top of page
  • Writer's pictureInfosec In the City (IIC)

Advanced WiFi Penetration Test — by Chai Kunzhe & Yang Yunfei

#IICSG2018 Conference Workshop Track

Day 1 (24 May 2018)


@ Bras Basah Room


We will take an in-depth look at the security challenges of wireless technologies, exposing you to wireless security threats through the eyes of an attacker. Knowing how to attack will help us to establish the appropriate protection strategy. 
This workshop will instruct attendees on how to carry out wireless pentest against personal and enterprise network. You will learn how to gain access to WPA2 personal and enterprise network, bypass captive portals, and build a phishing WiFi network. You will experience why it is so easy to attack enterprise over the WiFi network. 
In addition, we will introduce researches done by Qihoo 360 PegasusTeam in the last few years. These will include a wireless threat perception system, an anti-drone system, a portable WiFi attack and defence platform, and GhostTunnel — a wireless backdoor way using out-of-band data transmission. 


WiFi Security Basics

  • History

  • Protocol

  • Security Events

Basic Wireless Attacks

  • Cracking WEP, WPA/WPA2 Personal

  • Cracking the WPS PIN

  • Bypassing Authentication — Captive Portal, MAC Filtering 

  • Getting Passwords from WiFi Password Sharing APP

Advanced Wireless Attacks Against Enterprise Network

  • Using Evil Twin Attacks to Attack WPA2-PEAP Network

  • Gaining Entry by Attacking Employees' Self-built WiFi Network

  • WiFi Phishing with Captive Portal

PegasusTeam's Wireless Security Researches

  • A Wireless Threat Perception System

  • An Anti-Drone System Based on 802.11

  • A Portable WiFi Attack & Defence Platform

  • GhostTunnel — A Wireless Backdoor Way Using Out-of-Band Data Transmission 

Student Requirements 

Previous wireless security background is helpful but not required.

What to Bring

  • Attendees will be required to bring their own laptops with Kali Linux (or running in virtualisation software such as VMware or VirtualBox)

  • A TP-Link WN722N V1 external wireless interface per student

About Chai Kunzhe

Chai Kunzhe (Hacker Handle: sweeper) is the leader of the PegasusTeam at Radio Security Research Department of 360 Technology. He is responsible for the wireless security of 360 Technology, inventor of SkyScan (Tianxun) Wireless Intrusion Prevention System (WIPS), and one of the authors of the Chinese wireless security product standard documents. He is also the inventor of the first fake/rogue base station defence system. 

About Yang Yunfei

Yang Yunfei (@qingxp9) is currently a wireless security researcher in the PegasusTeam of 360 Technology. He focuses on WLAN security research, wireless offensive and defensive product development. He is a guest lecturer at Northeastern University. He made serial presentations about WiFi hacking, UAV security on KCon, HITCON, FIT, CCF YOCSEF, DEFCON Group 010, etc. 

12 views0 comments


Post: Blog2_Post
bottom of page