Over the Air Red-Teaming with RF and SDR

Learn how to add Over The Air attacks to Red Team Engagements.

Training starting at


with one of our subscriptions



Day 1

The first day will introduce you the challenges of doing Red team tests and why radio can unlock a lot of new opportunities during assessments.

During this day, we will focuses on Wi-Fi, Bluetooth 4 targets that could help us gaining accesses remotely:

  • Monitoring and capturing signal over-the-air;
  • Analyzing the signal;
  • Using the right tools at the right moment;
  • Attacking communications (injection, cracking, etc.)
  • etc.


  • Introduction on actual Wi-Fi setups, standards, and common attacks
  • Introduction to Bluetooth 4 and its security
  • Some more insights on Bluetooth 5

Assignment 1

  • Monitoring Wi-Fi
  • Capturing Wi-Fi packets
  • Analysis

Assignment 2

  • Attacks in WEP, WPA/WPA2
  • Study the case of WPA3

Assignment 3

  • The case of open networks
  • Steal secrets with rogue AP
  • Introduction to stack prococol vulnebabilities

Assignment 4

  • Monitor and discover BLE devices
  • Interacting with BLE targets
  • Man-In-The-Middle

Day 2

The second day will show how to mix physical intrusion with radio attacks to get a permanent access to targets by challenging physical intrusion systems, but also turning some devices into implants or using specific implants.


  • Introduction to RFID security
  • Introduction to nRF devices and the use implants

Assignment 1

  • Attacking ID systems, or weak and common intrusion system setups
  • Challenging other identification systems

Assignment 2

  • Actual MIFARE classic attacks
  • Attacks on MIFARE Ultralight
  • Analysing and crafting dumps
  • Challenging other authentification systems

Assignment 3

  • Detecting vulnerable nRF based devices
  • Turning nRF devices into implants

Assignment 4

  • Using specific USB implants


Students will need to purchase the following to follow along with all the parts of the hands on assignments. Students can complete the hands-on assignments at a later date with access to the recordings of the live class.

Training by Sébastien Dudek

Sébastien is a security researcher focusing on flaws in radio-communication systems. He has published attacks against mobile device baseband, Power-Line devices, as well as intercom systems.

Can't attend? All of our trainings are also available as a private classes for your company.

Access all of our classes and profesionally edited recordings.
All of our courses are also available as private trainings.
Courses are offered multiple times in different timezones.