Wireless Penetration Testing: Up and Running: Run Wireless Networks Vulnerability Assessment, Wi-Fi Pen Testing, Android and iOS Application Security, and Break WEP, WPA, and WPA2 Protocols

by Dr Ahmed Hashem El Fiky

Length: 304 pages
Edition: 1
Language: English
Publisher: BPB Publications
Publication Date: 2022-12-08
ISBN-10: 9355512740
ISBN-13: 9789355512741
Sales Rank: #0 (See Top 100 Books)

0 ratings

Print Book Look Inside

Examine, Attack, and Exploit Flaws and Vulnerabilities in Advanced Wireless Networks

KEY FEATURES

Extensive hands-on lab instructions in using Kali Linux to crack wireless networks.
Covers the misconceptions, failures, and best practices that can help any pen tester come up with their special cyber attacks.
Extensive coverage of Android and iOS pentesting, as well as attacking techniques and simulated attack scenarios.

DESCRIPTION

This book satisfies any IT professional’s desire to become a successful ethical hacker who is willing to be employed in identifying and exploiting flaws in the organization’s network environment. This book explains in detail how to conduct wireless penetration tests using a wide variety of tools to simulate cyber attacks on both Android and iOS mobile devices and wireless networks.

This book walks you through the steps of wireless penetration testing from start to finish. Once Kali Linux has been installed on your laptop, as demonstrated, you will check the system requirements and install the wireless adapter. The book then explores the wireless LAN reconnaissance phase, which outlines the WEP and WPA/WPA2 security protocols and shows real-world attacks against them using Kali Linux tools like Aircrack-ng. Then, the book discusses the most recent and sophisticated cyberattacks that target access points and wireless devices and how to prepare a compelling and professionally presented report.

As a bonus, it removes myths, addresses misconceptions, and corrects common misunderstandings that can be detrimental to one’s professional credentials. Tips and advice that are easy to implement and can increase their marketability as a pentester are also provided, allowing them to quickly advance toward a satisfying career in the field.

WHAT YOU WILL LEARN

Learn all about breaking the WEP security protocol and cracking authentication keys.
Acquire the skills necessary to successfully attack the WPA/WPA2 protocol.
Compromise the access points and take full control of the wireless network.
Bring your laptop up to speed by setting up Kali Linux and a wifi adapter.
Identify security flaws and scan for open wireless LANs.
Investigate the process and steps involved in wireless penetration testing.

WHO THIS BOOK IS FOR

This book is primarily for pentesters, mobile penetration testing users, cybersecurity analysts, security engineers, and all IT professionals interested in pursuing a career in cybersecurity. Before diving into this book, familiarity with network security fundamentals is recommended.

