System
    • An Anti-Drone System Based on 802.11
    • A Portable WiFi Attack & Defence Platform
    • GhostTunnel — A Wireless Backdoor Way Using Out-of-Band Data Transmission 
 
Student Requirements 
Previous wireless security background is helpful but not required.
 
What to Bring
  • Attendees will be required to bring their own laptops with Kali Linux (or running in virtualisation software such as VMware or VirtualBox)
  • A TP-Link WN722N V1 external wireless interface per student

Infosec in the City. Copyright © 2017-2019
IIC Productions (Pte. Ltd.). All rights reserved.

  • @infoseccity
  • @infosec_city

Contact Us  |  Join Our Mailing List   |  Follow Us :