WIRELESS PEN TEST
Verify Your Security With a Penetration Test
OVERVIEW
What Is Wireless Penetration Testing?
Wireless penetration tests assess the adequacy of multiple security controls designed to protect unauthorized access to wireless services. Testing attempts to exploit wireless vulnerabilities to gain access to private (protected) wireless SSIDs or to escalate privileges on guest SSIDs intended to be isolated from private networks.
The wireless network brings convenience and mobility to internal users, but with this convenience comes additional risks. An attacker does not need to gain physical access if vulnerable wireless networks can be compromised from a safe distance. Wireless access provided to guests and visitors needs to be isolated from protected environments. Wireless provided to employees needs to protect those connections and the data transmitted over the air. Testing wireless networks is a critical activity to ensure wireless networks are providing the intended access and only the intended access.
VULNERABILITIES
Common Wireless Network Vulnerabilities
Rogue access points
Weak encryption
Default router setups
Wireless zero configurations
Guest WiFi weaknesses
Bruteforce weaknesses
Bluetooth exploits
WPA key vulnerabilities
METHODOLOGY
CSG’S Comprehensive Testing Methodology
A CSG wireless pen test follows a tried and tested methodology to identify, exploit and help address vulnerabilities. Here’s how we approach a wireless assessment:
01. Wireless Reconnaissance
Detecting and identifying authentication methods supported, encryption requirements, MAC address restrictions, and the technologies in use.
02. Network Reconnaissance
Exploring connected networks to identify lateral targets, test segmentation, and bypass intended restrictions on movement within the wireless network.
03. MAC Address Filtering Bypass
Attempts to bypass evaluate the effectiveness of MAC address filtering through cloning, enumeration, and bypass attacks.
04. Encryption Exploits
Testing encryption methods and effectiveness, attempts to intercept information from other connected users, and performing decryption attacks.
05. Authentication Attacks
Tests targeting password complexity, authentication handshake manipulation, and password cracking attempts.
06. Session Management
Targeting legitimate end users, attempts to inject or hijack existing sessions, bypass replay protection mechanisms, manipulate session state or session assignment methods, or leverage insecure wireless session management.
07. Privilege Escalation & Lateral Movement
Identifying potential targets on the protected network, bypassing segmentation rules, and leveraging the wireless network to pursue further internal attacks.
08. Data Exfiltration
Locating sensitive information, configuration information, and other evidence is gathered to demonstrate impact.
DELIVERABLES
Deliverables For Completed Test
The complete penetration testing results are documented in our content rich report which includes the background, summary of findings, detailed findings, scope and methodology, and supplemental content for context and reference. Samples are available upon request.
An introduction of the general purpose, scope, methodology, and timing of the penetration test.
A brief but concise overview summarizing the results at a glance, such as key critical findings requiring priority attention, system or recurring issues, and other general results.
Comprehensive results of each vulnerability, including a description of the vulnerability observed, the impact, recommendations for remediation, evidence where the vulnerability was observed, step by step demonstrations of exploits performed.
A detailed recap of the specific scope of what was tested, the methodologies utilized, and related historical information necessary for audiences such as auditors to understand the specifics of the test approach.
Additional content and guidance, such as recommended post assessment activities, that provides added value to the audience of the report.
Why Choose CSG
-
A trusted partner with a personalized service
-
A company with a global reach
-
An extensive understanding of how threat actors operate
-
In-depth threat analysis and advice you can trust
-
Latest tools and technology