WORKSHOP - Advanced Wi-Fi Security Penetration Testing presented at BlackhatUSA 2011

by Vivek Ramachandran,

Summary : This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Backdoors and solving some live CTF style challenges together!
A non-exhaustive list of topics to be covered include:
WLAN Protocol Basics using Wireshark
Bypassing WLAN Authentication - Shared Key, MAC Filtering, Hidden SSIDs
Cracking WLAN Encryption - WEP, WPA/WPA2 Personal and Enterprise, Understanding encryption based flaws (WEP,TKIP,CCMP)
Attacking the WLAN Infrastructure - Rogues Devices, Evil Twins, DoS Attacks, MITM
Advanced Enterprise Attacks - 802.1x, EAP, LEAP, PEAP, IPSec over WLAN
Attacking the Wireless Client - Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc Networks and Viral SSIDs, WiFishing
Breaking into the Client - Metasploit, SET, Social Engineering
Enterprise Wi-Fi Worms, Backdoors and Botnets
Wireshark as a Wireless Forensics Tool
Programming and Scripting Wireless packet sniffers and Injectors for fun and profit
To participate attendees need to get a laptop with Wireshark and the Aircrack suite of tools installed (Backtrack would be recommended).