Module 16: Hacking Wireless Networks Learn about wireless encryption, wireless hacking methodologies and tools, and Wi-Fi security tools Ha...

Module16 Hacking Wireless Networks

Thursday, February 29, 2024 0 Comments

 Module 16: Hacking Wireless Networks

Learn about wireless encryption, wireless hacking methodologies and tools,

and Wi-Fi security tools Hands-On Lab Exercises: Over 3 hands-o n exercises

with real-life simulated targets to build skills on how to:

> Foot Print a wireless network

> Perform wireless traffic analysis

> Crack WEP, WPA, and WPA2 networks

> Create a rogue access point to capture data packets

Key topics covered:

> Wireless Terminology

> Wireless Networks

> Wireless Encryption

> Wireless Threats

> Wireless Hacking Methodology

> Wi-Fi Encryption Cracking

> WEP/WPA/WPA2 Cracking Tools

> Bluetooth Hacking

> Bluetooth Threats

> Wi-Fi Security Auditing Tools

> Bluetooth Security Tools

Section 01: Wireless Concepts


Wireless communication (or just wireless, when the context allows) is the transfer of information between two or more points without the use of an electrical conductor, optical fiber or other continuous guided medium for the transfer.


In computing, bandwidth is the maximum rate of data transfer across a given path. Bandwidth may be characterized as network bandwidth, data bandwidth, or digital bandwidth.

Wireless access point (WAP)

In computer networking, a wireless access point (WAP), or more generally just access point (AP), is a networking hardware device that allows other Wi-Fi devices to connect to a wired network. As a standalone device, the AP may have a wired connection to a router, but, in a wireless router, it can also be an integral component of the router itself.

IEEE 802.11

IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication.

Service set identifier (SSID)

In IEEE 802.11 wireless local area networking standards (including Wi-Fi), a service set is a group of wireless network devices which share a service set identifier (SSID)—typically the natural language label that users see as a network name.


EEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.


Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Section 02: Wireless Encryption

Wired equivalent privacy

Wired Equivalent Privacy (WEP) was a security algorithm for 802.11 wireless networks. Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network

Extensible authentication protocol (EAP)

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections.

Wi-fi protected access (WPA)

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security and security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

Advanced encryption standard (AES)

The Advanced Encryption Standard (AES), also known by its original name Rijndael (Dutch pronunciation: [ˈrɛindaːl]),[5] is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

Section 03: Wireless Threats


Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.

Rogue access point

A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator,[1] whether added by a well-meaning employee or by a malicious attacker.

MAC spoofing

MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. The MAC address that is hard-coded on a network interface controller (NIC) cannot be changed. However, many drivers allow the MAC address to be changed.


Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information.

Evil twin

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam.


A masquerade attack is an online attack in which the attacker masquerades as a legitimate user to gain access to a device.

Disassociation attack

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

Key reinstallation attack (KRACK)

KRACK ("Key Reinstallation Attack") is a replay attack (a type of exploitable flaw) on the Wi-Fi Protected Access protocol that secures Wi-Fi connections.


Radio jamming is the deliberate jamming, blocking or interference with wireless communications. In some cases, jammers work by the transmission of radio signals that disrupt communications by decreasing the signal-to-noise ratio.