TT2 - 802.11 Ninjitsu

Trainers: Anthony Zboralski (Founder, Bellua Asia Pacific / HERT)
Capacity: 25 pax
Seats left: 14
Duration: 2 days
Cost: (per pax) USD1499 (early bird) / USD1899 (non early-bird)



The purpose of this course is to give a full understanding of what wireless networks are, how they work, how they are found and exploited, and how they can be secured. Students will learn how to attack wireless networks and how to secure them from both management and technical perspectives. There will be a discussion and case studies on actual wireless security penetration test.

Who Should Attend?

• IT Operation Professionals
• Information Security Managers and Officers
• Existing security auditors who wish to expand their auditing skills.
• Consultants who wish to provide advice on wireless technology and security


• Participants are required to bring their own laptops

Key Objectives

• Hands-on “War Driving”, performing a Wireless Security Survey
• Technical Awareness of Wireless Hacking and Security Techniques
• Future development in Wireless Security
• Awareness on management control and policy to enhance shortcomings in wireless technologies

Course Materials

* Student manual
* Bellua T-Shirt
* Kismet & Aircrack Compatible USB Wireless Card (can be used under VMWare)
* Backtrack Live CD
* Backtrack VMWare Imag

Course Overview

Module 1 : Introduction

* Course introduction
* Backtrack setup & Mini-interview

Module 2 : Learning to War Drive

* 802.11 Primer/Refresher
* The Rig: 802.11 Hardware (Laptops, embedded devices, PDAs, GPS, antennas…)
* Case Study : War Driving Jakarta
* Limitations
* Hands-on : Using Kismet & Airodump

Module 3 : Hacking public hotspots

* Hacking captive portals
* Rogue AP “Evil Twin”
* DNS Tunneling
* By-passing MAC, IP and MAC+IP Authorization
* Attacking clients using Blancher’s Wifitap
* Hands-on: DNS tunneling

Module 4 : Cracking WEP & WPA

* WEP Primer
* What’s Wrong with WEP
* Cracking WEP
* Hacking WEP without cracking
* Hands-on: Cracking demo WEP AP using aircrack-ng
* Cracking WPA
* Building rainbow tables using CUDA PFU, Nvidia GPU
* Hands-on: Cracking demo WPA AP using cowpatty rainbow tables

Module 5 : Analysis and Mapping

* Case study: War Driving & Wireless hacking phase of an actual penetration test
* Data analysis
* Hands-on: Extracting useful information (passwords, cookies, WPA handshakes, e-mails, etc.)
* Hands-on: Generating a map

Module 6 : Rogue Access Points

* Invisible Access Point using illegal frequencies (kugutsumen & zero chaos Ath5k driver patch)
* Man-in-the-Middle Attacks using karma
* Social Engineering Attack

Module 7 : Wireless Security

* Best practices and pitfalls
* Case study: Using WPA2 Personal and expiring keys using OpenWRT
* Case study: Using WPA2 Enterprise in practice
* Protecting the users
* Planning for failure

Module 8 : Hacking Bluetooth, VSAT and others…

* Bluetooth hacking
* Demo: Sniffing Bluetooth using frontline comprobe
* Video demo: hacking satellite network by Bellua consultants, Jim Geovedi & Raditya Iryandi

Module 9 : Conclusion

* Future developments
* Completion of course appraisal forms
* Summary and end of course

About Anthony Zboralski

Anthony Zboralski is the founder and CTO of Bellua Asia Pacific, an Information Security consulting firm. Anthony has over thirteen years of experience performing penetration tests, assessments, forensics and security related services for some of the largest Asian banks and telcos as well as a dozen Fortune 500 companies.

He is also known as Gaius or Kugutsumen, one of the Hacker Emergency Response Team (HERT) cofounders; he has been involved in the security and hacking community since 1989. (in)famous for social engineering the FBI back in the 90s: “In 1994, a french hacker named Anthony Zboralski called the FBI office in Washington, pretending to be an FBI representative working at the U.S. embassy in Paris. He persuaded the person at the other end of the phone to explain how to connect to the FBI’s phone conferencing system. Then he ran up a $250,000 phone bill in seven months.”, Bruce Schneier, Beyond Fear.