Pentesting, Offensive Security Research & Development

Advanced Wireless Attacks Against Enterprise Networks

Table of Contents

Workshop Overview

This is the online version of the class that I taught at DEF CON 25, BSides Las Vegas, and BSides SLC this year. In this workshop you will learn how to carry out sophisticated wireless attacks against corporate infrastructure. Topics of of interest include attacking and gaining access to WPA2-Enterprise networks, bypassing network access controls, and exploring how wireless can be leveraged as a powerful means of lateral movement through an Active Directory environment.

Course Highlights include:

  • Wireless Reconnaissance and Target Identification Within A Red Team Environment
  • Attacking and Gaining Entry to WPA2-EAP wireless networks
  • SMB Relay Attacks and LLMNR/NBT-NS Poisoning
  • Data Manipulation and Browser Exploitation Using Wireless MITM Attacks
  • Downgrading Modern SSL/TLS Implementations Using Partial HSTS Bypasses
  • Firewall and NAC Evasion Using Indirect Wireless Pivots

The material covered in this workshop is supplemented by hands-on lab exercises within the course’s virtual lab environment. Instructions on setting up the virtual lab environment can be found in the Lab Setup Guide, which is included below. Feel free to reach out to the instructor here for guidance.


A previous wireless security background is helpful but not required. You’ll also need a laptop with at least 8 gb of RAM that is capable of running VirtualBox or VMWare. Additional hardware requirements can be in the Lab Setup Guide included below.

Course Materials

Lab Setup Guide

First chapter: I. Target Identification Within A Red Team Environment