WiFi Knowledge Links
Wifi Defense
Nzyme ➤ WiFi & Network Threat Hunting
Radio Knowledge
BladeRF Guide to WiFi, from PDU to RF
Radio Architecture Matters: A Review of RF Sampling vs. Zero-IF
Design a Deep Neural Network with Simulated Data to Detect WLAN Router Impersonation
MCSIndex ➤ Theoretical Channel Speeds
Open Source WiFi SDR
Network Libraries
Scapy ➤ Python-based interactive packet manipulation program & library
WiFi Access Point Software
Barely-AP ➤ A Standalone WPA2 Access Point in Scapy
Hostapd & WPA Supplicant ➤ World's Ubiquitous AP & Station code
iwd ➤ iNet wireless daemon, a lightweight alternative to hostapd
WiFi Security
This part may as well be named Mathy Vanhoef
Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys
Krack: WPA2 Key Reinstallation Flaws
Kr00k -- Zero Key Frames Post Disassociation
Macstealer: WiFi Client Isolation Bypasses and the Framing Frames paper and repository Note: SPR's VLAN/multiPSK approach is immune to MACStealer — Our analysis
AirSnitch: How Wi-Fi Client Isolation Gets Broken (NDSS 2026) — Demonstrates four attack vectors (GTK abuse, gateway bouncing, port stealing, broadcast reflection) that break client isolation on every major router vendor. SPR has defended against all four since 2022. — Our analysis
PMKID RSN Flaw bypasses PBKDF2 Note: hostapd may have mitigated this
SSID Confusion Attack with WPA3, 802.1X
Hash To Curve (for H2E in WPA3)
Enterprise WiFi
Owning the LAN in 2018 - Wired but relevant
Offensive Tools
hostapd mana ➤ EAP,WPA Exploitation Fork of Hostapd
eap hammer ➤ EAP/WPA2 exploitation toolkit
Pwnagotchi ➤ Key Material sniffer
Sidechannel Security
2018: Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
2018: On the Use of Independent Component Analysis to Denoise Side-Channel Measurements
2020: Far Field EM Side-Channel Attack on AES Using Deep Learning
2022: Amplitude-Modulated EM Side-Channel Attack on Provably Secure Masked AES
WiFi Security Challenges
Turtles ➤ Supernetwork's WiFi Challenges