Wireless Reconnaissance in Penetration Testing

1st Edition

Authors: Matthew Neely Alex Hamerstone Chris Sanyk
Print ISBN: 9781597497312
eBook ISBN: 9781597497329
Imprint: Syngress
Published Date: 29th October 2012
Page Count: 226
38.95 + applicable tax
30.99 + applicable tax
49.95 + applicable tax
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


In many penetration tests, there is a lot of useful information to be gathered from the radios used by organizations. These radios can include two-way radios used by guards, wireless headsets, cordless phones and wireless cameras. Wireless Reconnaissance in Penetration Testing describes the many ways that a penetration tester can gather and apply the information available from radio traffic. Stopping attacks means thinking like an attacker, and understanding all the ways that attackers gather information, or in industry terms profile, specific targets. With information from what equipment to use and how to find frequency information, to tips for reducing radio information leakage, to actual case studies describing how this information can be used to attack computer systems, this book is the go-to resource for penetration testing and radio profiling.

Key Features

  • Author Matthew Neely is a respected and well-known expert and speaker on radio reconnaissance and penetration testing
  • Includes real-world case studies of actual penetration tests using radio profiling
  • Covers data leakage, frequency, attacks, and information gathering


Information Security Professionals, Penetration Testers, Risk Analysts, Security Operations, Wireless Network Engineers

Table of Contents


Author Biography


Chapter 1. Why Radio Profiling?

Guard Radios, Wireless Headsets, Cordless Phones, Wireless Cameras, Building Control Systems

Case Study

Chapter 2. Basic Radio Theory and Introduction to Radio Systems

The Electromagnetic Spectrum

Regulatory Agencies

Applying the Science: Radio Technology Basics



Radio Systems


Further Learning

Chapter 3. Targets

Two-Way Radios Used for Verbal Communication

Devices that Use Radio Frequencies

Chapter 4. Offsite Profiling

What is Offsite Profiling?

Case Study: Offsite Profiling

Chapter 5. Onsite Radio Profiling

Initial Onsite Reconnaissance

The Guard Force

Using a Frequency Counter

Visual Recon

Search Common Frequency Ranges

Common Ranges

Scanner Tips

Finding Trunked Systems

Case Study: Onsite Profiling

Chapter 6. How to Use the Information You Gather

Who is Guarding the Guards?

Monitoring Phone Calls

Wireless Cameras

Chapter 7. Basic Overview of Equipment and How it Works

Common Scanner Controls and Features

Selecting a Scanner

Scanners Recommended for Wireless Reconnaissance

Building You Kit: Helpful Accessories

Chapter 8. The House Doesn’t Always Win: A Wireless Reconnaissance Case Study


Office Work

Out in the Field

Glitz and Glamour

Learning the Local Lingo

Time to Gamble


Chapter 9. New Technology

Everything is Going Digital

Software-Defined Radios (SDRs)

Network-Enabled Dispatch Systems

Conclusions and Looking Forward




No. of pages:
© Syngress 2013
eBook ISBN:
Paperback ISBN:

About the Author

Matthew Neely

Matthew Neely (CISSP, CTGA, GCIH, GCWN) is the Profiling Team Manager at SecureState, a Cleveland, Ohio-based security consulting company.

Affiliations and Expertise

Matthew Neely (CISSP, CTGA, GCIH, GCWN) is the Profiling Team Manager at SecureState, a Cleveland, Ohio-based security consulting company.

Alex Hamerstone

Alex Hamerstone, CTGA – Security Consultant, Risk Management.

Affiliations and Expertise

Alex Hamerstone, CTGA – Security Consultant, Risk Management.

Chris Sanyk

Chris Sanyk is a journeyman IT professional with over twelve years of experience with everything from desktop publishing and web design, to user support, to system administration, to software development. In his spare time, he blogs and develops video games at his website, csanyk.com.


"Despite the increasingly number of wireless devices, these security and information technology professionals contend that physical penetration tests for defending computer systems and companies neglect wireless traffic outside of Bluetooth and 802.11 devices and thus, often miss testing other wireless devices such as guard radios, wireless headsets, and cordless phones."--Reference and Research Book News, August 2013