Although all the previous chapters have created a basis for pen testing that works across the spectrum, wireless has its own set of tools that span the pen testing methodology.
- Scanning for Service Set Identifiers (SSIDs)
- Scanning for hidden SSIDs
- Determining security of target SSID
- Testing for MAC address authentication
- Cracking Wired Equivalent Privacy (WEP)
- Cracking Wi-Fi Protected Access (WPA/WPA2)
- Exploiting guest access
- Rogue Access Point (AP) deployment
- Man-in-the-Middle (MITM) wireless attacks
- Using wireless networks to scan internal networks
- Using wireless as a vector for network related attacks