Think hidden SSIDs make your WiFi more secure? Think again. Discover how wireless attackers reveal, spoof, and crack non-broadcasting networks using Python, Scapy, and Hashcat.

Even the most secure wireless deployments, including EAP-TLS with client certificate validation, can become entry points when endpoints are exploited in less secure environments. Here's how wireless pivots work—and why your mobile devices may be betraying you.

We successfully completed our first WiFi Attacks Specialist online cohort with 12 participants. The recording and course materials are now available on the training portal for all attendees.

Join us on April 10 for the inaugural online cohort of our WiFi Attacks Specialist course. Experience live training, interactive Q&A, and lifetime access to course updates.

Explore how attackers break into enterprise Wi-Fi networks using EAP-TLS misconfigurations. Understand key vulnerabilities and how to protect your organization.

From WEP to WPA3, this post dives into how Wi-Fi security has evolved to counter new threats, explaining key protocols and their practical implications.

Learn how the Extensible Authentication Protocol (EAP) secures enterprise Wi-Fi through methods like EAP-TLS, PEAP, and TTLS, including how authentication works with certificates, passwords, and biometrics.

Explore how 802.11 Wi-Fi Control and Data Frames manage wireless traffic, enhance performance, and reduce interference using ACKs, Block ACK, RTS/CTS, and QoS.

Break down the 802.11 MAC frame into its core fields — including frame control, addresses, and FCS — to learn how Wi-Fi packets are transmitted and managed at the MAC layer.

Learn about the limitations of Protected Management Frames (PMF) in Wi-Fi security, including gaps that can be exploited through passive listening, evil twin APs, and Wi-Fi jamming.

Discover the importance of Protected Management Frames (PMF) in Wi-Fi networks. Learn how PMF secures management frames, preventing tampering and unauthorised injections. Explore the different configuration states of PMF and understand its role in enhancing Wi-Fi security. Stay tuned for our next post on how attackers defeat PMF and how to protect your network against advanced threats.

But here's the kicker, WiFi isn't just about checking your Instagram feed or sending off that last-minute report. Nope, it's way bigger than that. Businesses are ditching those clunky on-site servers faster than you can say `cloud computing.`

Our WiFi Attacks Specialist course is designed to take a new comer to WiFi to reach the status of WiFi Penetration Tester in the quickest time possible. The course features an interactive lab environment, turning the taught theory into practical hands-on experience with our world-class lab environment.

The majority of memory corruption exploits that exist, have some form of input character limitation. To get around these limitations, you have what is known as an encoder. By encoding the input ...

The first public exploit we released was for the Eudora Qualcomm IMAP server commonly known as Worldmail. This exploit was classified as a Structured Exception Handler (SEH) buffer ...

Recently I attended the three-day Corelan Advanced Exploit Development class in Sydney Australia. People had warned me beforehand, that the training is from 9am until 9pm, so I was aware...

The nullsploit engine is a work in progress exploitation framework. Currently only a limited number of exploits are available, but these should be stable across multiple Windows installations. Features...

Recently, I was interviewed by Housing Technology magazine, about what housing providers should be considering in the context of cyber-security and data protection. The full aricle can be ...

During a security assessment back in 2015 I came across a fully patched Symantec Encryption Management Server appliance. This product provides secure messaging both between users of the organization...

Its been a while since an update to conscan has been made since it’s initial release last October. The new update introduces two new features Username disclosure Single threaded account brute-forcing...

BSides London 2014 last week was my first attempt at teaching an exploit development class a group of people which I had never met before. On the whole, the handson 1 hour workshop I ran on Stack Based ...

Over the last year, I have been performing penetrative application tests, and there is a huge variety of different CMS frameworks available to businesses. One of the frameworks I have...

Release Date 14 October 2013 Vendor Sam Brishes – http://www.pytes.net/ Affected Product Dexs PM System WordPress Plugin Version 1.0.1 Vulnerability Class Persistent Cross-Site Scripting ...

Following a recent pentest I performed for a client I stumbled upon their private SSL certificate. The SSL key was password encrypted, thus could not be used directly without knowing...

A tool I’ve been writing to enumerate the enabled HTTP methods supported on a webserver. Currently only in the initial beta stage, but includes basic checking of files including the...

A whitepaper detailing various methods to bypass ASLR (Address Space Layout Randomization) when developing custom exploit code. This was originally an unpublished paper that I wrote for the Infosec ...

A simple TFTP Fuzzer I wrote to discover undisclosed bugs within TFTP servers and other simple UDP based protocols. The project is hosted on GitHub and can be found at...

This FTP fuzzer has been used to fuzz and discover a number of previously undisclosed bugs with FTP server software and other plain-text protocols. The project is hosted on GitHub...

Abusing the Stack is a full tutorial, detailing the process of vulnerability discovery to developing custom exploit code to take advantage of a vulnerability. Once you have successfully been through...

Typically a WiFi network can be configured to not broadcast its SSID. In this episode, we will be attacking a hidden WiFi network. Firstly after activating monitor mode on my...

An advanced technique known as ARP Amplification can greatly increase IV generate rates. Using this technique alone is enough to boost IV generation rates up to 1800p/s. I first performed...

When attacking a WEP encrypted WiFi network you can come across two different authentication methods, Open and Shared Key Authentication. In the previous example, we attacked a WEP network configured...

When hacking a WEP protected WiFi network an attacker may conduct an ARP Request Replay attack against the affected network. There are cases where is not likely to succeed, such...

In this video, I demonstrate the simplicity of cracking a PSK password using tools freely available within the aircrack-ng suite of tools. I first put my Alfa AWUS036H USB WiFi...