Open Wi-Fi Got Encrypted. Here's Why Your Rogue AP Still Works.
So you’re sitting in your local café, laptop open, and you connect to the free Wi-Fi. No password. No fuss. Job done. But underneath that seamless …
Wifi
Wireless Adapter Recommendations for Pentesters in 2025
One of the most common questions I still receive is: “What WiFi adapter should I use for pentesting?” Over the last 13 years, I have tested a very …
Hacking Hidden WiFi Networks
Hidden SSIDs are one of those security measures that feel effective but provide almost no real protection against a determined attacker. Here’s why — and …
Wireless Pivots: How Trusted Networks Become Invisible Threat Vectors
Even the most secure wireless deployments — including EAP-TLS with client certificate validation — can become entry points when endpoints are exploited in less …
EAP-TLS Security: How Attackers Exploit Enterprise Wi-Fi Vulnerabilities
TL;DR – EAP-TLS Wi-Fi Authentication in a Nutshell EAP-TLS provides strong mutual authentication using client/server digital certificates. The process includes …
The Evolution of Wi-Fi Security: From WEP to WPA3
TL;DR – Evolution of Wi-Fi Security: WEP was the first Wi-Fi security protocol but was quickly broken due to weak encryption and IV reuse. WPA introduced TKIP …
Understanding Authentication in Enterprise Wi-Fi (Part 1)
TL;DR – Enterprise Wi-Fi Authentication Explained Enterprise Wi-Fi networks rely on the Extensible Authentication Protocol (EAP) to manage secure client access. …
802.11 Wi-Fi Explained: Control & Data Frames (Wireless Packets Part 2)
TL;DR – Control and Data Frames in 802.11 Wi-Fi Control frames manage the coordination of transmissions (e.g., ACK, RTS/CTS, Block ACK), ensuring smooth traffic …
802.11 Wi-Fi Explained: MAC Frame Structure (Wireless Packets Part 1)
TL;DR – 802.11 MAC Frame Explained The MAC frame is the foundation of Wi-Fi communication, defining how data is transmitted across the wireless medium. The …
Understanding Protected Management Frames - Part 2
Before diving into the main content, let’s quickly recap the essentials of Protected Management Frames (PMF). What are Protected Management Frames (PMF)? …
Understanding Protected Management Frames
Understanding Protected Management Frames (PMF) in Wi-Fi Before delving into Protected Management Frames (PMF), it’s essential to understand what …
WiFi Episode 5: How to Uncover Hidden WiFi Networks and Crack WEP
Hidden SSIDs come up constantly in conversations about WiFi security. The idea is straightforward: if your network isn’t broadcasting its name, attackers …
WiFi Episode 4: WEP ARP Amplification — Cracking WEP Faster
If you’ve worked through Episode 2 and Episode 3, you can already crack WEP. The question this episode answers is: how do you do it faster? IV generation …
WiFi Episode 3: How to Bypass WEP Shared Key Authentication
If you’ve watched Episode 2, you know how to crack a WEP network using the clientless ARP replay attack. Good. Now let’s talk about what happens …
WiFi Episode 2: How to Crack WEP Encryption (Including Clientless Networks)
WEP is dead. Has been for years. The cryptography is fundamentally broken — not “weak with a long enough password” broken, but mathematically …
WiFi Episode 1: How to Hack WPA and WPA2 Personal Networks (The Basics)
Every wireless pentester has to start somewhere. This is that somewhere. Before you worry about WPA3, enterprise attacks, rogue APs, or EAP-TLS — you need to …