We will take an in-depth look at the security challenges of wireless technologies, exposing you to wireless security threats through the eyes of an attacker. Knowing how to attack will help us to establish the appropriate protection strategy.
This workshop will instruct attendees on how to carry out wireless pentest against personal and enterprise network. You will learn how to gain access to WPA2 personal and enterprise network, bypass captive portals, and build a phishing WiFi network. You will experience why it is so easy to attack enterprise over the WiFi network.
In addition, we will introduce researches done by Qihoo 360 PegasusTeam in the last few years. These will include a wireless threat perception system, an anti-drone system, a portable WiFi attack and defence platform, and GhostTunnel — a wireless backdoor way using out-of-band data transmission.
WiFi Security Basics
Basic Wireless Attacks
Cracking WEP, WPA/WPA2 Personal
Cracking the WPS PIN
Bypassing Authentication — Captive Portal, MAC Filtering
Getting Passwords from WiFi Password Sharing APP
Advanced Wireless Attacks against Enterprise Network
Using Evil Twin Attacks to Attack WPA2-PEAP Network
Gaining Entry by Attacking Employees' Self-built WiFi Network
WiFi Phishing with Captive Portal
PegasusTeam's Wireless Security Researches
A Wireless Threat Perception System
An Anti-Drone System Based on 802.11
A Portable WiFi Attack & Defence Platform
GhostTunnel — A Wireless Backdoor Way Using Out-of-Band Data Transmission
Previous wireless security background is helpful but not required.
What to Bring
Attendees will be required to bring their own laptops with Kali Linux (or running in virtualisation software such as VMware or VirtualBox)
A TP-Link WN722N V1 external wireless interface per student