Wednesday, June 26, 2013


Chapter 1: Wireless Lab Setup

Hardware requirements
Software requirements
Installing BackTrack
Time for action – installing BackTrack
Setting up the access point
Time for action – configuring the access point
Setting up the wireless card
Time for action – configuring your wireless card
Connecting to the access point
Time for action – configuring your wireless card

Chapter 2: WLAN and Its Inherent

Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
Time for action – sniffing wireless packets
Time for action – viewing Management,
Control, and Data frames
Time for action – sniffing data packets for our network
Time for action – packet injection
Important note on WLAN sniffing and injection
Time for action – experimenting with your Alfa card
Role of regulatory domains in wireless
Time for action – experimenting with your Alfa card

Chapter 3: Bypassing WLAN

Authentication
Hidden SSIDs
Time for action – uncovering hidden
SSIDs
MAC filters
Time for action – beating MAC filters
Open Authentication
Time for action – bypassing Open
Authentication
Shared Key Authentication
Time for action – bypassing Shared
Authentication

Chapter 4: WLAN Encryption

Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrase
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
Decrypting WEP and WPA packets
Time for action – decrypting WEP and
WPA packets
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
Time for action – connecting to a WPA network

Chapter 5: Attacks on the WLAN

Infrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
Denial of service attacks
Time for action – De-Authentication DoS attack
Evil twin and access point MAC spoofing
Time for action – evil twin with MAC spoofing
Rogue access point
Time for action – Rogue access point

Chapter 6: Attacking the Client

Honeypot and Mis-Association attacks
Time for action – orchestrating a Mis-
Association attack
Caffe Latte attack
Time for action – conducting the Caffe
Latte attack
De-Authentication and Dis-Association attacks
Time for action – De-Authenticating the client
Hirte attack
Time for action – cracking WEP with the
Hirte attack
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
Summary

Chapter 7: Advanced WLAN

Attacks
Man-in-the-Middle attack
Time for action – Man-in-the-Middle attack
Wireless Eavesdropping using MITM
Time for action – wireless eavesdropping
Session Hijacking over wireless
Time for action – session hijacking over wireless
Finding security configurations on the client
Time for action – enumerating wireless security profiles
Summary

Chapter 8: Attacking WPA-Enterprise and RADIUS

Setting up FreeRadius-WPE
Time for action – setting up the AP with
FreeRadius-WPE
Attacking PEAP
Time for action – cracking PEAP
Attacking EAP-TTLS
Time for action – cracking EAP-TTLS
Security best practices for Enterprises
Summary

Chapter 9: WLAN Penetration

Testing Methodology
Wireless penetration testing
Planning
Discovery
Time for action – discovering wireless devices
Attack
Finding rogue access points
Finding unauthorized clients
Cracking the encryption
Compromising clients
Reporting
Summary

DOWNLOAD LINK:

0 comments :

Post a Comment