Open Wi-Fi Got Encrypted. Here's Why Your Rogue AP Still Works.
So you’re sitting in your local café, laptop open, and you connect to the free Wi-Fi. No password. No fuss. Job done. But underneath that seamless …
Wifi
Wireless Adapter Recommendations for Pentesters in 2025
One of the most common questions I still receive is: “What WiFi adapter should I use for pentesting?” Over the last 13 years, I have tested a very …
Hacking Hidden WiFi Networks
Hidden SSIDs are one of those security measures that feel effective but provide almost no real protection against a determined attacker. Here’s why — and …
Wireless Pivots: How Trusted Networks Become Invisible Threat Vectors
Even the most secure wireless deployments — including EAP-TLS with client certificate validation — can become entry points when endpoints are exploited in less …
Cohort 1 Wrap-Up: Thank You and What's Next
We wrapped up Cohort 1 of the WiFi Attacks Specialist course last week and I wanted to take a moment to say thank you to everyone who joined. Twelve …
Understanding Authentication in Enterprise Wi-Fi (Part 1)
TL;DR – Enterprise Wi-Fi Authentication Explained Enterprise Wi-Fi networks rely on the Extensible Authentication Protocol (EAP) to manage secure client access. …
802.11 Wi-Fi Explained: Control & Data Frames (Wireless Packets Part 2)
TL;DR – Control and Data Frames in 802.11 Wi-Fi Control frames manage the coordination of transmissions (e.g., ACK, RTS/CTS, Block ACK), ensuring smooth traffic …
Understanding Protected Management Frames - Part 2
Before diving into the main content, let’s quickly recap the essentials of Protected Management Frames (PMF). What are Protected Management Frames (PMF)? …
Understanding Protected Management Frames
Understanding Protected Management Frames (PMF) in Wi-Fi Before delving into Protected Management Frames (PMF), it’s essential to understand what …
PMKIDHunter — Fast PMKID Capture Script
A lightweight Python wrapper that automates the full PMKID capture-to-crack workflow using hcxdumptool and hashcat. No client required — just the target BSSID, …
WiFi Episode 5: How to Uncover Hidden WiFi Networks and Crack WEP
Hidden SSIDs come up constantly in conversations about WiFi security. The idea is straightforward: if your network isn’t broadcasting its name, attackers …
WiFi Episode 4: WEP ARP Amplification — Cracking WEP Faster
If you’ve worked through Episode 2 and Episode 3, you can already crack WEP. The question this episode answers is: how do you do it faster? IV generation …
WiFi Episode 3: How to Bypass WEP Shared Key Authentication
If you’ve watched Episode 2, you know how to crack a WEP network using the clientless ARP replay attack. Good. Now let’s talk about what happens …
WiFi Episode 2: How to Crack WEP Encryption (Including Clientless Networks)
WEP is dead. Has been for years. The cryptography is fundamentally broken — not “weak with a long enough password” broken, but mathematically …
WiFi Episode 1: How to Hack WPA and WPA2 Personal Networks (The Basics)
Every wireless pentester has to start somewhere. This is that somewhere. Before you worry about WPA3, enterprise attacks, rogue APs, or EAP-TLS — you need to …