Attack Readiness

An attacker does not need to enter
to reach your network.

On-site security testing of your WiFi infrastructure. Encryption, authentication, segmentation, and rogue access points all tested from the attacker's position.

Request a pentest 24/7 Incident Hotline

What is a wireless pentest?

You know you have WiFi networks in your office. You have guest networks and corporate networks that should be separated. You get a complete picture of your wireless security: every network in range, every authentication weakness, and every segmentation gap. A wireless pentest is performed on-site and tests all networks visible from outside your building, not only the ones you expect to find.

About this service

Wireless Pentest: your network beyond the walls

Wireless networks extend your attack surface physically beyond the walls of your office. An attacker does not need to enter to reach your network. A wireless pentest examines the security of your WiFi infrastructure, from encryption and authentication to segmentation and rogue access points.

The team performs the test on-site with specialised hardware and software. All wireless networks in the environment are inventoried, including networks that should not be there. Each network is then tested for encryption strength, authentication mechanisms, segmentation from the corporate network, and configuration vulnerabilities.

A common risk is insufficient segmentation: the guest network that provides access to internal resources, or the IoT network on the same VLAN as workstations. The wireless pentest exposes these risks and demonstrates what an attacker can achieve via your wireless networks.

Why this matters

Three wireless risks that extend beyond your perimeter

  • Guest networks often reach internal resources

    A guest WiFi that is not properly segmented gives anyone in the car park access to internal file servers, printers, or management interfaces. This is a common finding in organisations of all sizes.

  • Weak WPA2-PSK passwords are cracked in hours

    Corporate WiFi networks using pre-shared keys with weak or common passwords can be compromised with widely available tools and wordlists, giving attackers full network access.

  • Rogue access points are planted without detection

    A small access point connected to your wired network and broadcasting a corporate-looking SSID can capture credentials and provide persistent wireless access. Most organisations have no detection capability for this.

What gets tested

Scope of the wireless pentest

WiFi networks (WPA2-Enterprise, WPA2-PSK, WPA3, open networks)
Rogue access point detection
Evil twin attacks
Authentication (802.1X, RADIUS configuration)
Network segmentation from wireless perspective
Client isolation
Captive portal security (guest networks)
Bluetooth and other RF protocols (optional)
Methodology

How DEFION conducts a wireless pentest

01

Scoping

Locations, network names, expected SSIDs, and network segmentation overview.

02

Reconnaissance

Inventory of all wireless networks in the environment using specialised hardware.

03

Authentication and encryption tests

Assessment of WPA2/WPA3 configuration, 802.1X implementation, and PSK strength.

04

Attack simulation

Evil twin attacks, deauthentication, rogue AP detection, and credential capture attempts.

05

Segmentation test

Verifying whether wireless networks are correctly separated from the corporate network.

06

Reporting

Report with findings, network diagram, and remediation steps including configuration advice.

What you receive

Deliverables

  • Executive summary
  • Wireless network overview with all detected networks
  • Technical report with findings and exploitation evidence
  • Segmentation assessment
  • Remediation steps and configuration advice
  • Report debrief
Target audience

Who is a wireless pentest for?

Any organisation with wireless networks needs to understand whether those networks are secure and properly segmented. The larger and more distributed your wireless environment, the higher the risk.

  • Organisations with multiple office locations
  • Companies with guest networks or BYOD policies
  • Healthcare, hospitality, and education with extensive WiFi
  • Organisations that want to validate their network segmentation
  • Companies preparing NIS2 or ISO 27001 compliance
Frequently asked questions

FAQ

Does the test have to be on-site?
Yes. Wireless tests require physical presence to detect all networks in the environment and test them, including rogue access points and signal strength.
Are guest networks also tested?
Yes. Guest networks are a common risk when segmentation is not correctly configured. The team tests whether guests are actually separated from internal resources.
Do you disrupt the wireless network during the test?
Deauthentication attacks are only performed with explicit consent and preferably outside office hours. Other tests are passive or have minimal impact.
Can this be combined with an internal pentest?
Absolutely. A wireless pentest can serve as an entry point for an internal pentest: if the team reaches the internal network via WiFi, testing continues from there.
How often should a wireless pentest be performed?
At minimum annually and after any significant change to the wireless infrastructure (new location, new access points, configuration change).
Internal Pentest

Learn more →
External Pentest

Learn more →
Cloud Security Assessment

Learn more →

Ready to test your wireless security?

Tell us your locations and wireless infrastructure. We schedule the on-site assessment quickly.

Request a pentest 24/7 Incident Response