Certified Wireless Security Expert

Wireless networks are popping up everywhere. It will be the most commonly used technology among computer networks in the near future. They provide a lot of freedom but not without cost: Too many home and corporate wireless networks are left wide open for attack.

This course takes an in-depth look at the security challenges of many different wireless technologies, exposing you to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, you’ll navigate your way through the techniques which are used by the attackers to exploit WiFi networks, including attacks against WEP, WPA/WPA2, PEAP, TTLS, and other systems.

Using assessment and analysis techniques, this course will show you how to identify the threats that expose wireless technology and build on this knowledge to implement defensive techniques that can be used to protect wireless systems.

Duration

Duration

2 hours per day x 30 days

Eligibility

Eligibility

Advanced knowledge of Windows and Linux server

Course Details

  • Kali Linux history and introduction
  • Kali Linux GUI desktops
  • Kali Linux Commands
  • Tar and zips
  • Compiling programs
  • Identifying software packages
  • Installing and removing software
  • User account management
  • Changing a user account password
  • Passwd & Shadow file formats
  • File permissions
  • Directory permissions
  • Octal representation
  • Changing permissions
  • Setting default permissions
  • Internet addressing
  • Network services
  • Commonly available services
  • Fundamental network configuration files
  • Network control scripts

Introduction to wireless networks

  • Wireless transmission standards
  • 11 wireless network types
  • Encryption and authentication standards
  • Wireless network cards in Linux – overview
  • Wireless network interface cards in Linux

 

Wireless security (half) measures

  • MAC address filtering
  • Changing the MAC address of the wireless network card
  • Disabling ESSID broadcast
  • Finding a hidden access point with disabled ESSID broadcast
  • Limiting wireless coverage

Wireless network attacks independent of used encryption

  • Introduction
  • DoS: RF jamming
  • DoS: CSMA/CA jamming
  • The use of deauthentication attack for jamming network traffic
  • DoS: Deauthentication attack
  • Wireless MITM

 

WEP attacks

  • WEP encryption
  • Chopchop
  • The overview and demonstration of the chop-chop attack
  • Keystream reuse
  • Generating packets without knowing the network key
  • Interactive packet replay and ARP request replay
  • The demonstration of the PTW and KoreK attacks
  • Caffe Latte Attack
  • Creating a fake access point – the Caffe Latte attack

WPA attacks

  • WPA
  • The dictionary attack on WPA
  • WPA2
  • Rainbow tables
  • The dictionary attack on WPA – using hash tables
  • Cowpatty attack
  • DoS: Taking advantage of the MIC failure holdoff time

 

Advanced attacks against WPA

  • WKA TKIP attack
  • WPA TKIP broken
  • Beck-Tews attack enhanced
  • Michael Reset attack

Sniffing Concepts

  • Wiretapping
  • Packet Sniffing
  • Sniffing Threats
  • How a Sniffer Works
  • Types of Sniffing Attacks
  • Passive Sniffing
  • Active Sniffing
  • Protocols Vulnerable to Sniffing
  • SPAN Port

 

MAC Attacks

  • MAC Flooding
  • MAC Address/CAM Table
  • How CAM Works
  • What Happens When CAM Table is Full?
  • Mac Flooding Switches with macof
  • MAC Flooding Tools
  • How to Defend against MAC Attacks

 

DHCP Attacks

  • How DHCP Works
  • DHCP Request/Reply Messages
  • IPv4 DHCP Packet Format
  • DHCP Starvation Attack
  • Rogue DHCP Server Attack
  • How to Defend Against DHCP Starvation and Rogue Server Attack

ARP Poisoning

  • What is Address Resolution Protocol (ARP)?
  • ARP Spoofing Techniques
  • ARP Spoofing Attack
  • How Does ARP Spoofing Work
  • Threats of ARP Poisoning
  • ARP Poisoning Tools
  • How to Defend Against ARP Poisoning
  • ARP Spoofing Detection: XArp

 

Spoofing Attack

  • Spoofing Attack Threats
  • MAC Spoofing/Duplicating
  • MAC Spoofing Technique: Windows
  • MAC Spoofing Tool: SMAC
  • IRDP Spoofing
  • How to Defend Against MAC Spoofing

 

DNS Poisoning

  • DNS Poisoning Techniques
  • Intranet DNS Spoofing
  • Proxy Server DNS Poisoning
  • DNS Cache Poisoning
  • How to Defend Against DNS Spoofing

Sniffing Tools

  • Sniffing Tool: Wireshark
  • Follow TCP Stream in Wireshark
  • Display Filters in Wireshark
  • Additional Wireshark Filters
  • Sniffing Tool: Tcpdump/Windump
  • Packet Sniffing Tool: Capsa Network Analyzer
  • Network Packet Analyzer: OmniPeek Network Analyzer
  • Network Packet Analyzer: Observer
  • Network Packet Analyzer: Sniff-O-Matic
  • Network Packet Analyzer: JitBit Network Sniffer
  • Chat Message Sniffer: MSN Sniffer 2
  • TCP/IP Packet Crafter: Colasoft Packet Builder
  • How an Attacker Hacks the Network Using Sniffers

 

Sniffer Detection Technique

  • How to Defend Against Sniffing
  • How to Detect Sniffing
  • Sniffer Detection Technique: Ping Method
  • Sniffer Detection Technique: ARP Method
  • Sniffer Detection Technique: DNS Method
  • Promiscuous Detection Tool: PromqryUI