Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Solutions for Emerging Risks

Discover tailored resources that translate emerging threats into actionable strategies

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

SEC617: Wireless Penetration Testing and Ethical Hacking

SEC617Offensive Operations
  • 6 Days (Instructor-Led)
  • 36 Hours (Self-Paced)
Course created by:
James Leyte-VidalLarry Pesce
James Leyte-Vidal & Larry Pesce
Register NowCourse Preview
SEC617: Wireless Penetration Testing and Ethical Hacking
Course created by:
James Leyte-VidalLarry Pesce
James Leyte-Vidal & Larry Pesce
Register NowCourse Preview
  • GIAC Assessing and Auditing Wireless Networks (GAWN)

    Learn about certification

  • 36 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • 20 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

Learn to evaluate, assess, and exploit vulnerabilities across Wi-Fi, Bluetooth, RFID, and emerging wireless technologies, empowering practitioners to defend against sophisticated wireless attacks.

Featured Quote

SEC617 will not only give you a basic understanding of wireless threats and vulnerabilities, but it can be as advanced as you want to make it with the questions that you ask.
Daniel MayernikIntegrity Applications Incorporated

Course Overview

Modern organizations often underestimate wireless security, leaving critical infrastructure vulnerable to sophisticated attacks. SEC617 addresses this critical gap by providing security professionals with comprehensive skills to identify, evaluate, and defend against wireless technology threats. From Wi-Fi networks to Bluetooth devices, RFID systems, and software-defined radio, this WiFi hacking course delivers hands-on training that expands your wireless security expertise across multiple technologies and protocols.

What You’ll Learn

  • Detect and neutralize rogue wireless access points
  • Penetrate low-power wireless device vulnerabilities
  • Exploit Bluetooth network authentication gaps
  • Execute advanced WPA2 Enterprise penetration tests
  • Develop custom wireless attack tools efficiently

Business Takeaways

  • Reduce wireless attack surface by identifying overlooked vulnerabilities across technologies
  • Strengthen security posture in critical environments like offices, factories, and data centers
  • Validate and certify devices to support secure procurement and deployment decisions
  • Enhance detection and response for rogue devices and wireless-based intrusions
  • Bridge IT, OT, and physical security through unified wireless threat assessments
  • Support compliance and governance with evidence-based wireless security practices
  • Equip teams with hands-on tools for real-world wireless penetration testing and defense

Meet Your Authors

  • Slide 1 of 2
    James Leyte-Vidal
    James Leyte-Vidal

    James Leyte-Vidal

    Principal Instructor

    James Leyte-Vidal, GSE #209, has shaped offensive cybersecurity through decades of frontline innovation, authoring Ethical Password Cracking and leading Fortune 100 InfoSec teams to elevate global cyber defense.

    Read more about James Leyte-Vidal
  • Slide 2 of 2
    Larry Pesce
    Larry Pesce

    Larry Pesce

    Senior Instructor

    Larry has revolutionized embedded device security with decades of hands-on offensive research, co-authoring SANS's flagship wireless and IoT penetration testing courses, and pioneering SBOM exploitation techniques for supply chain defense strategies.

    Read more about Larry Pesce
Slide 1 of 0

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC617: Wireless Penetration Testing and Ethical Hacking.

Section 1Wi-Fi Data Collection and Analysis

Explore wireless threat landscapes and fundamental analysis techniques. Learn to identify rogue devices, understand protocol weaknesses, and develop remote penetration testing skills using compromised Windows and macOS systems.

Topics covered

  • Wireless threat characterization
  • Wi-Fi protocol layer analysis
  • Packet capture techniques
  • Rogue access point detection
  • Radio frequency exposure mapping

Labs

  • 802.11 Packet Analysis
  • Monitor Mode and Kismet
  • Identifying Rogue APs

Section 2Wi-Fi Attack and Exploitation Techniques

Develop advanced skills to exploit Wi-Fi vulnerabilities across consumer and enterprise networks. Focus on protocol-level deficiencies and practical attack methodologies.

