security-labs

📡 Project 02 — Network Penetration Testing

CEH-aligned penetration testing on wireless protocols — WEP, WPA, WPA2. Documented attack methodologies and hardening strategies.

🎯 Objective

Conducted comprehensive wireless network security assessments simulating real-world attacks on common Wi-Fi security protocols. Documented exploitation techniques and deployed defense strategies to harden enterprise wireless infrastructure.

🔧 Lab Setup

┌─────────────────┐
│ Kali Linux VM  │
│ (Aircrack-ng)  │
└────────┬────────┘
         │
         ▼
┌─────────────────┐     ┌─────────────────┐
│  Target Router  │◀───▶│  Connected VMs  │
│  (WEP/WPA/WPA2) │     │  (Lab Network)  │
└─────────────────┘     └─────────────────┘
         │
         ▼
┌─────────────────┐     ┌─────────────────┐
│  Wireless Card  │     │  Deauth Attack  │
│  (Monitor Mode)  │────▶│  Handshake Cap  │
└─────────────────┘     └─────────────────┘

🧪 Methodology

Phase 1 — reconnaissance

Identified all wireless networks in range using airodump-ng
Captured network SSIDs, BSSIDs, channel, and encryption type
Mapped client devices connected to target networks

Phase 2 — Attacks

WEP Cracking

Performed IV (Initialization Vector) injection attacks
Collected enough IVs to crack the WEP key using aircrack-ng
Demonstrated why WEP is obsolete

WPA/WPA2 — Handshake Capture

Sent de-authentication packets to disconnect clients
Captured the 4-way handshake during reconnection
Performed dictionary attack using aircrack-ng with rockyou.txt

WPA2 — KRACK Attack Simulation

Simulated Key Reinstallation Attack concepts
Demonstrated risk of reinstallation attacks on vulnerable clients

Phase 3 — Documentation

Recorded each step with timestamps and outputs
Documented success rate and time taken for each attack method
Mapped vulnerabilities to MITRE ATT&CK framework references

📊 Results

Protocol	Attack	Result	Time
WEP	IV Injection	✅ Cracked	~8 min
WPA	Handshake + Dict Attack	✅ Cracked (weak password)	~45 min
WPA2	Handshake + Dict Attack	✅ Cracked (weak password)	~45 min
WPA2	KRACK Simulation	⚠️ Partial (client dependent)	—

🛡️ Defensive Hardening — Deployed

WPA3 Migration — Upgraded all enterprise APs to WPA3-Personal/Enterprise
Rogue AP Detection — Deployed AP monitoring to detect evil twin attacks
Password Policy — Enforced 16+ character complex passwords with EAP-TLS
802.1X Authentication — Moved to enterprise-grade port-based authentication
Client Segmentation — Isolated guest and corporate Wi-Fi on separate VLANs
Wireless Intrusion Detection System (WIDS) — Configured alerting for deauth floods

📋 Security Controls Assessment

Control	Status	Notes
Encryption Protocol	❌ Needs Upgrade	WEP in use on legacy APs
Password Complexity	⚠️ Weak	Short passwords easily cracked
Rogue AP Detection	❌ Missing	No monitoring in place
Network Segmentation	✅ Implemented	VLANs configured post-assessment
802.1X / EAP-TLS	⚠️ Planned	Migration in progress
WPA3 Adoption	✅ Complete	Post-assessment deployed

🔧 Tech Stack

Kali Linux · Aircrack-ng · Wireshark · Nmap · Airmon-ng · Crunch · WPA_supplicant

⚠️ Disclaimer

All testing was performed on networks and systems owned by me or with explicit written consent. No wireless networks were targeted without permission. This project is for educational and authorised security testing purposes only.