Gain Visibility Over Your Wireless Threats

Cybra offers a full suite of wireless penetration testing services in Australia.

What is a wireless pentest?

An wireless penetration test is the ethical hacking of an organisation’s wireless networks.

The test emulates a local attacker in range of your wireless network signal and utilises current attack techniques and methods.

Wireless pentest pricing

Wireless penetration tests are typically lower cost than other penetration tests due to the limited attack surface and generally small number of wireless networks a typical organisation has configured.

Cybra scopes the engagement based on the number of SSIDs and features (i.e., guest isolation).

Dangers of wireless pentests

All penetration testing has a chance of adversely affecting systems, but this is very rare. All systems and networks should have adequate bandwidth and system resources before commencing.

Benefits of wireless pentests

The assessment identifies security flaws and vulnerabilities in wireless systems so that the customer can fix them before a malicious actor takes advantage of them.

As wireless networks have limited physical protections (signal strength), it is important that they are configured with robust security to prevent attackers from gaining a foothold in your corporate networks.

What systems can be tested?

All wireless networks can be penetration tested, including 2.4Ghz, 5Ghz, WPA1, WPA2, WPA2-Enterprise, and WPA3. 

Testing can also be conducted over isolated guest networks where we test the segmentation between secure and unsecure networks.

Out of scope

Denial of Service (DoS) is strictly out of scope for wireless penetration testing unless the customer requires it.


Wireless penetration testing is conducted by experienced security consultants using specialised software and tools onsite at your office location, simulating a malicious attacker who is in range of your wireless signal.

Most wireless penetration tests are conducted with specialised hardware and antennas so that all of the known attacks can be fully tested.

Types of external attacks

Wireless penetration tests cover a range of cyber attacks such as:

  1. Weak encryption / passphrases
  2. Authentication attacks
  3. Man-in-the-Middle attacks
  4. Evil Twin/KARMA attacks
  5. WEP,WPA,WPS,PKMID attacks
  6. Rogue access points
  7. Weak guest isolation
  8. Weak physical security
  9. Information leaks

Authenticated testing

Most wireless tests are conducted without test credentials (unauthenticated).

If required by the customer, we can do guest isolation testing using provided wireless credentials, emulating a guest who has connected to your network. This ensures they can not pivot into your secure corporate network.


Various open-source and commercial software and scripts are deployed during a wireless penetration test.

Some examples are Wi-Fi attack tools, Man-in-the-Middle tools, vulnerability scanners, port scanners, brute force tools, exploitation frameworks, and protocol analyzers.


Many modern wireless solutions offer active protection against a variety of wireless attacks, such as Wireless Intrusion Prevention (WIPs) to prevent wireless clients from masquerading as your legitimate SSID.

Cybra’s penetration test will test the effectiveness of these controls and may require you to temporarily disable some controls so we can accurately determine the associated risks.

Detection / Monitoring

While not required, it is recommended to have some level of system and security monitoring in place during a penetration test as this allows the customer to observe how their systems react to a simulated hack, providing valuable insights for the security team.

What is a pentest report?

After a penetration test, the observations, findings, results and recommendations are presented in a professional report hand-written by our experienced consultants.

Who is the report for?

The penetration test report is formulated in a way that it can be read by executives/board, managers and technical staff.

Compliance objectives

Penetration test reports can be used as supporting evidence for relevant compliance frameworks.

What’s in the report?

The penetration test report includes an executive summary, technical summary, technical findings, vulnerability details and recommendations on how to remediate all identified issues.

What format is the report in?

The penetration test report is securely delivered to you in PDF format.

The report is professionally laid out so its easy for customer to navigate through the report.

Retest reports

Cybra offers an optional service to retest any vulnerabilities identified after you have a chance to fix the issues. This is known as a retest and an updated report is provided to you showing all remediated and non-remediated issues.

More Penetration Testing Resources

Penetration Testing Australia
Learn the obvious and not so obvious benefits of modern Penetration Testing.
Penetration Test Australia | Sydney | Melbourne | Brisbane
A Complete Penetration Testing Guide for Businesses in Australia.

Book a free Cyber Security consultation today