.d-none.d-md-block.col-md.col-12.gbi-891754768-rnSApHHTwEP6TUYe8DiWdm:before { opacity: 1; background-image: url('/static/a01eaa9ef5cc1f6853b3be39ca75ccb6/2f1b1/typing-code.jpg'); }

Over the Air Red-Teaming with RF and SDR

Learn how to add Over The Air attacks to Red Team Engagements.

Training starting at

$1,800.00

with one of our subscriptions

Language

English

Day 1

The first day will introduce you the challenges of doing Red team tests and why radio can unlock a lot of new opportunities during assessments.

During this day, we will focuses on Wi-Fi, Bluetooth 4 targets that could help us gaining accesses remotely:

Monitoring and capturing signal over-the-air;
Analyzing the signal;
Using the right tools at the right moment;
Attacking communications (injection, cracking, etc.)
etc.

Theory

Introduction on actual Wi-Fi setups, standards, and common attacks
Introduction to Bluetooth 4 and its security
Some more insights on Bluetooth 5

Assignment 1

Monitoring Wi-Fi
Capturing Wi-Fi packets
Analysis

Assignment 2

Attacks in WEP, WPA/WPA2
Study the case of WPA3

Assignment 3

The case of open networks
Steal secrets with rogue AP
Introduction to stack prococol vulnebabilities

Assignment 4

Monitor and discover BLE devices
Interacting with BLE targets
Man-In-The-Middle

Day 2

The second day will show how to mix physical intrusion with radio attacks to get a permanent access to targets by challenging physical intrusion systems, but also turning some devices into implants or using specific implants.

Theory

Introduction to RFID security
Introduction to nRF devices and the use implants

Assignment 1

Attacking ID systems, or weak and common intrusion system setups
Challenging other identification systems

Assignment 2

Actual MIFARE classic attacks
Attacks on MIFARE Ultralight
Analysing and crafting dumps
Challenging other authentification systems

Assignment 3

Detecting vulnerable nRF based devices
Turning nRF devices into implants

Assignment 4

Using specific USB implants

Requirements

Students will need to purchase the following to follow along with all the parts of the hands on assignments. Students can complete the hands-on assignments at a later date with access to the recordings of the live class.

For RFID: Proxmark3 rdv4 (EU: https://lab401.com/products/proxmark-3-rdv4, US: https://hackerwarehouse.com/product/proxmark3-rdv4-kit/)
For Bluetooth: Nordic nRF52840 Dongle and Logitech K400 or any Logitech Mouse and Keyboard. Plus a Logitech CU-0007 dongle
For Wi-Fi: Alfa AWUS036ACH AC1200
For all: Raspberry pi 4

Training by Sébastien Dudek

Sébastien is a security researcher focusing on flaws in radio-communication systems. He has published attacks against mobile device baseband, Power-Line devices, as well as intercom systems.

Can't attend? All of our trainings are also available as a private classes for your company.

Access all of our classes and profesionally edited recordings.

All-Access Subscription - Trainings. Solved.

All of our courses are also available as private trainings.

Private Training Quote

Courses are offered multiple times in different timezones.

Notify Me