Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

Qualified Wireless Analysis & Defender Bootcamp Q/WAD®

GOT YOUR CWNA™ & CWSP™? Now.. Get Qualified!

Harness the Power of WLAN Analysis & Penetration Testing, Assessment, Hacking & Defending.

Analyzing and Pen Testing Wireless Networks
5 days of hands-on intense wireless tools for scanning, securing and assessing enterprise-class wireless LANs. Case studies, demos and labs address in detail, 802.11 frame structure and exchange processes, wireless LAN performance, wireless assessments, security analysis, wireless LAN troubleshooting and new exclusive EKAHAU TRAINING and CERTIFICATION.

Wi-SpyAre your WIFI tools deaf and ignorant to 2.4 GHz? Class includes one Wi-Spy per attendee! Wi Spy visualizes your 2.4 GHz devices (microwave ovens, cordless phones, security cameras, Wi-Fi, Zigbee, etc) optimize wireless networks & troubleshoots your entire wireless landscape!

YelloweJacketHacking & Defending Wireless Networks
2-days of hacking wireless in detail, how to break 802.11 its vulnerabilities & how to fix.

Bottom line: You'll leave knowing how to Pen Test, assess and defend your network from wireless hacking and how to locate unauthorized wireless access points before the hacker takes over your wireless network .

Class Fee: $3,490 5 days
Time: 8:00am - 6pm
Location: Click here to view the class schedule
Learning Level: CWNA™ and CWSP™ preferred
CPE Credits: 40
Prerequisites: Understanding of TCP/IP protocols

Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical

Qualified Wireless Analysis Defender Q/WAD®

Students who complete the class will acquire the necessary skills for pen testing, analyzing and troubleshooting any wireless LAN implementation. You will gain extensive hands-on training installing, configuring, and utilizing five market-leading analysis products: and can take the QWAD exam.

Air Defense

Take the Guesswork Out of Wireless LAN Design & Management


Download a 15-Day Trial Version
of AirDefense Architect

Airtight Networks
Find Rogues Quickly - Precise Location Tracking

SpectraGuard Enterprise shuts down unauthorized Wi-Fi

Precisely locate any access point or client

  • Display rogue devices for quick removal
  • Unique probability graph shows location
  • Optional integration with SpectraGuard Planner

Ekahau Site Survey Training and Certification

easy planning, quick site surveys, state-of-the-art visual representation, and advanced analysis, optimization, and reporting features.

T301 Ekahau Wi-Fi Location Tag
Leveraging the award-winning Ekahau Positioning Engine (EPE) software platform.
More information

Ekahau Positioning Engine
Combining the latest 802.11 wireless networking technology with location info...
More information

Ekahau Site Survey
One of the distinctive strengths of the Ekahau Site Survey 2.2 (ESS) is its p...
More information

AirTight Networks' SpectraGuard Enterprise has key elements of an effective wireless intrusion prevention system (WIPS):

  • detecting and correctly classifying wireless threats – to catch all threats, while minimizing false alarms
  • preventing (multiple, simultaneous) wireless threats – while continuing to scan for new ones
  • accurately locating the wireless threats on a floor map – so they can be removed.

Most Robust Wireless Threat Prevention

  • Full visibility of both the air space and the wired network
  • Unique Network Detector mode lowers costs
  • Proper identification of External APs

QWAD® Wireless Analysis, Hacking and Defending Topics:
•  Weakness and vulnerabilities of open wireless networks
•  Packet analysis & locating wireless rogue access points- AirMagnet demo
•  Available counter measures and solutions to stop the wireless leaks with Airtight IPS.
•  How to break and fix your wireless LAN to keep out hackers
•  Demos incl: wireless jamming & data flooding, spoofing, scanning and more
•  Latest wireless exploit goals and methodologies
•  How to complete a report including all security violations detected
•  Review existing security policies / access point configuration  
•  Detect and identify the wireless network including channels and ESSID
•  Determine if WEP is enabled on all remotely accessible access points
•  Inspect the IV for weak key generation.
•  Inspection of the beacon broadcast frame and record the information it broadcasts
•  Monitor for rogue access points from outside or inside the building
•  Monitor network perimeter for signal leakage into unwanted areas
•  Collect IP or MAC addresses of access points and clients
•  Understanding the mind set needed to perform penetration testing on wireless networks
•  Advanced information-gathering techniques for wireless networks
•  Expert wireless discovery tools and techniques
•  Identifying & exploiting wireless weaknesses with live tools
•  Advanced enumeration of wireless devices, platforms and protocols
•  Cracking contemporary wireless authentication and authorization
•  Exploiting complex protocols, such as SSH, SSL, and IPSEC
•  Using payload generators
•  Advanced wireless testing tools and techniques
•  Penetration testing of "Wetware"
•  Penetration testing and the law

airpatrol corporation
Bottom line: You'll leave knowing how to defend your network from wireless hacking and how to locate unauthorized wireless access points before the hacker takes over your wireless network .

Air Defense
Colubris Networks
Cisco Systems

Symbol Technologies
Funk Software
Zoom Telephonics

Tipping Point
AirPatrol Corp


Class Outline

DAY ONE: Introduction
course overview
professional security testing
not tools, tools, tools
wired versus wireless
creating a security posture
defining a methodology
SU Seven Steps of a Methodology
Step 1: Organize and plan
Step 2: Non-intrusive target search
Step 3: Intrusive target search
Remote target assessment
Local target assessment
Data analysis
Relationship of pen testing to the methodology
Nine steps of pen testing
LAB One – intelligence gathering
assessing wireless architectures
6 dumbest ways to secure a wireless LAN
LAB Two protocol analysis
LAB and field trip – applied skills in practice
wireless site survey and assessment

Exam Review – 2 hours
Step 1 - Organize the project
Step 2 – Non-intrusive target search
LAB Three – Non-intrusive target search
Step 3 – Intrusive target search
LAB Four.One – Scanning wireless devices

EXAM Review – 1 hour
Step 4 – Remote target assessment
LAB Five.One – Wireless and wired banner grabbing
LAB Five.Two – Enumeration techniques
LAB Five.Three – Team building
LAB – Applied skills in practice
Wireless security the Yellowjacket way

Exam review – 1 hour
LAB Six.One
Core demo
LAB Six.Two
System and network hacking
Lab Six.Three
Web Application hacking
Step 5 – local target assessment
LAB Seven – applied skills in practice
Wireless IPS

Denial of Service
LAB Eight – DoS with Deauth packets
LAB Nine – rogue AP detection and defense
LAB Ten – Enterprise wireless
Next steps and roadmap from here.

Exam starts 2 PM.

*Class fees are subject to change