You are previewing Wireless Reconnaissance in Penetration Testing.
O'Reilly logo
Wireless Reconnaissance in Penetration Testing

Book Description

In many penetration tests, there is a lot of useful information to be gathered from the radios used by organizations. These radios can include two-way radios used by guards, wireless headsets, cordless phones and wireless cameras. Wireless Reconnaissance in Penetration Testing describes the many ways that a penetration tester can gather and apply the information available from radio traffic. Stopping attacks means thinking like an attacker, and understanding all the ways that attackers gather information, or in industry terms profile, specific targets. With information from what equipment to use and how to find frequency information, to tips for reducing radio information leakage, to actual case studies describing how this information can be used to attack computer systems, this book is the go-to resource for penetration testing and radio profiling.



  • Author Matthew Neely is a respected and well-known expert and speaker on radio reconnaissance and penetration testing
  • Includes real-world case studies of actual penetration tests using radio profiling
  • Covers data leakage, frequency, attacks, and information gathering

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Author Biography
  7. Preface
  8. Chapter 1. Why Radio Profiling?
    1. Guard Radios, Wireless Headsets, Cordless Phones, Wireless Cameras, Building Control Systems
    2. Case Study
  9. Chapter 2. Basic Radio Theory and Introduction to Radio Systems
    1. The Electromagnetic Spectrum
    2. Regulatory Agencies
    3. Applying the Science: Radio Technology Basics
    4. Antennas
    5. Modulation
    6. Radio Systems
    7. Summary
    8. Further Learning
  10. Chapter 3. Targets
    1. Two-Way Radios Used for Verbal Communication
    2. Devices that Use Radio Frequencies
  11. Chapter 4. Offsite Profiling
    1. What is Offsite Profiling?
    2. Case Study: Offsite Profiling
  12. Chapter 5. Onsite Radio Profiling
    1. Initial Onsite Reconnaissance
    2. The Guard Force
    3. Using a Frequency Counter
    4. Visual Recon
    5. Search Common Frequency Ranges
    6. Common Ranges
    7. Scanner Tips
    8. Finding Trunked Systems
    9. Case Study: Onsite Profiling
  13. Chapter 6. How to Use the Information You Gather
    1. Who is Guarding the Guards?
    2. Monitoring Phone Calls
    3. Wireless Cameras
  14. Chapter 7. Basic Overview of Equipment and How it Works
    1. Common Scanner Controls and Features
    2. Selecting a Scanner
    3. Scanners Recommended for Wireless Reconnaissance
    4. Building You Kit: Helpful Accessories
  15. Chapter 8. The House Doesn’t Always Win: A Wireless Reconnaissance Case Study
    1. Introduction
    2. Office Work
    3. Out in the Field
    4. Glitz and Glamour
    5. Learning the Local Lingo
    6. Time to Gamble
    7. Inside
  16. Chapter 9. New Technology
    1. Everything is Going Digital
    2. Software-Defined Radios (SDRs)
    3. Network-Enabled Dispatch Systems
    4. Conclusions and Looking Forward
  17. Glossary
  18. Index