The growing Internet of Things is bringing more connected devices to consumers every day. These devices, like smart thermostats and smart speakers, are designed to make life easier. This creates new security concerns, since hackers no longer need physical connection to the networks linking the devices, but only need to be in their proximity, to send malicious data to exploit some vulnerability. Wi-Fi technology has big impacts on security, both in terms of perimeter security and client security. In this course we will discuss the security and privacy issues in today’s wireless network including WPA and WPA2 and also fuzz the scanning, authentication and association process of several IoT devices and non-IoT devices.


Who is this course for?

Security professionals and IoT Enthusiasts are welcome to take this course.

Why take it NOW?

There are roughly 8 billion devices connected to the internet as of now and by early 2020, it’s estimated that there were 25 to 35 billion IoT devices worldwide; however, little attention is being paid to the security of the devices. That’s why Wi-Fi Fuzzing is an important and current skill every hacker and pentester should know. 

Why this course?

You will learn multiple tools and techniques in one workshop, and practice all skills in unique labs. This course will also demonstrate how to perform the actual hacking against wireless networks and highlight the top vulnerabilities. This course will offer a hands on opportunity to set up your own Wi-Fi fuzzing lab, perform exploitation using open source tools rather than just watching the videos.


Course benefits:

What skills will you gain?​​ ​​​ ​​ ​ ​​​​​

  • Setting up a Wi-Fi fuzzing testing lab environment
  • Fuzzing with open source tools to learn about the target network
  • Advanced Wi-Fi fuzzing techniques
  • Analysing packet types with Wireshark

What will you learn about?

  • Basic understanding of the 802.11
  • Fuzzing techniques from A to Z 
  • Various method to perform wireless attacks

What tools will you Use?

  • Aircrack-ng
  • Kismet
  • L0phtCrack
  • RIP Protocol
  • NetStumbler
  • WiFi Pilot
  • Metasploit
  • Libpcap
  • Wifuzzit
  • OpenWRT
  • Scapy
  • Sulley
  • Metasploit
  • TCPdump
  • BeSTORM
  • AFLplusplus
  • IOTFuzzer
  • Frankenstein
  • bettercap

Course general information: 

DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points. 

Course launch date: February 26th 2021

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What will you need?

  • PC with a preferred operating system (VMware Workstation, Kali Linux)
  • Alfa Wi-Fi Adapter
  • Esp32
  • Raspberry Pi

What should you know before you join?

  • Basic knowledge of the Wi-Fi and protocols
  • Familiar with Linux OS
  • Familiarity with basic hacking and pentesting skills and concepts

YOUR INSTRUCTOR:  Vaibhav Bedi

Experience in various fields such as Biomedical, Embedded system, Additive and Smart Manufacturing and Internet of Things.

Experience in the security domain.

Delivered lectures to more than 500 students in communities like OWASP, Null Bangalore and Test Tribe.

Love spending most of my free time in making, breaking and securing IoT Devices.

Excel at operating and working with hardware.

The materials presented here do not represent the work done by the instructor for their current employer.


COURSE SYLLABUS


Module 1

Getting started with 802.11 protocol

The 802.11 is perhaps the fastest-changing network protocol around the world. The purpose of this module is to give the basic overview of the 802.11 Standard, in such a way that they will be able to understand the basic concepts, layers, frame structure and protocols. In this module, we will purely focus our efforts on 802.11 protocols.

  • 802.11 overview
  • 802.11 Architecture
  • Components and services
  • 802.11 Layer Modules
  • 802.11 frame Structure
  • 802.11 protocols

Practical graded assignments:

Assignment: We will provide you with multiple choice questions for practice.


Module 2

Introduction to Wi-Fi Fuzzing

The recent rise in complex Wi-Fi vulnerabilities indicates the critical need for effective Wi-Fi protocol testing tools. In this module, we will discuss packet injection for testing Wi-Fi client implementations against vulnerabilities and also introduce some frame fuzzing techniques to capture the packet using Wireshark.

Fuzzing overview

Building a router with a Raspberry Pi and OpenWRT 

Setting up a Wi-Fi fuzzing testing Lab environment

Common Wi-Fi vulnerabilities

Wi-Fi Frame Fuzzing

  • Beacon fuzzing
  • Probe Request
  • Authentication & Deauthentication Request/Response
  • Association & Reassociation Request & Response
  • Disassociation

Access Point Fuzzing

Wi-Fi Raw Packet Injection

  • Raw Fake AP
  • Raw Glue AP
  • Raw Covert
  • Python Raw Covert
  • WiFi Advanced Stealth Patches

Tools Used:

  • NetStumbler
  • Kismet
  • Wireshark
  • WiFi Pilot
  • Wifuzzit
  • OpenWRT

Practical graded assignments:

Assignment: We will provide the challenges related to the frame fuzzing and to perform the attacks on the live network.


Module 3

Fuzzing with Open Source Tools

In this module, we will discuss a lot of open source tools related to fuzzing and perform the attacks on the Wi-Fi network.

Fuzzing with Scapy

  • Scapy Introduction
  • Packets handlers in Scapy
  • Finding Wi-Fi Devices
  • Dictionary Attack on Hidden SSID Networks

Fuzzing with PeachFuzzer

Fuzzing with Sulley

Fuzzing with Metasploit

  • TFTP Fuzzer
  • IMAP Fuzzer

Fuzzing with libpcap

  • Setup libpcap
  • Send and verify Probe response
  • Authentication and association
  • Parsing of Probe response frames

Fuzzing with wifuzzit

Packet analysing using tcpdump

Tools Used:

  • Scapy
  • Sulley
  • Metasploit
  • Libpcap
  • Wifuzzit
  • TCPdump

Practical graded assignments:

Assignment: We will provide the challenges for fuzzing in the live network and apply the injections using the open source tools.


Module 4

Advance Wi-Fi Fuzzing Techniques

With more IoT devices entering the consumer market, it becomes imperative to detect their security vulnerabilities before an attacker does. In this module, we will discuss a novel automatic fuzzing framework, called IoTFUZZER, and find the memory corruption vulnerability in the IoT device. And also we will discuss some Wi-Fi dynamic testing, mutation fuzzing method, and as well as wireless sniffing techniques.

  • Wi-Fi Dynamic Testing
  • Advance Mutation Fuzzing method
  • IoT Devices Fuzzing
  • Writing the fuzzer in C
  • Wireless HID hijacking
  • Fuzzing wireless firmwares
  • Wireless Sniffing

Tools Used:

  • Wireshark
  • BeSTORM
  • AFLplusplus
  • IoTFuzzer
  • Frankenstein
  • bettercap

Practical graded assignments:

Assignment: We will provide the challenges and firmware image for fuzzing.


Final exam

FINAL QUIZ :  Multiple choice questions related to Wi-Fi fuzzing. 


QUESTIONS? 

If you have any questions, please contact our eLearning Manager Marta at [email protected].

Course Reviews

N.A

ratings
  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013