Topics covered

  • Hotspot network exploitation
  • Client-side Wi-Fi attacks
  • WEP technology vulnerabilities
  • Denial of Service strategies
  • Wi-Fi protocol fuzzing techniques

Labs

  • Client Attacks
  • Wi-Fi DoS attacks
  • Wi-Fi Fuzzing
  • Attacking WEP Networks

Section 3Enterprise Wi-Fi Attacks

Dive deep into WPA2 and WPA3 network assessments, exploring authentication and security modes. Investigate nearest neighbor attacks and operation within constrained environments.

Topics covered

  • WPA2 network penetration
  • Enterprise authentication bypass
  • WPA3 security analysis
  • Nearest Neighbor attacks

Labs

  • Attacking WPA2 Pre-Shared Key Networks
  • Attacking WPA2 Enterprise Networks
  • Attacking WPA3 Networks
  • Command Line Wi-Fi Analysis with Tshark

Section 4Bluetooth and Software Defined Radio Attacks

Examine Bluetooth technologies across classic, enhanced data rate, and low energy protocols. Learn Software Defined Radio techniques for identifying and assessing proprietary wireless systems.

Topics covered

  • Bluetooth pairing vulnerabilities
  • BLE device service exploitation
  • Software-defined radio techniques
  • RF spectrum analysis
  • Wireless signal decoding

Labs

  • Attacking Bluetooth Classic
  • Attacking Bluetooth Low Energy
  • Practical Application of SDR

Section 5Privacy, RFID, Smart Cards, and NFC Hacking

Evaluate RFID technologies, privacy risks, and security vulnerabilities in contactless systems. Develop skills to analyze and exploit smart card and NFC technologies.

Topics covered

  • RFID system components
  • Tracking and privacy attacks
  • Low-frequency RFID exploitation
  • Smart card reconnaissance
  • NFC protocol analysis

Labs

  • Privacy: Spoofing and Detection of Apple AirTags
  • Low-Frequency RFID Tag Decoding and Analysis
  • High-Frequency RFID Tag Attack and Analysis

Section 6Capture the Flag Event

On the last day of class we will pull together all the concepts and technology we have covered during the week in a comprehensive Capture the Flag event. In this hands-on exercise, you will have the option to participate in multiple roles:, attacking recorded Wi-Fi networks, decoding proprietary wireless signals, exploiting smart card deficiencies, and more.

Things You Need To Know

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us

GIAC Certification Attempt

Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.

OnDemand Course Access

When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.

Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by James Leyte-Vidal
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
    Self-Paced
  • Location & instructor

    Melbourne, VIC, AU & Virtual (live)

    Instructed by Larry Pesce
    Date & Time
    Fetching schedule..View event details
    Course price
    A$13,350 AUD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Las Vegas, NV, US & Virtual (live)

    Instructed by Monta Elkins
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    London, GB & Virtual (live)

    Instructed by Monta Elkins
    Date & Time
    Fetching schedule..View event details
    Course price
    £7,160 GBP*Prices exclude applicable taxes | EUR price available during checkout
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Orlando, FL, US & Virtual (live)

    Instructed by Larry Pesce
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Washington, DC, US & Virtual (live)

    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
Showing 6 of 6

Learn Alongside Leading Cybersecurity Professionals From Around The World

  • Slide 1 of 3
    The detailed cryptographic explanations in SEC617 made it easier to understand how various encryption algorithms work-which for me is a first!
    Jonathan WilhoitFluor
  • Slide 2 of 3
    SEC617 is great for someone looking for a top-to-bottom rundown of wireless attacks.
    Garret PicchioniSalesforce
  • Slide 3 of 3
    If you're thinking about wireless, take SEC617. If you're not, take SEC617.
    Greg NotchNHL
Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources