Wireless Attacks: Evil Twin, Deauth, and Rogue AP
Understand how attackers set up rogue access points, deauthenticate clients, and perform evil-twin attacks to intercept credentials.
The Wireless Threat Landscape
Wireless networks are particularly vulnerable because the signal cannot be contained to a physical boundary. Attackers can operate from a car in a parking lot, a neighboring office, or even use long-range directional antennas from hundreds of meters away. The primary wireless attack categories covered on Security+ are evil twin attacks, deauthentication attacks, and rogue access points. Each exploits different weaknesses in how Wi-Fi clients discover, connect to, and trust access points.
Rogue Access Points
A rogue access point is an unauthorized wireless AP connected to a corporate network — either installed by an attacker who gained physical access or set up by a well-intentioned employee for convenience. A rogue AP can bypass the organization's wired security controls by giving attackers or malware a wireless entry point into the internal network. Wireless intrusion detection systems (WIDS) and regular RF surveys detect rogue APs by correlating MAC addresses seen over the air with the authorized AP inventory.
# Detect rogue APs using airodump-ng:
airodump-ng wlan0mon
# Look for BSSIDs not in your authorized AP inventory.
# Rogue AP indicators:
# - Unknown BSSID transmitting on corporate SSID
# - Open security on a segment that should be WPA2-Enterprise
# - Unusual channel or signal strength patternAll lessons in this course
- Wi-Fi Security Protocols: WEP, WPA2, WPA3
- Wireless Attacks: Evil Twin, Deauth, and Rogue AP
- Enterprise Wireless: 802.1X and RADIUS
- Bluetooth and IoT Wireless Threats