Wireless Reconnaissance in Penetration Testing


  • Matthew Neely, Matthew Neely (CISSP, CTGA, GCIH, GCWN) is the Profiling Team Manager at SecureState, a Cleveland, Ohio-based security consulting company.
  • Alex Hamerstone, Alex Hamerstone, CTGA – Security Consultant, Risk Management.
  • Chris Sanyk

In many penetration tests, there is a lot of useful information to be gathered from the radios used by organizations. These radios can include two-way radios used by guards, wireless headsets, cordless phones and wireless cameras. Wireless Reconnaissance in Penetration Testing describes the many ways that a penetration tester can gather and apply the information available from radio traffic. Stopping attacks means thinking like an attacker, and understanding all the ways that attackers gather information, or in industry terms profile, specific targets. With information from what equipment to use and how to find frequency information, to tips for reducing radio information leakage, to actual case studies describing how this information can be used to attack computer systems, this book is the go-to resource for penetration testing and radio profiling.
View full description


Information Security Professionals, Penetration Testers, Risk Analysts, Security Operations, Wireless Network Engineers


Book information

  • Published: October 2012
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-731-2


"Despite the increasingly number of wireless devices, these security and information technology professionals contend that physical penetration tests for defending computer systems and companies neglect wireless traffic outside of Bluetooth and 802.11 devices and thus, often miss testing other wireless devices such as guard radios, wireless headsets, and cordless phones."--Reference and Research Book News, August 2013

Table of Contents

Chapter 1: Why Radio Profiling?
Chapter 2: Basic Radio Theory and Introduction to Radio Systems
Chapter 3: Targets (Wireless Headsets, Guard Radios, Wireless Cameras, etc.)
Chapter 4: Offsite Profiling
Chapter 5: Offsite Profiling Case Study
Chapter 6: Onsite Profiling
Chapter 7: Onsite Profiling Case Study
Chapter 8: How to Use the Information You Gather
Chapter 9: Basic Overview of Equipment and How It Works
Chapter 10: Case Study to Pull It All Together
Chapter 11: New Technology and the Future of Radios in Penetration Testing