Wireless Ethical Hacking and Penetration Testing Training Workshop

Print Friendly, PDF & Email

Wireless Ethical Hacking, Penetration Testing, and Defenses Training Course Hands-on

Wireless Ethical Hacking and Penetration Testing Training Workshop course by ENO provides an in-depth, hands-on comprehensive information on wireless security and Penetration, Testing, and Defenses on wireless systems. Learn Penetration Testing using Kali Linux, security flagship ethical hacking tools and methods, designed and written by the Kali Linux developers.

Wireless Ethical Hacking intensive labs give you in-depth knowledge and practical experience with the wireless security systems including WiFi ethical hacking including: 802.11n , 802.11ac/ad, 802.11ax , Bluetooth, Bluetooth LE, Zigbee, GSM/CDMA hacking, UMTS 3G, LTE 4G, and 5G wireless ethical hacking and more. You will learn how intruders escalate privileges and what steps can be taken to secure a wireless system.

Attendees will also learn about Penetration Testing and Countermeasures, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. Laptop Required: Throughout the course, students will participate in hands-on exercises after booting into a live Linux environment based on the Kali distribution. A bootable CD will be distributed in the class for all students.

Duration: 5 days

Related Courses

Customize It!

We can adapt this Wireless Ethical Hacking and Penetration Testing Training Workshop course to your group’s background and work requirements at little to no added cost.

If you are familiar with some aspects of this Wireless Ethical Hacking and Penetration Testing Training Workshop course, we can omit or shorten their discussion.

We can adjust the emphasis placed on the various topics or build the Wireless Ethical Hacking and Penetration Testing Training Workshop course around the mix of technologies of interest to you (including technologies other than those included in this outline).

If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Wireless Ethical Hacking and Penetration Testing Training Workshop course in manner understandable to lay audiences.

Wireless Ethical Hacking and Penetration Testing Training - Audience / Target Group
  • Ethical hackers and penetration testers
  • Network security staff
  • Network and system administrators
  • Incident response teams
  • Information security policy decision makers
  • Technical auditors
  • Information security consultants
  • Wireless system engineers
  • Embedded wireless system developers
Wireless Ethical Hacking and Penetration Testing Training - Prerequisites
  • This class requires a basic understanding of web application technology and concepts such as HTML and JavaScript
Wireless Ethical Hacking and Penetration Testing Training - Course Syllabus:

Introduction and Overview

  • Overview of Wireless Systems
  • Overview of GSM, GPRS/EDGE, UMTS, HSPA/HSPA+, CDMA/CDMA2000,, WiMAX, WiFi, 802.1, Bluetooth/BLE, ZigBee, 802.15.4, 6LowPAN,  LTE, LTE-Advanced, LTE-Advanced Pro, and 5G
  • Overview of TCP/IP
  • Overview of Network and Computer Architecture and Security Attacks
  • Ethical Hacking and Penetration Testing
  • Footprinting and Reconnaissance
  • TCP/IP Basics and Scanning
  • Sniffers and Session Hijacking
  • Intrusion Detection Systems
  • Firewalls
  • Ethics and Legal Issues
  • Wireless Security Principles
  • Wireless LAN and MAN Standards and Architecture
  • Radio Frequency (RF) and Physical Layer Transmission Technology
  • IEEE 802.xx MAC Layer
  • Understanding the Wireless Threat
  • Overview of Linux
  • Linux Commands
  • Kali Linux Tools, Techniques and Implementation
  • Kali Linux NetHunter for Nexus and OnePlus
  • Wireshark


  • Lab 1: Using basic TCP/IP Tools and Utilities: whois, ipconfig, ping, traceroute, Port Scanning, Sniffing
  • Lab 2: Setting the WLAN card operating modes, sniffing in monitor mode
  • Tools: Kali Linux, Wireshark

 Wireless Security Applied to 802.xx

  • WiFi, Bluetooth/Zigbee and WiMAX Security Principles
  • Common Capabilities of the IEEE 802.xx MAC
  • Understanding the architecture and operating of ad-hoc and infrastructure networks
  • Understanding the operation and behavior of IEEE 802.1X authentication
  • Packet framing on wireless networks
  • Understanding the 802.11 header format and fields
  • 802.11 address field ordering and behavior
  • 802.11 management, control and data frames
  • 802.11 management action frames
  • Rogue Network Threats
  • Defining and understanding rogue networks
  • Techniques for identifying rogue devices
  • Overview of WEP, WPA/WPA2, 802.11i
  • Assessing WEP Networks
  • IV transmission
  • Eavesdropping
  • Spoofing
  • Sniffing
  • WLAN Denial of Service (DoD)
  • WLAN Man-in-the-Middle Attacks
  • War Driving
  • Wireless Security Best Practices


