🛠️ WPA2

Theory

Attacks

//TODO : differences between CCMP and TKIP for cipher ?

Sniffing

De-authentication

WPA handshake capture & cracking

clients needed

sniffing + deauth

gives "WPA handshake" followed by AP MAC addr, possible to crack

either crack with aircrack directly or use aircrack to create a hashcat formatted file

preparing hashcat file

cracking

Reconnaissance

Movement

Credentials

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Netlogon

Certificate Services (AD-CS)

SCCM / MECM

Exchange services

Print Spooler Service

Schannel

Built-ins & settings

Kerberos

Certificate Services (AD-CS)

HTTP security headers

Identity and Access Management

File inclusion

LFI to RCE

Initial access (protocols)

Windows

UNIX-like

(AV) Anti-Virus

Mifare Classic

Android

🛠️ WPA2

Theory

Attacks

Sniffing

De-authentication

WPA handshake capture & cracking

PMKID capture

KRACK

Resources

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Certificate Services (AD-CS)

SCCM / MECM

Certificate Services (AD-CS)

HTTP security headers

File inclusion

LFI to RCE

Windows

UNIX-like

Mifare Classic

🛠️ WPA2 ​

Theory ​

Attacks ​

Sniffing ​

De-authentication ​

WPA handshake capture & cracking ​

PMKID capture ​

KRACK ​

Resources ​

🛠️ WPA2

Theory

Attacks

Sniffing

De-authentication

WPA handshake capture & cracking

PMKID capture

KRACK

Resources