Wi-Fi Security

This workshop will briefly go over the Wi-Fi basics and known security issues, covering WPA2-Personal, WPA2-Enterprise, WPS, and then focusing on the most recent developments in Wi-Fi such as KRACK, and will include hands-on labs. The workshop will also cover direct attacks against wireless clients and access points, such as router vulnerabilities, rogue access points and denial-of-service attacks.

To get the most out of this workshop, attendees are encouraged to:

  • Have a machine with Kali Linux installed (either as a virtual machine or directly).
  • Bring a packet-injection capable wireless card, such as the Alfa AWUS036h.
  • Ideally, be familiar with setting up their wireless card in monitor mode to minimize setup time during the workshop.
  • Attendees are also encouraged to bring any Wi-Fi-related equipment that they would like to show off!

Workshop Outline

  • Introduction & Quick Overview of 802.11 basics
    • What is Wi-Fi and how does it work?
    • What are control frames, management frames, etc.
    • What is the difference between a/b/g/n?
    • What hardware do I need to start hacking?
  • Attacks on WPA-Personal
  • Attacks on WPS
  • Attacks on WPA-Enterprise
  • Other attacks on Wi-Fi
    • Attacks on access points
    • Attacks on clients
    • DoS attacks
    • Attacking the Wi-Fi firmware (Broadcom vulnerabilities)
    • Other recent developments (KRACK)
    • Notes on WPA3


Mark El-Khoury Security Consultant, NCC Group

Mark El-Khoury is a Security Consultant with NCC Group, where he has been for over two years. Mark has been involved in a wide variety of security assessments, ranging from large web applications in various environments and frameworks, to native desktop applications and IoT devices. Mark also specializes in internal and external network infrastructure penetration testing, including IEEE 802.11 wireless assessments. Mark graduated from Syracuse University with a Master's degree in Computer Science, and has participated in many programming contests, including ACM ICPC, IEEE Xtreme, and Topcoder matches.