Wireless Hacking

Module 1: 802.11 Hacking

• Lesson 1A: Basics of 802.11
• Lesson 1B: Hardware and Drivers

Module 2: Operating Systems and Tools for 802.11 Networks

• Lesson 2A: Choosing an OS based on Hardware and Applications
• Lesson 2B: inSIDer and Vistumbler Windows Network Scanners
• Lesson 2C: Sniffing and Injection Tools for Windows
• Lesson 2D: KisMAC Mac OS X Discovery Tool
• Lesson 2E: Kismet Linux Discovery Tool 
• Lesson 2F: Mobile Discovery Tools and Online Mapping

Module 3: Tools and Techniques for Bypassing 802.11 Wireless Networks

• Lesson 3A: Basic Attack Types
• Lesson 3B: Accessing Hidden or Nonbroadcasting Wireless Networks
• Lesson 3C: Cracking WEP Keys
• Lesson 3D: Cracking Hidden and WEP-Encrypted Networks
• Lesson 3E: Recovering a Keystream
• Lesson 3F: Deauth Attacks and Michael Countermeasures

Module 4: Practical Attacks against WPA Networks

• Lesson 4A: Breaking WPA with Pre-Shared Key (PSK) Authentication  
• Lesson 4B: Breaking WPA Enterprise Authentication
• Lesson 4C: Encryption Attacks against TKIP
• Lesson 4D: Attacking Components

Module 5: Compromising Wireless Clients

• Lesson 5A: Application Level Attacks
• Lesson 5B: Client Attacks with an Evil DNA Server
• Lesson 5C: ARP Spoofing with Ettercap
• Lesson 5D: Rogue Apps and Evil Servers with Karmetasploit
• Lesson 5E: Direct Client Injection
• Lesson 5F: Device Driver Vulnerabilities
• Lesson 5G: WI-FI and Web Hacking

Module 6: Exploiting a Mac OS X 802.11 Wireless Client

• Lesson 6A: Preparing and Testing the Exploit
• Lesson 6B: Preparing Tools for Installation
• Lesson 6C: Initial Reconnaissance Preparation
• Lesson 6D: Kismet, Aircrack-ng Preparation
• Lesson 6E: Preparing and Executing the Package  
• Lesson 6F: Delivering the Java Exploit   
• Lesson 6G: Using the User-Level Code Execution to the Highest Extent

Module 7: Exploiting a Windows Wireless Client

• Lesson 7A: Overview of a Windows Client Attack
• Lesson 7B: Establish the Attack Infrastructure
• Lesson 7C: Exploiting a Hotspot Environment
• Lesson 7D: Controlling the Client
• Lesson 7E: Wireless Reconnaissance Local and Remote
• Lesson 7F: Target Wireless Network Attack

Module 8: Bluetooth Scanning and Reconnaissance

• Lesson 8A: Overview of Bluetooth Device Interaction
• Lesson 8B: Attack Preparation
• Lesson 8C: Reconnaissance Phase of a Bluetooth Attack
• Lesson 8D: SDPtool for Enumerating Services

Module 9: Bluetooth Eavesdropping Attacks

• Lesson 9A: Using Commercial Bluetooth Sniffers
• Lesson 9B: Open-Source Bluetooth Tools

Module 10: Attacking and Exploiting Bluetooth

• Lesson 10A: PIN Attacks
• Lesson 10B: Practical PIN Cracking
• Lesson 10C: Manipulating Bluetooth Identification Mechanisms
• Lesson 10D: Vulnerabilities in Bluetooth Profiles
• Lesson 10E: Future of Bluetooth

Module 11: ZigBee Protocol  

• Lesson 11A: Overview of ZigBee Technology
• Lesson 11B: ZigBee Security Measures
• Lesson 11C: ZigBee Attack and Exploitation
• Lesson 11D: Start to Finish Attack against ZigBee Device Implementation 

Module 12: Hack DECT

• Lesson 12A: Overview of DECT Devices and Technology
• Lesson 12B: DECT Security Standards
• Lesson 12C: DECT Attacks and deDECTed.org

Module 13: Scoping and Information Gathering

• Lesson 13A: Pre-Assessment Planning Process
• Lesson 13B: Assessing Information and Estimating Effort