|
0. Student Kit & Classroom Setup |
| Lab 0.1 |
Imaging the Laptop – Student Lab Kit Inventory |
| Lab 0.2 |
Wireless internet connectivity from laptop and Setup GoogleTalk and Gizmo accounts |
| Lab 0.3 |
Nokia N800 Internet Tablet setup and application installation and connection to classroom Access Point/Internet |
| Lab 0.4 |
Student AP setup – load DD-WRT firmware |
1. Wireless Packet Captures & Connection Analysis Review |
| Lab 1.1 |
View an Open Authentication packet capture |
| Lab 1.2 |
View an EAP Authentication packet capture |
| Lab 1.3 |
View a data transfer packet capture |
| Lab 1.4 |
Create an Omnipeek Filter |
| Lab 1.5 |
Create a Wireshark filter |
| Lab 1.6 |
Create baseline captures
- Open – No WEP
- Open – WEP
- Open – WEP – w/Radius
- WPA – Radius
- Shared Key – WEP
- WPA – PSK
- Roaming connection
- Beacon – Probe Request – Probe Response
|
2. Discovering, Locating & Accessing WiFi Networks |
| Lab 2.1 |
RF Scanning – with WiSpy & RF Signatures |
| Lab 2.2 |
Scanning for networks Directional and high gain antennas |
| Lab 2.3 |
Physically locating an Access Point based on signal strength using AirDefense Mobile and WiFiHopper |
| Lab 2.4 |
Bluetooth scanning - bluescanner |
| Lab 2.5 |
Installing and using a GPS device |
| Lab 2.6 |
Wardriving & Data to Wigle/Maps & Google Earth |
3. Sniffing and Capturing Data on Open Wireless Networks |
| Lab 3.1 |
Capture and Analyze WVoIP traffic – Use WVoIP phone and capture using Clearsight. Playback the voice capture. |
| Lab 3.2 |
Capture and Analyze POP3 Email Traffic – Connect to a POP3 server and capture passwords using Winsniffer. |
| Lab 3.3 |
Capture and Analyze Web Email Traffic – Connect to Hotmail / Yahoo mail and capture and reassemble emails with NetResident |
| Lab 3.4 |
Using three AirPcap’s to capture ALL the packets as a device roams across channels - Demo |
| Lab 3.5 |
Capture and Analyze Web Site Traffic – Connect to a web server and view images with driftnet and etherape. |
4. Cracking 802.11 Encryption and Authentication Mechanisms on Protected Networks |
| Lab 4.1 |
LEAP Cracking - Asleap/Pre-Hashed Dictionary file |
| Lab 4.1 |
WPA-PSK dictionary attacks - CoWPAtty/Dictionary file/wpa_crack |
| Lab 4.3 |
WEP Cracking and decrypting WEP traffic - Omnipeek/Aircrack/Commview |
| Lab 4.4 |
WEP Cracking Acceleration tools - Aireplay & Script |
| Lab 4.5 |
Making & Using Very Large Hacker Dictionary |
5. Rogue Access Points & Client Hijacking |
| Lab 5.1 |
Using ZyXEL Soft AP |
| Lab 5.2 |
Using DD-WRT firmware to create a captive portal |
| Lab 5.3 |
Client Hijacking / Evil Twin AP |
| Lab 5.4 |
Using Linux script to create a Fake hotspot |
| Lab 5.5 |
Piggybacking on a Captive Portal |
| Lab 5.6 |
Using Ethernet Over Power as AP Demo |
6. Denial of Service Wireless Attacks |
| Lab 6.1 |
Narrowband RF Jamming w/Video Camera |
| Lab 6.2 |
Wideband RF Jamming Demo |
| Lab 6.3 |
Queensland DoS |
| Lab 6.4 |
Windows Deauth Attacks - Use CommView to generate deauth frames. Use AirDefense to terminate sessions Demo |
| Lab 6.5 |
Linux Deauth Atttacks Use linux script to Deauth a client |
| Lab 6.6 |
802.11 Associate / Authenticate Flood Massdeauth |
7. Using a Wireless Intrusion Detection/Prevention System |
| Lab 7.1 |
Airtight sensor – stand-alone hardware IDS |
| Lab 7.2 |
AirDefense Mobile as a local IDS |
| Lab 7.3 |
AirMagnet – Catching MacSpoofing - Demo |
8. Creative Advanced Attacks |
| Lab 8.1 |
Create a honey pot - KF sensor honey pot |
| Lab 8.2 |
Hacker’s Choice for Creative Wireless Attacks - Demo |
| Lab 8.3 |
Using USB Attack Stick to gather information |
| Lab 8.4 |
Peer Attacks – Demo |
| Lab 8.5 |
Ad Hoc – Split Tunnel - Demo |
9. Integrating Wireless Security Assessment & Testing |
| Sample Wireless Security Assessment Report |
10. IT Professional’s Toolbox Course |
| Introduction to Entire USB Course Materials – Over 100 lab exercises |
11. Using the Linux Wireless Testing Script |
| Lab 11.1 |
Using all the tools in the Linux Wireless Testing Script |
