Initial Access with WiFi-Pumpkin
Offered By: Pluralsight
Course Description
Overview
During a red team exercise, getting access to the internal network is one of your first tasks. In this course, we cover the WiFi-Pumpkin tool, which allows you to create rogue access points with fake captive portals.
Having valid credentials is one of the most effective ways of getting access to the internal network of a company. It gives you the same level of access of a target employee, which often includes VPN access to the internal network as well as several external systems. In this course, Initial Access with WiFi-Pumpkin, you will explore the WiFi-Pumpkin tool, which is a rogue access point framework developed by Marcos Bomfim from the P0cL4bs. First, you will learn how to create rogue access points that look exactly like the WiFi network of your target company. Then, you will see how to set up captive portals, so that when users try to login to your rogue access point, they will be prompted to type their domain credentials and you can harvest them to use in other attacks. Finally, you will discover how to set up a rogue access point, how to set up a fake captive portal, how to customize the login page, and how to harvest the credentials that were submitted. By the end of this course, you will know two important tactics from the MITRE ATT&CK framework: Rogue WiFi Access Points (T1465) and Valid Accounts (T1078).
Having valid credentials is one of the most effective ways of getting access to the internal network of a company. It gives you the same level of access of a target employee, which often includes VPN access to the internal network as well as several external systems. In this course, Initial Access with WiFi-Pumpkin, you will explore the WiFi-Pumpkin tool, which is a rogue access point framework developed by Marcos Bomfim from the P0cL4bs. First, you will learn how to create rogue access points that look exactly like the WiFi network of your target company. Then, you will see how to set up captive portals, so that when users try to login to your rogue access point, they will be prompted to type their domain credentials and you can harvest them to use in other attacks. Finally, you will discover how to set up a rogue access point, how to set up a fake captive portal, how to customize the login page, and how to harvest the credentials that were submitted. By the end of this course, you will know two important tactics from the MITRE ATT&CK framework: Rogue WiFi Access Points (T1465) and Valid Accounts (T1078).
Taught by
Ricardo Reimao
Related Courses
Ethical HackingIndian Institute of Technology, Kharagpur via Swayam Investigación en Informática Forense y Ciberderecho
University of Extremadura via Miríadax MSc Cyber Security
Coventry University via FutureLearn Network Security - Introduction to Network Security
New York University (NYU) via edX Network Security - Advanced Topics
New York University (NYU) via edX