1
00:00:06,890 --> 00:00:08,630
- In this course, you will learn how to

2
00:00:08,630 --> 00:00:12,250
perform attack against wireless
infrastructure devices.

3
00:00:12,250 --> 00:00:15,610
However, in many cases
attackers actually don't

4
00:00:15,610 --> 00:00:18,310
launch attacks against,
you know those devices,

5
00:00:18,310 --> 00:00:22,150
but instead they actually
fool users to join

6
00:00:22,150 --> 00:00:25,200
a rogue access point right, so a different

7
00:00:25,200 --> 00:00:28,150
clone access point if you,
if you can call that way.

8
00:00:28,150 --> 00:00:29,910
And or perform you know, things like

9
00:00:29,910 --> 00:00:32,430
deauthentication attacks
to actually force clients

10
00:00:32,430 --> 00:00:34,360
to get disconnected and perhaps you know,

11
00:00:34,360 --> 00:00:36,940
join that rogue network right,

12
00:00:36,940 --> 00:00:38,880
or that rogue access point.

13
00:00:38,880 --> 00:00:42,830
Now, they can actually
do these type of attacks,

14
00:00:42,830 --> 00:00:45,550
or deauthentication
attacks also for performing

15
00:00:45,550 --> 00:00:48,650
a denial service attack,
you know against the clients

16
00:00:48,650 --> 00:00:50,720
or a specific line in the network, right?

17
00:00:50,720 --> 00:00:55,210
Now, attackers can also inject
packets into the network

18
00:00:55,210 --> 00:00:57,850
to present fake data, right.

19
00:00:57,850 --> 00:01:00,800
At the end of the day, actually
what most threat actors want

20
00:01:00,800 --> 00:01:02,740
is actually to steal your data, right.

21
00:01:02,740 --> 00:01:05,520
So they do this by eaves dropping,

22
00:01:05,520 --> 00:01:08,740
by manipulating unencrypted
wifi communications,

23
00:01:08,740 --> 00:01:11,050
or attacking what we call the PNL,

24
00:01:11,050 --> 00:01:13,580
or the preferred network list of you know,

25
00:01:13,580 --> 00:01:16,020
either a wireless device or
a wireless client, right.

26
00:01:16,020 --> 00:01:21,020
Now this device can be your
laptop, your mobile phone,

27
00:01:21,550 --> 00:01:24,410
your tablet, or even an IOT device, right?

28
00:01:24,410 --> 00:01:26,500
It can be an IOT device in your house

29
00:01:26,500 --> 00:01:29,840
or the thermostat in a large corporation,

30
00:01:29,840 --> 00:01:31,960
it can be many different things, right so.

31
00:01:31,960 --> 00:01:35,140
Now one of the benefits at
least for the attacker right,

32
00:01:35,140 --> 00:01:38,620
is to target the wireless
clients themselves

33
00:01:38,620 --> 00:01:41,840
instead of the infrastructure,
because you can incorporate

34
00:01:41,840 --> 00:01:43,970
the things like social engineering, right?

35
00:01:43,970 --> 00:01:47,070
And by incorporating social
engineering to your pen test,

36
00:01:47,070 --> 00:01:49,580
you can actually fool users to either join

37
00:01:49,580 --> 00:01:52,050
your fake access point, or your evil twin,

38
00:01:52,050 --> 00:01:54,070
and you will, you will learn this later.

39
00:01:54,070 --> 00:01:57,570
You know, how to, you can
also present a captive portal

40
00:01:57,570 --> 00:02:00,670
right, to fool the user to even use their

41
00:02:00,670 --> 00:02:03,430
corporate credentials right,
to their corporate password

42
00:02:03,430 --> 00:02:05,150
to join that network, right.

43
00:02:05,150 --> 00:02:06,590
Well, you can even set the SSID

44
00:02:06,590 --> 00:02:09,970
to something to say a
free internet, right.

45
00:02:09,970 --> 00:02:13,045
And even target users
outside of the corporations

46
00:02:13,045 --> 00:02:16,130
and really give them, you know,
free internet access, right.

47
00:02:16,130 --> 00:02:19,290
So whenever they actually
connect to your you know,

48
00:02:19,290 --> 00:02:23,870
fake wireless device, or
fake wireless access point,

49
00:02:23,870 --> 00:02:26,650
you can actually, you know,
allow them to go to Facebook

50
00:02:26,650 --> 00:02:29,230
or allow them to go to CNN,
wherever they're actually going

51
00:02:29,230 --> 00:02:31,480
so they have free internet connectivity,

52
00:02:31,480 --> 00:02:34,840
but then you can actually
either create a captive portal

53
00:02:34,840 --> 00:02:37,290
asking them to sign in,
let's say with their

54
00:02:37,290 --> 00:02:41,020
Facebook credentials or
Twitter or any other methods,

55
00:02:41,020 --> 00:02:43,260
actually you gonna learn how to clone

56
00:02:43,260 --> 00:02:45,930
some of these device or
some of these websites

57
00:02:45,930 --> 00:02:48,700
so you can actually get
their credentials, right.

58
00:02:48,700 --> 00:02:50,910
So and then of course you
can just give them access

59
00:02:50,910 --> 00:02:54,310
to the internet, while they're
going into the internet.

