
Wireless Network Penetration Testing
Secure your wireless infrastructure against attackers who could be sitting in your parking lot. Our wireless network testing identifies vulnerabilities in your WiFi networks that could allow unauthorised access to your internal systems.
What is Wireless Network Penetration Testing?
Wireless Penetration Testing evaluates the security of Wi-Fi networks by identifying vulnerabilities in encryption protocols, access controls, and network segmentation. Testing includes attacks such as rogue access points, client disassociation, and credential capture to assess the risk of unauthorised access or data interception.
Our Engagement Process
T-14 days
Scoping
Our scoping process begins with identifying all wireless networks in scope, including staff and guest networks. We work with you to understand your wireless infrastructure and define the physical boundaries of testing.
This phase ensures we have a comprehensive view of your wireless footprint while respecting any testing limitations.
T-7 days
Remote Testing Probe Setup
Our wireless testing probes allow us to conduct wireless network assessments remotely without requiring constant on-site presence. Once deployed, these probes automatically connect back to our testing infrastructure and provide continuous monitoring capabilities.Start of Testing
Testing begins with our team conducting both passive and active wireless assessments. We use specialised wireless testing hardware to identify potential security weaknesses.
Any critical vulnerabilities discovered during testing are reported immediately to allow for swift remediation.
T+14 Days
Report Delivery and Debrief
Upon completion of testing, we deliver a comprehensive report detailing all discovered vulnerabilities, their potential impact, and specific recommendations for remediation.
Our debrief session walks through the findings in detail, ensuring your team understands the risks and has a clear roadmap for implementing security improvements.
Why Wireless Network Testing?
Protect Against Physical Proximity Attacks
Identify vulnerabilities that could allow attackers within physical range to gain unauthorised access to your wireless networks and internal systems.
Secure Guest Access
Ensure your guest wireless networks are properly segmented and that public access restrictions and terms of service cannot be bypassed.
Validate Network Segmentation
Verify that your wireless networks are properly segmented and that compromising one network doesn't grant access to your entire infrastructure.
Meet Compliance Requirements
Many regulatory frameworks require regular wireless security assessments. Our testing helps you maintain compliance while improving your security posture.
Our Wireless Testing Methodology
Our wireless network testing methodology is designed to identify vulnerabilities in both internal and public wireless networks, ensuring comprehensive coverage of your wireless infrastructure.
Internal Staff Networks
For wireless SSIDs restricted for internal staff members, Project Black will evaluate misconfigurations which could allow an attacker with physical proximity to gain access to the network.
- Authentication bypass attempts
- Encryption protocol weaknesses
- Password policy compliance
- WPA/WPA2/WPA3 configuration review
- Evil twin attack scenarios
- Client-side vulnerabilities
Public Access Networks
For wireless SSIDs intended to be open to the public, Project Black will evaluate:
- The ability for members of the public to enumerate and reach assets on the internal network
- If there are terms of use that require acceptance or internet access restrictions, Project Black will test for ways to bypass these restrictions
- Network segmentation effectiveness
- Access control mechanisms
- Captive portal security
Our testing methodology is regularly updated to address emerging wireless security threats and attack vectors.
Frequently Asked Questions
Do you need to come on-site for wireless testing?
No not necessarily, Project Black maintains remote testing probes that can be deployed on-site during an assessment. For multi-site environments, we can arrange visits or deploy probes at each location.
What types of wireless attacks do you test for?
Our wireless assessments cover WPA2 and WPA3 weaknesses, PMKID and EAPOL handshake capture, evil twin and rogue access point attacks, client isolation bypass, RADIUS configuration weaknesses, and network segmentation validation between wireless and wired networks.
Do you test both staff and guest wireless networks?
Yes. Both networks are assessed, and a key part of wireless testing is validating that guest network access cannot be leveraged to reach internal systems or other guest devices. We specifically test the segmentation boundary between them.
Can you test wireless networks at multiple office locations?
Yes. We can conduct on-site visits or deploy wireless probes to multiple locations. Scope and pricing for multi-site assessments are discussed and agreed during the scoping phase.
What is an evil twin attack?
An evil twin is a rogue access point configured with the same SSID as a legitimate corporate network. Devices previously connected to the real network can automatically connect to the attacker-controlled access point, enabling credential capture and man-in-the-middle attacks. We test whether your environment is susceptible to this.
What credentials or access do you need from us?
For most wireless assessments we begin with no credentials, simulating an attacker in physical proximity. Generally for guest networks if we aren’t able to obtain access we will request credentials so that we can validate segmentation works correctly.
Ready for a Pentest Quote?
Simply fill out the form, let us know what you're looking for, and we'll reach out to you within hours!