Wireless Penetration Testing Services

Wireless Penetration Testing

Wireless penetration testing involves identifying and assessing the connections between all devices connected to the organisation’s Wi-Fi network. These devices include laptops, tablets, smartphones, and any other “Internet of Things” (IoT) devices. Wireless Pentest also includes some elements of an audit, ensuring wireless network is in-line with industry standards. In case of wireless networks, vulnerabilities are most often found in wi-fi access points due to insufficient Network Access Controls and lack of MAC filtering.
Wireless Penetration Testing Company in Australia


Scope definition

1. Scope Definition:

After initiating the project, we collect the scoping/target information from the client. This information includes a list of all MAC Addresses and SSIDs in scope. The information will assist us in determining which access points are accounted for, and which access points are essentially rogue access points. This process also involves a brief meeting with the client to review and acknowledge the rules of the penetration testing engagement and confirm project scope and testing timelines.

Intelligence gathering

2. Wireless Reconnaissance:

Due to the nature of the wireless network, information gathering is conducted using a well-known technique called War Driving. This method essentially includes driving around the organisation’s premises to sniff out WI-FI signals using high-gain network adapters such as the alfa card. This technique also helps determine whether the wireless signal is leaking outside your organisation significantly and if that would allow us (or an attacker) to target your wireless network from nearby locations.

Internal Penetration Testing

3. Unauthorised access attempts:

After information gathering, we attempt to gain unauthorised access to the wireless networks in scope. Depending on how a wireless network is configured, we launch several attacks against the network such as WEP/WPA-PreShared Key cracking, various password attacks, evil twin attacks, or disassociation attacks. The goal of this step is to determine the organisation’s susceptibility to an attacker trying to gain unauthorised access to the internal network through wireless channels.


4. Post Authentication:

If successful in cracking and authenticating the wireless network, we proceed to test several aspects of the network as a regular connected user. If unsuccessful, we request credentials to the networks from the client to provide a holistic assessment. At this stage, the testing includes ensuring the guest network is correctly segmented from the internal network and examining for availability and security of access point administrative logins. Additionally, we try to identify any corporate devices on “Guest” networks that are evading company policies and network restrictions.


5. Reporting:

After completing the assessment, SecureTriad provides an assessment report which includes executive summary and technical findings. The executive summary is written for management consumption and is a high-level overview of assessment activities, scope, most critical issues discovered, and overall risk scoring. We also include strategic recommendations to assist business leaders in making informed decisions regarding the information systems/devices. The technical findings include all vulnerabilities listed individually, with details for recreating the issue with necessary screenshots, understanding of the potential risk, recommended remediation actions, and helpful reference links.

We respond to all requests within the same business day.

    Get a quote today!

    Tell us what you need, and our cyber security expert will contact you.