  • Sniffing MAC Layer
  • Locating rogue devices through RSSI signal analysis, triangulation
  • Cheating at rogue detection using CDP and MAC address variations
  • Identifying rogue AP’s with Nessus, using RSSI characteristics to locate device

 Assessing WPA-PSK and WPA/WPA2 Networks

  • TKIP hash weaknesses and countermeasures, Tool: WPA Hand Grenade
  • Attacking the passphrase selection of WPA/WPA2-PSK networks
  • Denial of Service (DoS) Attacks on Wireless Networks
  • IEEE 802.11 MAC attacks, authentication and association floods, deauthenticate and disassociation floods, Beacon DS Set DoS, Invalid Authentication flood, power-management attacks
  • 802.11 medium management techniques, hidden node problem, RTS/CTS medium management, medium reservation attacks, RTS/CTS co-opting
  • Client attacks including rogue AP DoS, NULL SSID DoS, 802.1X authentication flood

 Wireless Hacking Applied

  • Wireless Hotspot Networks
  • Labs: Service theft, passive and active session hijacking, Spoofed provider access, direct client attacks
  • Hotspot injection attacks, manipulating unencrypted network transmissions
  • Wireless Client Exposures and Vulnerabilities
  • Publicly Secure Packet Forwarding (PSPF), understanding PSPF filtering, defeating PSPF
  • Attacking the Preferred Network List (PNL), Lab: Hotspotter for network redirection, IEEE 802.11 protocol fuzzing, understanding the format of the SSID information element as an example and how an attacker would exploit it, impact of driver bugs, Client fingerprinting techniques
  • Techniques for protecting client systems

GERAN, CDMA2000, UMTS, HSPA/HSPA+, WiMAX, LTE, LTE-Advanced. mmWave and 5G Security Attacks

  • GSM Family (GERAN, HSPA/HSPA+, LTE, LTE-Advanced, Lte-Advanced Pro, mmWave and 5G) of Network Wireless Attacks
  • CDMA Family of Network Wireless Attacks
  • WarViewing and exploiting wireless video transmitters, Tool: Mobile WarSpy
  • Introduction to next-generation wireless attacks using software defined radio (SDR) and the Universal Software Radio Peripheral (USRP); Tool: USRP and GNURadio
  • Introduction to cellular protocols and GSM networks, demodulating GSM traffic, GSM reference sources and data capture and analysis, risks with GSM use, Wireshark and GSM sniffing, exploiting weaknesses in GSM encryption
  • Zigbee and Bluetooth/BLE Security Threats
  • Exploiting range in Bluetooth networks, Bluetooth attacks including rogue AP s, Bluesnarfing, Blueline, wireless works
  • Sniffing Bluetooth networks, hacker techniques for building Bluetooth sniffers
  • Exploiting Bluetooth non-discoverable mode, discovering non-discoverable devices;
  • Exploiting Bluetooth profile vulnerabilities, audio recording attacks, exploiting Bluetooth headsets, Bluetooth device impersonation attacks;

Bluetooth, BLE, ZigBee, 802.15.4, 6LowPAN,  Thread, Z-wave and IPv6 Security Attacks

  • 802.15.1/802.15.4 Wireless Attacks
  • Bluetooth and BLE Network Wireless Attacks
  • ZIgBee Network Wireless Attacks
  • 6LowPAN Network Wireless Attacks
  • IPv6 Network Wireless Attacks

Wireless Security Implementation Strategies

  • Wireless Security Strategies and Policies
  • Establish Wireless LAN Security Policies and Practices
  • Design for Wireless Security
  • Analyze Protocols
  • Restrict AP Connections
  • Protect Wireless Devices
  • Introduction to IDS/IPS
  • Configuring and Securing Wireless Systems
  • Managing certificate trust policies
Request More Information

Time Frame: 0-3 Months4-12 Months