Advanced Wireless Attacks Against Enterprise Networks

Instructor - Gabriel Ryan

Pre-Requisites - A previous wireless security background is helpful but not required.

Abstract - This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Students will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and explore how wireless can be leveraged as a powerful means of lateral movement through an Active Directory environment.

Topics of interest include:

- Wireless Reconnaissance and Target Identification Within A Red Team Environment

- Attacking and Gaining Entry to WPA2-EAP wireless networks

- SMB Relay Attacks and LLMNR/NBT-NS Poisoning

- Data Manipulation and Browser Exploitation Using Wireless MITM Attacks

- Downgrading Modern SSL/TLS Implementations Using Partial HSTS Bypasses

- Firewall and NAC Evasion Using Indirect Wireless Pivots

Each student will receive a course package containing a comprehensive course guide and preconfigured virtual machines. External wireless adapters and other wireless networking hardware will be provided by the instructor, and material learned in the lectures will be practiced within a realistic lab environment. The instructor will make himself available via email for questions and guidance in the weeks leading up to and following the workshop.

Required materials - Students will be required to bring their own laptops capable of running virtualization software such as VMWare or VirtualBox. Other than that, I plan on providing the necessary hardware to complete the workshop. Hardware that will be provided to students includes:

- 1 TP-Link WN722N external wireless interface per student

- Wireless access points