Wireless Network Penetration Testing

Protect your wireless networks from outside attackers

Get Started

How Does Penetration Testing Work Against Wireless networks?

Raxis uses several techniques to leverage your wireless network with the goal of reaching the internal network and other critical systems.

Brute Force

Strategically planned attacks will be made against your wireless password in an attempt to gain unauthorized access.

Man-In-The-Middle

Man-in-the-middle attacks leverage a specially crafted access point to capture and exploit legitimate wireless traffic.

Rouge Access Points

Often in larger networks, sometimes there are access points connected to the network that offer a weaker security configuration.

Guest Wireless Traversal

Guest networks are design to keep guests separated from corporate networks, however configuration errors sometimes can be leveraged to escape the isolation.

Authentication weaknesses

Older encryption methods may be inadvertently configured, allowing for an attacker to exploit weaknesses to obtain access.

Device Misconfiguration

Some devices, such as IoT or regular workstations, may be connected to two or more networks and insecurely configured.

Hackers Work on a Least-risk, Most-reward Basis

They look for attack vectors that pose minimal risk of detection, and wireless networks fit that bill. Often sitting far away from your building using a high-gain antenna, a potential attacker can attempt to exploit your wireless with little worry about being caught – or even noticed in many cases.

Convenience and Security with Remote Wireless Penetration Testing

Raxis now performs many wireless network penetration tests remotely. Using the powerful, internally developed, plug-and-play Raxis Transporter wireless testing device, you can allow Raxis testers to work remotely with the same level of quality as an onsite wireless penetration test. The Transporter is truly that simple. Your team plugs it into the network, and the Raxis pentesters are ready to get to work.

Combine Wireless with Your Internal or External Network Test

As production wireless networks are meant to give employees access to organizations’ production networks – and guest wireless networks are meant not to – Raxis wireless tests confirm proper segmentation between the guest wireless environment and other production resources. External network tests attempt to gain access from internet-facing resources, also making a wireless/external combination test useful.

Separate or combined internal/external and wireless network tests are both valid and useful. A combined test can help you work within a budget. Separate tests provide separate reports, which may be helpful if your team reports the findings to different stakeholders.

Attack from the Company Parking Lot

Raxis Hack Stories

All stories are based on real events encountered by Raxis engineers; however, some details have been altered to protect our customers’ identities.

Wireless attackers don’t need access to your buildings in order to initiate an attack, and neither does the Raxis penetration testing team. Sitting in a car in the guest parking area, and using a large antenna easily hidden within the car, our pentester got to work.

First using the AirCrack Suite to discover target SSIDs, our pentester chose one that appeared to be the wireless network used by company employees. Next he used Hostapd-wpe to setup a rogue access point mimicking that SSID and quickly saw users connecting and revealing their user accounts and sometimes the NTLM hashes they used to login. Throwing these hashes into hashcat, our pentester successfully cracked one of them and used the resulting password to login to the wireless network.

While our client had tools in place that alerted them to the rogue access point, our pentester was logged in to the legitimate employee network and looking around by the time they discovered the alert. If they had also required devices to check the certificate of the wireless network before joining, no devices would have attempted to connect to our rogue access point in the first place. With their Raxis report in hand, our client was able to remediate that so that a malicious hacker could not do the same thing.

Choosing the Best Encryption for Your Wireless Network

Raxis Chief Penetration Testing Officer Brian Tant explains the types of encryption and which is right for your organization.

Learn More About Wireless Penetration Testing

Request a demo to witness Raxis One’s effective penetration testing and asset management capabilities.

Contact Us