Skip to main content

WiFi Knowledge Links

Wifi Defense

Nzyme ➤ WiFi & Network Threat Hunting

Radio Knowledge

BladeRF Guide to WiFi, from PDU to RF

Radio Architecture Matters: A Review of RF Sampling vs. Zero-IF

Design a Deep Neural Network with Simulated Data to Detect WLAN Router Impersonation

MCSIndex ➤ Theoretical Channel Speeds

WiFi 6 Features

WiFi 6 OFDMA Whitepaper

WiFi 7 Features

WiFi 7 What is MLO

Open Source WiFi SDR

Openwifi

Bladerf-wiphy

Network Libraries

Scapy ➤ Python-based interactive packet manipulation program & library

Seemo ➤ WiFi Firmware Hacking

WiFi Access Point Software

Barely-AP ➤ A Standalone WPA2 Access Point in Scapy

Hostapd & WPA Supplicant ➤ World's Ubiquitous AP & Station code

iwd ➤ iNet wireless daemon, a lightweight alternative to hostapd

e-iwd ➤ iwd fork without dbus

WiFi Security

This part may as well be named Mathy Vanhoef

Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys

Krack: WPA2 Key Reinstallation Flaws

Dragonblood: WPA3 Flaws

Frag Attacks

Macstealer: WiFi Client Isolation Bypasses and the Framing Frames paper and repository Note: SPR's VLAN/multiPSK approach is immune to MACStealer

PMKID RSN Flaw bypasses PBKDF2 Note: hostapd may have mitigated this

Enterprise WiFi

Owning the LAN in 2018 - Wired but relevant

BYOD PEAP Show -- PEAP relay

Offensive Tools

hostapd mana ➤ EAP,WPA Exploitation Fork of Hostapd

eap hammer ➤ EAP/WPA2 exploitation toolkit

bettercap ➤ The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Pwnagotchi ➤ Key Material sniffer

Sidechannel Security

2018: Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers

2020: Far Field EM Side-Channel Attack on AES Using Deep Learning

2022: Amplitude-Modulated EM Side-Channel Attack on Provably Secure Masked AES

WiFi Security Challenges

Turtles ➤ Supernetwork's WiFi Challenges

WiFiChallengeLab ➤ Virtualized WiFi pentesting laboratory

Shinai-Fi ➤ Docker images for learning wifi hacking