Boost Your Cybersecurity Skills: Hands-on WEP and wpa2 WiFi Hacking

1. About the Workshop

The theory behind exploiting WEP and WPA2 has been available for a number of years. However, it has not been easy to offer students the opportunity to apply these theories in a real environment. In this workshop, you will (1) learn how to locate and identify WiFi access points (a.k.a. reconnaissance), (2) understand the conditions under which WEP and WPA2 can be hacked, and (3) hack up to four WEP access points (with different settings), in addition to a WPA2 access point.

Dates: Saturday 1/16/2021 (10am - 7pm EST) and Sunday 1/17/2021 (10am - 3pm EST)

 

Audience: High-school and college students (2-year and 4-year institutions) enrolled in a U.S. institution (with necessary prerequisite knowledge).

 

Hardware Requirements: Participants must have a computer with at least 25GB of disk space available, VirtualBox installed, Zoom installed, and a stable Internet connection.

 

Venue:  Zoom (link will be provided to accepted registrants).

 

Fee: $0. This workshop is sponsored by a Dakota State University (DSU) NSF Award #1730105. 

 

2. Objectives

In this workshop, you will learn:

   1. How the WEP protocol works

   2. WEP Weakness

   3. How the WPA2 protocol works

   4. WPA2 Weakness

   5. WiFi scanning and reconnaissance

   6. Exploiting WEP access points with connected clients

   7. Exploiting WEP access points with no connected clients 

   8. Exploiting WEP access points with different key sizes

   9. Exploiting WPA2 access points with a given wordlist

3. Prerequisite Knowledge

To participate in the hands-on activities in this workshop, you will (a) download and import a custom Kali VM, (b) connect to a VPN, then (3) SSH into a dedicated machine (one machine per participant) which is equipped with all necessary packages and hardware to engage in the workshop activities within the sandboxed WiFi environment built for this workshop. Thus, participants are expected to be familiar with using the terminal, command line interface, and Secure Shell (SSH). This prerequisite knowledge will not be covered during the workshop.

A few days before the workshop, participants will receive a link to download and install the software and Virtual Machine required to participate in this workshop. Thus, participants must have a computer with at least 25GB of disk space available, VirtualBox installed, Zoom installed, and a stable Internet connection.

 

4. Tentative Agenda

 

During day 1, the instructor will introduce the theory behind WEP and its weakness. Then, we will walk through the basics for WiFi Scanning and Reconnaissance. Afterwards, the participants will have a guided hand-on session to apply what they learned by scanning, locating, and hacking a WEP access point with a 64-bit key size and a connected client. The day will end with an “Observation and Conclusions” session. Participants will continue to have access to the sandboxed environment to test their skills by scanning, locating, and hacking a WEP access point with a 128-bit key size and a connected client. The tentative schedule for day 1 of the workshop (times are EST) will be as follows:

* This period will be used as a break for participants who have already imported the VM before the workshop and can successfully connect to the VPN. The instructor will be helping participants who need technical assistance or still need to download or import the VM.

 

† Participants will use their dedicated machines to perform this hands-on activity. Instructor will be answering questions and providing support.

During day 2, the instructor will introduce the theory behind how WPA2 works, its weakness, and the condition under which it can be broken. Then, the participants will have a guided hands-on session to apply what they learned by scanning, locating, and hacking a WPA2 access point given a wordlist which has the access point’s password. Finally, the day will end with a “Workshop Conclusion” session. After the workshop conclusion, participants will continue to have access to the sandboxed environment until the end of the day to test their skills by scanning, locating, and hacking two WEP access points without connected client (according to instructor’s guidance discussed during the workshop). The tentative schedule for day 2 of the workshop (times are EST) will be as follows:

5. Application

Interested in participating in this WiFi Hacking workshop?

Fill out the application form here: https://pitt.co1.qualtrics.com/jfe/form/SV_4U8fCdB5xC3C13T

If you have questions, email Ahmed Ibrahim at aibrahim@pitt.edu with subject line "DSU Workshop for Students".

 

Contact

Department of Informatics and Networked Systems

School of Computing and Information

University of Pittsburgh

135 N. Bellefield Avenue

622 IS Building

Pittsburgh, PA  15260

​​

Tel: N/A

E-mail: ​aibrahim@pitt.edu

  • Black LinkedIn Icon
  • Black Twitter Icon
  • Black YouTube Icon
  • GitHub-Mark-120px-plus

© 2020 by Ahmed Ibrahim.