A list for all things wireless that you may find useful while assessing a real world Wi-Fi Enterprise Network. How-to: Evil Twin, KARMA, MANA, EAP-GTC Downgrade, passivity perform wireless recon, capture WPA2 handshakes (WPA2 full, half, PKMID), and test guest networks for known misconfigurations.

Overview

Ive tried to consolidate information from a variety of sources to assist penetration testing during a wireless assessment. This list includes plausible tactics, techniques, and procedures (TTP). I’ve decided to publish these in an easy to read, and hopefully digestible blog fashion. Some of the items below will be updated occasionally, with new attack vectors.