Logo Loading

Wireless Network Penetration Testing

Wireless networks provide ease of access for your employees, guests and visits, but they also provide a security issue as the traditional boundaries of needing a cable to connect have been removed. It is important to test your wireless network and ensure appropriate controls are implemented to reduce the risk of an attacker compromising your wireless network from outside your premises.

The Triskele Labs Penetration Testing team are specialist wireless network experts who conduct testing to identify methods to compromise wireless networks and gain access to internal networks. While it may seem like wireless networks are secure as they need a password, if they are not properly configured, an attacker could gain access in minutes as your wireless network signals often extend out of range of your office, where anyone with a device can find them.

These networks can provide a key vulnerability should a malicious actor be able to gain access. We can ensure that these signals are only accessed by authorised users.

Some of the fantastic clients we work with include:

What sets us apart from the others?

  • Re-testing is include in all of our engagements
  • We assign a dedicated Service Delivery Manage
  • Results are provided in real-time via our unique portal
  • Reports are guaranteed within 10 business days
  • Our team is fully CREST-registered
  • Daily start and end-of-day emails including a list of issues
  • You have access to our whole team throughout testing
  • Everyone in our team is Australia-based

What sets us apart from the others?

  • Re-testing is include in all of our engagements
  • We assign a dedicated Service Delivery Manage
  • Results are provided in real-time via our unique portal
  • Reports are guaranteed within 10 business days
  • Our team is fully CREST-registered
  • Daily start and end-of-day emails including a list of issues
  • You have access to our whole team throughout testing
  • Everyone in our team is Australia-based

Our methodology is second to none

Network foot-printing specifically identifies the Wireless Access Points (WAPs) in use, along with the broadcasting Service Set Identifier (SSID). This is carried out through conducting a site survey utilising specific hardware and toolset that allow for the identification of open and hidden networks. Traffic is collected and inspected utilising packet sniffers to identify the types of traffic being transmitted across the wireless networks.

Triskele Labs will conduct discovery probing of all wireless networks considered in scope to gather additional information not discovery during the site survey. This will be conducted utilising automated tools and manual inspection through several mechanisms, including but not limited to signals analysis, Access point location and mapping using GPS and triangulation, ESSID broadcasts, Hidden SSID sniffing, BSSID detection for ad-hoc peer-to-peer networks.

Once a full understanding of the wireless architecture and perimeter is determined, enumeration will occur to begin preparations for exploitation. The Penetration Testing Team will enumerate information to identify authentication mechanisms, how users connect and logging & monitoring. In addition, users connecting to the networks will attempted to be gathered to allow for testing of unauthorised access.

Utilising the information gathered, the wireless networks are tested utilising infrastructure and client-side attacks. Where these attacks are successful, access to layer 3 networks may be possible and further reconnaissance and network identification can be performed.

If possible, Triskele Labs will pivot to other devices, especially those that may be dual-homed and drop the Penetration Testing team onto a sensitive network.

Utilising the results of testing, Triskele Labs will report on issues identified. False positives are reduced throughout the process. All of our reports are provided to our clients through our secure portal, MyFiles.

WIRELESS ATTACKS

  • Radio Monitoring
  • Rogue Access Point
  • Man in the Middle
  • Session Hijacking
  • Credential Theft
  • Unencrypted WiFi
  • Passive Connections
  • Unencrypted Login Forms
  • Password Re-Use

Request More Information