We wrapped up Cohort 1 of the WiFi Attacks Specialist course last week and I wanted to take a moment to say thank you to everyone who joined.

Twelve participants came in with varying backgrounds — some were seasoned pentesters looking to sharpen their wireless skills, others were newer to the field but hungry to learn. Watching the group progress from 802.11 fundamentals through to hands-on rogue AP labs was genuinely satisfying.

What We Covered

The cohort ran across four live sessions:

  1. 802.11 Protocol Fundamentals — Frame types, the association lifecycle, beacon parsing, and why the management frame problem hasn’t gone away
  2. WPA2 & WPA3 Attack Surface — 4-way handshake capture, PMKID harvesting, KRACK recap, and Dragonblood
  3. Rogue Access Points — Building a functional evil twin, captive portal injection, and certificate attacks against EAP
  4. Advanced Wireless Pivots — Abusing trusted network profiles on compromised endpoints and lateral movement via wireless

All sessions were recorded. If you attended, you should have received access to the recordings and all lab materials.

What’s Next

Cohort 2 is in planning. I’m looking at expanding the EAP section and adding a dedicated module on WPA3 Simultaneous Authentication of Equals (SAE) weaknesses, including the latest research.

If you want to be notified when Cohort 2 opens, get in touch.