0xCD: Wireless Attack Techniques - SensePost Training - DCTLV2026
Name of Training: 0xCD: Wireless Attack Techniques
Trainer(s): SensePost Training
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm
Venue: Las Vegas Convention Center
Cost: $2,750 (USD)
Short Summary:
Designed, developed and delivered by the team behind some of the most commonly used Wi-Fi hacking tools such as hostapd-mana, berate_ap and wpa_sycophant. This intermediate course aims to expose students to more modern Wi-Fi hacking methodologies used by active red teamers on their day-to-day journey with clients and assessments.
Forgoing the more basic Wi-Fi concepts, this course aims to expose students to offensive techniques where corporate Wi-Fi networks (EAP-PEAP/EAP-TLS) and more modern network configurations (i.e., 6GHz/7GHz, WPA3 and OWE) can be targeted.
Course Description:
Many online sources nowadays cover Wi-Fi fundamentals and traditional WPA2-based wireless attacks. If your interest is to hone your skills on corporate Wi-Fi configurations (EAP-PEAP/EAP-TLS) and more modern technologies (e.g., 6GHz/7GHz, WPA3 and OWE), this is the course for you.
Key Points:
- How to approach different modern Wi-Fi network configurations and exploit them
- New approaches and tooling in the Wi-Fi hacking field
- Practical exploration and testing done against simulated Wi-Fi configurations.
If you want to really understand what is going on and master the attacks against corporate or more modern Wi-Fi configuration in such a way that you can vary them when you encounter real world complexities, this course will teach you what you need to know.
Details:
- 2-day course
- 60% practical and 40% theoretical
- Practical-led learning, mimicking true to life Wi-Fi configurations in a virtual environment
- Delivered by active red teamers
- Complementary extended lab access
Topics covered:
- Wi-Fi fundamentals and concepts
- Hardware, antenna selection and chipsets
- Monitor mode
- Different Wi-Fi configurations
- WPA2 PSK and PMKID - Refresher
- EAP Foundations
- EAP-PEAP / EAP-TLS
- Tunnelled EAP Relays (WPA Sycophant)
- WPA3 PSK
- OWE
- Different frequency bands and Wi-Fi specifications
- 2.4 / 5 / 6GHz
- Wi-Fi 5 / 6 / 7
This course is highly practical, with concepts taught through theory delivered while your hands are on the keyboard, and semi-self-directed practicals at the end of each section to reinforce the learning. The course is hosted in a “Wi-Fi in the cloud” environment we invented several years ago, which means no more fiddling with faulty hardware or turning the classroom into a microwave. While mimicking real-world configurations, it allows an isolated environment where mistakes can be made and learnings become rampant. Designed, developed and delivered by the team behind some of the most commonly used Wi-Fi hacking tools such as hostapd-mana, berate_ap and wpa_sycophant.This course aims to expose you to the Wi-Fi hacking methodologies used by active red teamers when targeting current corporate and more modern Wi-Fi configurations.
By the end of the course, you will have a thorough understanding modern corporate Wi-Fi network, the various Wi-Fi configurations (including some relevant and real-world war stories), how red teamers approach and attack them and how to replicate these yourself. In particular, you will be using and become familiar with the exact tools that real-world attackers use.
Enjoy complementary extended access to our lab environment after completion of the course to revisit and practice the skills you acquired during training.
Join us and hack hard!
Course Outline:
This course is made up of 7 Modules and 20 Sub-modules, with a total of 17 hands-on practical scenarios
Learning Objectives
- A refresher of existing Wi-Fi knowledge, including hardware complexity, requirements and chipsets used.
- Exploring and gaining an understanding of the frequencies wherein Wi-Fi networks operate – including 2.4 / 5 / 6Ghz and common WPA2 based attacks.
- Grokking EAP & EAP-based vulnerabilities relating to certificate validation, tunnelled mode key derivation and how to practically attack them with downgrades, relays and manipulating state.
- Attacking WPA3, OWE and other modern configurations – including Wi-Fi 5 / 6 / 7.
Module 1 – Introduction (Setting the Stage)
Module 2 - WPA/2 PSK and OWE (Refresher)
Module 3 - EAP
Module 4 - EAP-TLS
Module 5 - Tunnelled EAP Relays
Module 6 – Modern Wi-Fi Configurations
Practicals are dispersed throughout the course.
The lab environment holds several other Wi-Fi configurations, which students may also explore at their own leisure while the course is on-going. Beneficial for the super elite among us!
Difficulty Level:
Intermediate to Advanced
Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.
Advanced Definition - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.
Suggested Prerequisites:
You should have a good foundational understanding/familiarity with the Linux command line. Prior Wi-Fi hacking experience is vital, as the course does not aim to teach basics but transition beyond them. The practicals are designed so that more experienced students can progress further and students new to more advanced topics can complete the base requirements.
You only need your laptop with a general browser. We do Wi-Fi hacking in the cloud!
What Students Should Bring:
To fully engage in our courses, students need a computer with a web browser they are comfortable using. All practical exercises are hosted in the cloud, and our class portal delivers course content. This minimal requirement ensures a seamless and effective learning experience.
What the Trainer Will Provide:
Participants in our training courses will get access to a comprehensive set of resources through our user-friendly web class portal, offering educational materials like slides, practical exercises, walkthroughs, tools, and detailed course notes. The portal remains accessible beyond training sessions, allowing learners to revisit content at their own pace. Additionally, each student receives an individualized lab environment, designed for hands-on practical exercises, enhancing their practical skills and proficiency in the subject matter during the training course.
Trainer(s) Bio:
SensePost, an elite ethical hacking team of Orange Cyberdefense have been training at BlackHat since 2002. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. The trainers you will meet are working penetration testers, responsible for numerous tools, talks and 0day releases. This provides you with real experiences from the field along with actual practitioners who will be able to support you in a wide range of real-world security discussions. We have years of experience building environments and labs tailored for learning, after all education is at the core of SensePost and Orange Cyberdefense.
Registration Terms and Conditions:
Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.
Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.
All trainings are non-refundable after August 5, 2026.
Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.
DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]