OBJECTIVE 03 — WIRELESS THREATS & ATTACKS
WIRELESS THREAT — CORE DEFINITION
| Item | Memorize |
| Wireless Threat | Any potential risk that exploits weaknesses in wireless communication |
MEMORY HOOK:
Wireless = open air = exposed
CLASSIFICATION OF WIRELESS ATTACKS (EXAM STRUCTURE)
| Category |
| Passive attacks |
| Active attacks |
PASSIVE WIRELESS ATTACKS
PASSIVE ATTACK — DEFINITION
| Item | Memorize |
| Passive Attack | Attacker monitors traffic without altering it |
PASSIVE ATTACK CHARACTERISTICS
| Feature |
| Difficult to detect |
| No packet modification |
| Used for reconnaissance |
COMMON PASSIVE WIRELESS ATTACKS
| Attack | Description |
| Eavesdropping | Capturing wireless traffic |
| Traffic analysis | Studying communication patterns |
| Packet sniffing | Capturing packets over air |
MEMORY HOOK:
Passive = listen only
ACTIVE WIRELESS ATTACKS
ACTIVE ATTACK — DEFINITION
| Item | Memorize |
| Active Attack | Attacker modifies, injects, or disrupts wireless communication |
ACTIVE ATTACK CHARACTERISTICS
| Feature |
| Detectable |
| Packet injection |
| Service disruption |
MEMORY HOOK:
Active = interfere
MAJOR WIRELESS ATTACKS (EXAM CRITICAL)
ROGUE ACCESS POINT ATTACK
DEFINITION
| Item | Memorize |
| Rogue AP | Unauthorized wireless access point connected to a network |
PURPOSE
| Purpose |
| Bypass security controls |
| Provide backdoor access |
EXAM TRAP
| Statement | Correct |
| Rogue AP is attacker-owned | NO |
| Rogue AP can be employee-installed | YES |
MEMORY HOOK:
Rogue = unauthorized, not fake
EVIL TWIN ATTACK
DEFINITION
| Item | Memorize |
| Evil Twin | Fake AP mimicking a legitimate AP |
ATTACK LOGIC
| Step |
| Attacker creates fake AP |
| Uses same SSID |
| Stronger signal |
| Victim connects |
GOAL
| Goal |
| Credential harvesting |
| MITM |
MEMORY HOOK:
Evil Twin = fake AP
DEAUTHENTICATION ATTACK
DEFINITION
| Item | Memorize |
| Deauthentication Attack | Sends forged deauth frames to disconnect clients |
PROTOCOL EXPLOITED
| Protocol |
| IEEE 802.11 management frames |
PURPOSE
| Purpose |
| Force reconnection |
| Capture handshakes |
| Enable Evil Twin |
MEMORY HOOK:
Deauth = kick users off
DISASSOCIATION ATTACK
DEFINITION
| Item | Memorize |
| Disassociation Attack | Forces clients to disconnect from AP |
DIFFERENCE FROM DEAUTH
| Attack | Key Difference |
| Deauth | Authentication termination |
| Disassociation | Association termination |
MEMORY HOOK:
Deauth ≠ Disassoc
MAN-IN-THE-MIDDLE (MITM)
DEFINITION
| Item | Memorize |
| MITM | Attacker intercepts communication between client and AP |
METHODS
| Method |
| Evil Twin |
| Rogue AP |
| ARP spoofing |
MEMORY HOOK:
MITM = attacker in between
REPLAY ATTACK
DEFINITION
| Item | Memorize |
| Replay Attack | Reusing captured packets to gain access |
COMMONLY TARGETS
MEMORY HOOK:
Replay = reuse packets
WEP CRACKING ATTACK
PURPOSE
METHOD
| Method |
| Capture IVs |
| Analyze patterns |
MEMORY HOOK:
More IVs = faster crack
KRACK ATTACK
DEFINITION
| Item | Memorize |
| KRACK | Key Reinstallation Attack |
TARGET
IMPACT
| Impact |
| Decrypt traffic |
| Replay packets |
MEMORY HOOK:
KRACK breaks handshake
PACKET INJECTION ATTACK
DEFINITION
| Item | Memorize |
| Packet Injection | Injecting crafted packets into wireless network |
PURPOSE
| Purpose |
| Speed up WEP cracking |
| Disrupt traffic |
MEMORY HOOK:
Inject = fake packets
JAMMING ATTACK
DEFINITION
| Item | Memorize |
| Jamming | Flooding wireless spectrum with noise |
RESULT
MEMORY HOOK:
Noise kills Wi-Fi
COMPARISON — ROGUE AP vs EVIL TWIN (EXAM FAVORITE)
| Feature | Rogue AP | Evil Twin |
| Ownership | Legit internal | Attacker |
| Purpose | Unauthorized access | Impersonation |
| Signal mimicry | No | Yes |
ATTACK → GOAL MAPPING (MEMORY TABLE)
| Attack | Goal |
| Rogue AP | Backdoor |
| Evil Twin | Credential theft |
| Deauth | Force reconnection |
| Replay | Authentication bypass |
| KRACK | Traffic decryption |
| Jamming | DoS |
OBJECTIVE 03 — MEMORY BLOCK
Passive attacks listen.
Active attacks interfere.
Rogue AP is unauthorized.
Evil Twin is fake.
Deauth kicks users.
KRACK breaks WPA2.