Hacking Wireless Networks

Correct Answer: An evil twin attack where an attacker has set up a rogue access point mimicking the legitimate corporate SSID

The scenario perfectly describes an 'evil twin' attack, which is a common wireless attack where an attacker sets up a rogue access point that mimics a legitimate network's SSID. The key indicators in this scenario are: 1. A Wi-Fi network with an SSID identical to the company's official network 2. The network is not managed by IT (it's unauthorized) 3. Variable signal strength throughout the building (indicating it's placed by an attacker) This attack allows the attacker to intercept traffic when users connect to what they believe is the legitimate corporate network. The Wi-Fi pineapple attack (option 2) is actually a specific tool that can be used to execute an evil twin attack, but the question is asking about the attack scenario itself, not the specific tool. Additionally, the scenario doesn't specifically mention handshake capturing for breaking WPA2. Option 3 describes a more complex attack that includes Karma attacks and deauthentication - while these techniques can be part of an evil twin setup, the scenario doesn't specifically mention these more advanced techniques being employed. Option 4 describes a passive attack, but the scenario clearly indicates an active attack where employees are actually connecting to and using the rogue network to access sensitive resources, not just collection of encrypted traffic.

Correct Answer: Deauthentication attack

The correct answer is "Deauthentication attack". In a deauthentication attack, an attacker sends specially crafted deauthentication frames to wireless clients, forcing them to disconnect from their access point. This is exactly what's described in the scenario - "numerous deauthentication frames being sent to client devices connected to the target network's access point." Deauthentication attacks are common in wireless security assessments and can be used for various purposes, including forcing clients to reconnect (to capture handshakes), as part of an evil twin attack, or to cause a denial of service. The other options are incorrect: - A WPS PIN brute force attack would involve authentication attempts to crack the WPS PIN, not sending deauthentication frames to clients. - A beacon flood attack involves sending many fake beacon frames to make rogue access points appear in scanning tools, not deauthenticating connected clients. - A PMKID attack targets the RSN Information Element in beacon frames to obtain the PMKID hash for offline cracking. It doesn't involve sending deauthentication frames to connected clients.

Correct Answer: MAC spoofing to mimic an authorized device

MAC filtering is a security mechanism where an access point only allows devices with specific MAC addresses to connect to the network. The most effective technique to bypass this is MAC spoofing, which involves changing your device's MAC address to match that of an authorized device on the network. MAC spoofing is specifically designed to circumvent MAC filtering by making your device appear to be an authorized device. Tools like macchanger in Linux can be used to accomplish this after sniffing the network to discover valid MAC addresses. The other options are not effective for bypassing MAC filtering: Performing a deauthentication attack would disconnect clients but wouldn't help bypass the MAC filter when attempting to reconnect. Channel jamming would disrupt the network operations but wouldn't allow you to connect through the MAC filter. Setting up a rogue access point might capture credentials, but it doesn't address the issue of bypassing the MAC filtering on the target access point.