WiFi Pentest

What is a WiFi pentest?

A WiFi pentest is a security assessment of your wireless network. We test configuration, encryption and segmentation for vulnerabilities that an attacker could exploit to access your internal network - without ever plugging in a cable.

WiFi signals do not stop at the wall. An attacker in the parking garage, the cafe next to your office or from the street can attack your network. We come to your location with Alfa adapters, a WiFi Pineapple and a Proxmark and test what an attacker can achieve.

What do we test?

• WPA2/WPA3 configuration - encryption correct? Downgrade attacks possible?
• WPA2-Enterprise (802.1X) - RADIUS certificate correctly validated? Relay attacks possible?
• Evil twin attacks - can we set up a fake access point that employees automatically connect to?
• Rogue access point detection - unauthorised access points in your environment?
• Client isolation - can wireless clients reach each other? Is the guest network truly separated?
• VLAN segmentation - wireless network correctly segmented from critical systems?
• Captive portal bypass - can the guest network be bypassed?

Why should you get a WiFi pentest?

Many organisations invest in network security but forget their wireless network:

• WiFi knows no walls: an attacker does not need to enter your premises to attack your network.
• BYOD increases risk: more and more devices connect to the corporate network.
• Credential harvesting: via evil twin attacks, attackers automatically intercept domain credentials.
• Lateral movement: a compromised WiFi network is a stepping stone to the rest.

Our approach

We come physically to your location with specialised hardware. Direct contact with the pentester during the test:

• Site survey - mapping all wireless networks, SSIDs, access points, signal strengths with Kismet and WiFi Pineapple.
• Configuration analysis - encryption (WPA2/WPA3), authentication (PSK vs. Enterprise/802.1X), RADIUS, certificate validation.
• WPA2 handshake capture - capturing handshakes and offline cracking with Hashcat. Weak password? Then we are in.
• Evil twin attack - fake access point with hostapd-mana. Do employees connect automatically? Do they leak credentials?
• Segmentation test - from the wireless network, testing whether servers, management interfaces and critical systems are reachable.
• Reporting - findings with risk classification, signal heatmap and concrete hardening recommendations. Retest available on request.

What does a WiFi pentest cost?

Our hourly rate is €175 per hour. Indications:

• Single location with 5-20 access points: €4,000 - €8,000

Costs are determined by number of locations, SSIDs, authentication type and on-site duration. Fixed quote after scoping call.