Book of the Month – BackTrack 5 Wireless Penetration Testing

This month, I am excited to write review on another amazing book – “BackTrack 5 Wireless Penetration Testing”. Written by Vivek Ramachandran – founder of SecurityTube – who is well known for his discovery of Wireless Caffe Latte attack, this book is beyond the words.
.

.

Here is the core information about the book,

  • Title: BackTrack 5 Wireless Penetration Testing
  • Author: Vivek Ramachandran
  • Publisher: Packt Publishing
  • Pages: 220
  • Release Date: September 9, 2011
  • Rating(Amazon):

.

Here is the table of contents

Chapter 1: Wireless Lab Setup
Chapter 2: WLAN and Its Inherent Insecurities
Chapter 3: Bypassing WLAN Authentication
Chapter 4: WLAN Encryption Flaws
Chapter 5: Attacks on the WLAN Infrastructure
Chapter 6: Attacking the Client
Chapter 7: Advanced WLAN Attacks
Chapter 8: Attacking WPA-Enterprise and RADIUS
Chapter 9: WLAN Penetration Testing Methodology
Appendix A: Conclusion and Road Ahead
Appendix B: Pop Quiz Answers

.

First chapter starts with the famous line from ‘Abraham Lincoln’ pressing on the importance of setting up the play ground,

If I had eight hours to chop down a tree, I’d spend six hours sharpening my axe.

It lists both hardware/software requirements with 2 Wi-Fi enabled laptops, one injectible Wi-Fi card (Alfa AWUS036H) & a access point. Some more listing of alternative injectible Wi-Fi cards would have been better though. It is often difficult to get the right one especially for those who are outside USA/UK. In my initial days of wardriving, I remember waiting for entire year to get my first injectible USB dongle. And without the right card, you are on the back foot as you can’t perform most of the attacks.

Remaining portion of first chapter shows how to install BackTrack, Setting up access point and wireless cards in detail with screenshots. Next one explains in brief about wireless frames and shows how to capture the Wi-Fi packets in the air and inject your own packets using Alfa card.

.

It goes more interesting with chapter 3 showing how to bypass various wireless security restrictions such as hidden SSIDs, defeating MAC filters, bypassing WEP authentication etc. Next it shows how to really crack those 128 bit WEP keys using aircrack-ng tool. Finally it describes how we can use these cracked WEP/WPA passphrase to decrypt wireless data packets and directly connect to WEP/WPA network.

.

Chapter 5 explains various Denial of Service (DoS) attacks including De-Authentication, Dis-Association, CTS-RTS attack & spectrum jamming. It also shows how one can perform ‘Evil Twin’ attack against legitimate Access point and how to setup rogue access point to gain backdoor entry into the network.

.

Often the weakest point lies at the client side, so the chapter 6 goes to describe all those attacks one can perform on wireless clients including Honeypot and Mis-Association attacks, Caffe Latte attack, De-Authenticaton and Dis-Association attacks, Hirte attack, AP-less WPA-Personal cracking etc. Next one shows how to perform wireless based Man-in-the-Middle (MITM) attacks and then use it for sniffing and hijacking of user sessions.

.

Chapter 8 focuses on WPA-enterprise based attacks such as exploiting the weakness in PEAP, EAP-TLS protocols. It ends with recommendation on secure wireless configuration using ‘WPA2-PSK with a strong passphrase’ for smaller/medium size organizations and ‘WPA2-Enterprise with EAP-TLS’ for larger organizations.

.

Final chapter touches very briefly on pen testing methodologies and then goes more into wireless pen testing using the attacks explained in previous chapters. It starts with step by step of discovery of wireless devices, finding unauthorized clients, rogue access points and then cracking the wireless encryption using the attacks demonstrated in previous chapters.

.

This book is written completely from practical perspective and to get the best out of this book you need to parallely follow it up with your own setup as shown in first chapter. And at the end of it, there will be one more Wi-Fi ninja in the air.

.

Highlights of the Book

  • Very well written and enjoyable to read
  • Practical and includes latest stuff from wireless field
  • Every attack technique is very well shown with complete technical details and illustrative screenshots.
  • Includes action items for reader to explore more and gain more expertise
  • Pop Quiz at the end of each chapter ensures that you were not dozing off

.

After reading this book completely, one thing is sure that you would like to change its title from “Beginners guide” to “Not just Beginners guide”. Even though its his first book, I am amazed with his style of writing and ‘connecting with reader’ mentality making it easier to grasp and enjoyable to read on.

.

And here comes final verdict,

Written by wireless expert, this book goes beyond the words and highly recommended to anyone willing to master Wi-Fi Kung Fu.

Disclaimer: I have received this book from the publisher for special review. And author is good friend of mine. However the review remains genuine and unbiased.

.

Visit Book: http://www.packtpub.com/backtrack-5-wireless-penetration-testing-beginners-guide/book

Similar posts
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on Introduction to Android This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.   In this session, Swapnil gave quick introduction to Android explaining technical details as well as various security [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on Malware Memory Forensics. This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.   In this extended session, Monnappa explained extracting malware forensics artifacts from memory using Volatility – advanced memory [...]
  • Mentorship Programme Application Form... Today as we celebrate 6 years in our ‘Knowledge Sharing’ work, we are launching second edition of our Student Mentorship Programme. Application Form for session 2013-2014 is online now. To apply to this Mentorship Programme, aspiring students have to fill Mentorship Programme Application form. Please download the form from our Student Mentorship Page here Application [...]
  • Celebrating 6 years With a tick of clock another year has gone by and SecurityXploded today completes 6 years of successful ‘Knowledge Sharing’ work. Founded 6 years ago with a mission to share darkest secrets of windows world through our free tools and articles, today it has gone beyond what we have envisioned in our wildest dreams. Here [...]
  • Student Mentorship Programme – ... As most of you know, we have started the student mentorship initiative last year. In first batch we got pretty good response with around 25 applications all over the world and based on our selection process we selected two students. We have already posted details and their work reports here.  Apart from these analysis reports, [...]

Leave a Reply

Our Company

Follow us on Facebook


Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list