Wireless assessment: encryption and authentication (WPA2/WPA3), rogue/evil-twin access points, PMKID/handshake attacks, and client isolation.
67 checks · progress and notes saved in your browser
Passive and active discovery of wireless networks, mapping their configuration (channels, encryption, vendors), and enumerating connected clients before any active attack.
Attacks against pre-shared-key (PSK) wireless networks, including handshake and PMKID capture, offline cracking, WPA3 SAE weaknesses, and WPS implementation flaws.
Attacks against 802.1X/EAP enterprise wireless authentication, including weak EAP methods, rogue RADIUS credential capture, and missing server certificate validation.
Attacks that target clients directly through rogue access points, probe-response (KARMA) attacks, captive-portal phishing, and deauthentication denial of service.
Assessment of network controls once authenticated to the WLAN, including client isolation, management-frame protection, and segmentation between guest and corporate networks.