60
00:02:54,310 --> 00:02:56,627
You can also monitor unencrypted traffic

61
00:02:56,627 --> 00:02:59,250
that is actually going into
the internet, right as well.

62
00:02:59,250 --> 00:03:02,570
Now you will be surprised in many cases,

63
00:03:02,570 --> 00:03:06,980
corporate users are even
willing to put their internet

64
00:03:06,980 --> 00:03:10,060
passwords, so basically
their corporate credentials

65
00:03:10,060 --> 00:03:12,370
to get free internet
connectivity somewhere.

66
00:03:12,370 --> 00:03:14,050
So you can actually have, you know

67
00:03:14,050 --> 00:03:16,290
some type of portal that says, you know

68
00:03:16,290 --> 00:03:19,050
you're gonna have a free access to here.

69
00:03:19,050 --> 00:03:21,840
And by the way, you know,
in my case, I work at Cisco.

70
00:03:21,840 --> 00:03:25,830
So for Cisco employees, you
can actually log into your,

71
00:03:25,830 --> 00:03:27,370
you know, with your corporate credentials

72
00:03:27,370 --> 00:03:28,980
and you get free internet access.

73
00:03:28,980 --> 00:03:31,810
So in there, you know,
you ask the user to enter

74
00:03:31,810 --> 00:03:34,016
their credentials, now you
have their user username

75
00:03:34,016 --> 00:03:37,120
and password for your
corporate or their corporate

76
00:03:37,120 --> 00:03:38,000
environment.

77
00:03:38,000 --> 00:03:40,250
And then you give them free
internet access, right.

78
00:03:40,250 --> 00:03:43,460
You probably can even
enumerate what type of websites

79
00:03:43,460 --> 00:03:44,870
they're actually going through

80
00:03:44,870 --> 00:03:48,464
and probably even do other
social engineering attacks

81
00:03:48,464 --> 00:03:50,410
while they're connected.

82
00:03:50,410 --> 00:03:52,150
Now there's several
tools that allow you to

83
00:03:52,150 --> 00:03:53,970
perform this type of attacks, right.

84
00:03:53,970 --> 00:03:57,354
And yes, you can learn,
you know, these tools

85
00:03:57,354 --> 00:04:00,210
and basically what we call
the script kiddie, right.

86
00:04:00,210 --> 00:04:02,320
So basically you just use the tools, you

87
00:04:02,320 --> 00:04:05,640
you know, you know, try
to actually perform the

88
00:04:05,640 --> 00:04:07,990
the attacks or, you know,
quote unquote pen testing

89
00:04:07,990 --> 00:04:09,430
but that's actually not what pen testing

90
00:04:09,430 --> 00:04:10,560
is all about, right.

91
00:04:10,560 --> 00:04:14,020
What I want you to learn
is the methodologies.

92
00:04:14,020 --> 00:04:15,850
And really think like an attacker

93
00:04:15,850 --> 00:04:18,810
whenever you perform your pen test, right.

94
00:04:18,810 --> 00:04:21,620
Tools come and go, the same
thing goes for vulnerabilities,

95
00:04:21,620 --> 00:04:22,700
they also come and go, you know.

96
00:04:22,700 --> 00:04:25,800
In some cases actually
some of the security folks

97
00:04:25,800 --> 00:04:28,290
in my industry, they said
that vulnerabilities are

98
00:04:28,290 --> 00:04:29,537
a commodity and it's right, right?

99
00:04:29,537 --> 00:04:31,620
And you get a vulnerability today.

100
00:04:31,620 --> 00:04:33,890
You find a vulnerability today, tomorrow,

101
00:04:33,890 --> 00:04:35,450
I mean of course the vendor will patch it

102
00:04:35,450 --> 00:04:37,140
and then you have to figure out you know,

103
00:04:37,140 --> 00:04:38,430
what to do next, right.

104
00:04:38,430 --> 00:04:40,940
So just learning the
tools or just learning

105
00:04:40,940 --> 00:04:42,870
one vulnerability and how to exploit.

106
00:04:42,870 --> 00:04:46,120
That actually, you know
doesn't give you a lot

107
00:04:46,120 --> 00:04:46,960
of returning investment.

108
00:04:46,960 --> 00:04:48,520
So I want you to actually understand

109
00:04:48,520 --> 00:04:49,540
the methodologies right.

110
00:04:49,540 --> 00:04:52,230
So we're gonna be spending
little bit of time

111
00:04:52,230 --> 00:04:54,810
of actually showing you how you know,

112
00:04:54,810 --> 00:04:55,680
the different methodologies

113
00:04:55,680 --> 00:04:57,620
and pen testing actually work, right.

114
00:04:57,620 --> 00:05:01,695
Now however, if you have a
good foundation of not only

115
00:05:01,695 --> 00:05:05,130
the knowledge about the different
vulnerabilities and tools

116
00:05:05,130 --> 00:05:07,610
but also a good understanding
of the hacking methodologies

117
00:05:07,610 --> 00:05:11,840
used by attackers, then you
will become a better pen tester.

118
00:05:11,840 --> 00:05:14,990
Hopefully you will learn
you know, a few tips

119
00:05:14,990 --> 00:05:18,123
throughout this course and
in the next a few lessons.