Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Pluralsight

Initial Access with WiFi-Pumpkin

via Pluralsight

Overview

During a red team exercise, getting access to the internal network is one of your first tasks. In this course, we cover the WiFi-Pumpkin tool, which allows you to create rogue access points with fake captive portals.

Having valid credentials is one of the most effective ways of getting access to the internal network of a company. It gives you the same level of access of a target employee, which often includes VPN access to the internal network as well as several external systems. In this course, Initial Access with WiFi-Pumpkin, you will explore the WiFi-Pumpkin tool, which is a rogue access point framework developed by Marcos Bomfim from the P0cL4bs. First, you will learn how to create rogue access points that look exactly like the WiFi network of your target company. Then, you will see how to set up captive portals, so that when users try to login to your rogue access point, they will be prompted to type their domain credentials and you can harvest them to use in other attacks. Finally, you will discover how to set up a rogue access point, how to set up a fake captive portal, how to customize the login page, and how to harvest the credentials that were submitted. By the end of this course, you will know two important tactics from the MITRE ATT&CK framework: Rogue WiFi Access Points (T1465) and Valid Accounts (T1078).

Taught by

Ricardo Reimao

Reviews

4.8 rating at Pluralsight based on 11 ratings

Start your review of Initial Access with WiFi-Pumpkin

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.