Cover Page
Title Page
Copyright Page
Dedication Page
About the Author
About the Reviewer
Acknowledgement
Preface
Errata
Table of Contents
1. Wireless Penetration Testing Lab Setup
    Introduction
    Structure
    Objectives
    Hardware requirements
    Software requirements
    Downloading and installing Kali Linux
        Installing Kali Linux inside VMware (Guest VM) step-by-step
    Wireless penetration testing tools
        Wireshark
        Scapy
        Nmap
        Aircrack-ng
        Metasploit
    Configuring an access point setting
    Installing wireless adaptor
    Connecting to the access point
    Conclusion
    Questions
2. Wireless Attacking Techniques and Methods
    Introduction
    Structure
    Objectives
    Access control attacks
        War driving
        Rogue access points
        Ad hoc associations
        MAC spoofing
        802.11 RADIUS cracking
    Confidential attacks
        Eavesdropping
        WEP key cracking
        Evil twin AP
        AP phishing
        Man-in-the-middle attack
    Credential attacks
        Credential harvester
        Phishing
    Authentication attacks
        Shared key guessing
        PSK cracking
        Sniffing application credentials
        Cracking domain accounts
        VPN login cracking
        802.11 identify theft
        802.11 password guessing
        802.11 LEAP cracking
        802.11 EAP downgrade attack
    Conclusion
    Questions
3. Wireless Information Gathering and Footprinting
    Introduction
    Structure
    Objectives
    Footprinting
    Wireless network discovery
        Nmap
            Nmap commands
        Zenmap
    Wireless scanning
        Passive scanning
        Active scanning
        How does scanning work?
    Sniffing wireless networks
        The Wireshark application
        Ettercap
        dsniff
    Identifying your targets
    Protecting yourself from attacks
    Conclusion
    Questions
4. Wireless Vulnerability Research
    Introduction
    Structure
    Objectives
    Planning an attack
        Wireless attack
        The plan for attacking wireless networks
    Wireless password cracking
        WEP encryption
        Cracking WEP encryption
        WPA and WPA2 encryption
        Cracking WPA-PSK and WPA2-PSK passphrase
        Speeding up WPA and WPA2 Cracking
        Speeding up the cracking process
    Spoofing your mac address
    Protect yourself from wireless attacks
    Conclusion
    Questions
5. Gain Access to Wireless Network
    Introduction
    Structure
    Objectives
    Identifying hosts
        Network mapping tools
    Determining the network size
        Determining the network size using Kali Linux
    Detecting vulnerable hosts
    Preventing against threats
        Prevention identification of hosts
        Preventing others from determining your network size
        Protection of vulnerable hosts
    Conclusion
    Questions
6. Wireless Vulnerability Assessment
    Introduction
    Structure
    Objectives
    Planning an assessment
        Components of a vulnerability assessment plan
        Planning the process of a vulnerability assessment
    Setting up a vulnerability scanner
    Downloading Nessus
        Installing Nessus
    Running a Nessus vulnerability scan
        Configuring a Nessus vulnerability scan policy
        Configuring a Nessus vulnerability scan
        Launching a Nessus vulnerability scan
    Generating reports
    Resolving vulnerabilities
    Conclusion
    Questions
7. Client-side Attacks
    Introduction
    Structure
    Objectives
    How do client-side attacks work?
    Types of client-side attacks
    Sniffing unencrypted traffic
    Honeypot attacking
        Protecting yourself from a honeypot or man-in-the-middle attack
        How to start a fake access point (fake Wi-Fi)
    Preventing threats
    Conclusion
    Questions
8. Advanced Wireless Attacks
    Introduction
    Structure
    Objectives
    Capturing unencrypted traffic
    Man-in-the-middle attacks
    Metasploit
    Preventions
    Conclusion
    Questions
9. Wireless Post-Exploitation
    Introduction
    Structure
    Objectives
    What is routing?
    What is pivoting?
    Compromise first pivot and port forwarding
        Nmap via pivoting
        Port forwarding
    SSH brute-force over pivoting
    Gaining access to the second pivot
        MS08-067 with bind TCP
        Easy file share BoF
    Double pivoting
        Holy ProxyChains
    Mitigations
    Conclusion
    Questions
10. Android Penetration Testing
    Introduction
    Structure
    Objectives
    Android architecture
        The Linux kernel
            Confusion between Linux and the Linux kernel
        Android runtime
        The Java virtual machine
        The Dalvik virtual machine
        Zygote
            Core Java libraries
            ART
            Native libraries
        The application framework
        The applications layer
            Native Android or system apps
            User-installed or custom apps
    Android penetration testing environment setup
        Android Studio and SDK
        Downloading and installation of Android Studio
        The Android SDK
        The Android Debug Bridge
            Connecting to the device
            Getting access to the device
            Installing an application to the device
            Extracting files from the device
            Storing files to the device
            Stopping the service
            Viewing the log information
            Sideloading apps
        Genymotion
        Creating an Android virtual emulator
        Installing an application to the Genymotion emulator
        Installing the Genymotion plugin to Android Studio
        ARM apps and play store in Genymotion
        Configuring the emulator for HTTP proxy
        Setting up the proxy in Wi-Fi settings
        Setting up the proxy on mobile carrier settings
    Android penetration testing tools
    Secure android applications
        OWASP mobile top 10 vulnerabilities
            Improper platform usage
            Insecure data storage
            Insecure communication
            Insecure authentication
            Insufficient cryptography
            Insecure authorization
            Client code quality
            Code tampering
            Reverse engineering
            Extraneous functionality
    Conclusion
    Questions
11. iOS Penetration Testing
    Introduction
    Structure
    Objectives
    Basics of iOS application
        Architecture of iOS
        File structure of an IPA
    iOS application Sandbox structure
        Jailbreak
    Vulnerable application
    Testing methodology
        Extracting the IPA
        Running static analysis with MobSF
        Setting up proxy
        Bypassing Jailbreak detection
            Using Frida
            Using objection
        Bypassing SSL pinning
            Using Objection
        Bypassing biometric (local) authentication
        Checking for sensitive data exposure in local
            Sensitive data in Plist
            Sensitive data in UserDefaults
            Sensitive data in keychain
            Sensitive data in core data
            Sensitive data in couchbase lite
            Sensitive data in YapDatabase
    OWASP mobile top 10
        M1: Improper platform usage
        M2: Insecure data storage
        M3: Insecure communication
        M4: Insecure authentication
        M5: Insufficient cryptography
        M6: Insecure authorization
        M7: Client code quality
        M8: Code tampering
        M9: Reverse engineering
        M10: Extraneous functionality
    Conclusion
    Questions
12. Reporting
    Introduction
    Structure
    Objectives
    Report writing
    Report writing stages
        Report planning
        Information collection
        Writing the first draft
        Review and finalization
        Content of penetration testing report
    Penetration testing report sample
    Conclusion
Index

Free sample
How to download

Donate to keep this site alive

To access the Link, solve the captcha.

1. Disable the AdBlock plugin. Otherwise, you may not get any links.

2. Solve the CAPTCHA.

3. Click download link.

4. Lead to download server to download.

Wireless Penetration Testing: Up and Running: Run Wireless Networks Vulnerability Assessment, Wi-Fi Pen Testing, Android and iOS Application Security, and Break WEP, WPA, and WPA2 Protocols

Kubernetes Secrets Handbook: Design, implement, and maintain production-grade Kubernetes Secrets management solutions

Linux Kernel Programming, 2nd Edition: A comprehensive and practical guide to kernel internals, writing modules, and kernel synchronization

Defending APIs: Uncover advanced defense techniques to craft secure application programming interfaces

Hands-on ESP32 with Arduino IDE: Unleash the power of IoT with ESP32 and build exciting projects with this practical guide

Microsoft Intune Cookbook: Over 75 recipes for configuring, managing, and automating your identities, apps, and endpoint devices

ChatGPT for Cybersecurity Cookbook: Learn practical generative AI recipes to supercharge your cybersecurity skills