Chapter 7. Advanced Wireless Sniffing
The goal of most penetration testing exercises is the extraction of sensitive information from the target network. To achieve this goal, the pentester will typically pursue many different avenues, such as crafting and sending spear phishing e-mails with malicious attachments, invasive vulnerability scanning, intricate social engineering exercises, or fuzzing and reverse engineering software packages looking for holes. Although this type of methodology can be effective, it is often very tedious and the chance of success may be reduced based on factors such as the patching cycle of software, security applications/appliances deployed, user security awareness, and so on. It is very possible that in order to get that much-needed foothold into a target, an often overlooked and much less complex tactic can be utilized. We are not suggesting that these other efforts are not worthwhile, especially in a full-scale penetration test for a client; however...