Reference
WiFi Security Glossary
Terms covering networking fundamentals, 802.11 protocols, attack techniques, and defensive tools. Written in plain English with cross-links to related terms.
Evil Twin
A rogue WiFi access point that masquerades as a legitimate network, tricking users into connecting. Attackers clone the real AP's SSID and BSSID to intercept traffic.
WPA2
WiFi Protected Access 2 — the dominant security protocol for wireless networks since 2004. Uses AES encryption and is vulnerable to KRACK attacks when key reinstallation occurs.
WPA3
WiFi Protected Access 3 — the latest WiFi security standard, replacing WPA2. Introduces Simultaneous Authentication of Equals (SAE) for password-based authentication.
KRACK
Key Reinstallation Attack — a 2017 attack exploiting weaknesses in the WPA2 handshake. Forces victims to reinstall a zeroed encryption key, enabling packet decryption.
Deauthentication Attack
A type of WiFi denial-of-service attack that sends disassociate/deauth frames to disconnect users from a network.
Rogue Access Point
An unauthorized wireless access point installed on a network without administrator approval. Used for man-in-the-middle attacks.
DNS Hijacking
The manipulation of DNS resolution to redirect users to malicious websites through compromised routers or rogue DNS servers.
ARP Spoofing
Address Resolution Protocol spoofing — sending falsified ARP messages to link the attacker's MAC address with a legitimate network device IP.
Man-in-the-Middle
An attack where the attacker secretly relays and possibly alters communication between two parties who believe they are directly communicating.
SSL Stripping
A technique that downgrades HTTPS connections to HTTP by intercepting the TLS handshake, allowing attackers to view traffic in plaintext.
Session Hijacking
Taking over a valid network session by stealing or predicting the session token, allowing unauthorized access.
WPS
WiFi Protected Setup — a convenience feature allowing easy connection via an 8-digit PIN. Vulnerable to Pixie Dust and brute-force attacks.
BSSID
Basic Service Set Identifier — the unique MAC address of a wireless access point (e.g., 00:1A:2B:3C:4D:5E).
SSID
Service Set Identifier — the name of a WiFi network, up to 32 characters. Networks can broadcast or hide their SSID.
802.11
IEEE standard for wireless LAN communication. Versions include 802.11n (WiFi 4), 802.11ac (WiFi 5), and 802.11ax (WiFi 6).
Handshake
In WPA/WPA2, the four-way handshake exchanged between a client and AP to establish cryptographic keys.
PMKID
Pairwise Master Key Identifier — a field in RSN frames. Can be captured and used to crack WPA2 passwords offline.
Aircrack-ng
A comprehensive WiFi security auditing toolkit including airmon-ng for monitor mode and aircrack-ng for password cracking.
Reaver
An open-source tool for brute-force attacks against WPS PINs, including the Pixie Dust attack.
Kismet
A wireless network detector, sniffer, and intrusion detection system that detects hidden (non-broadcasting) networks.
Wireshark
A network protocol analyzer for capturing and displaying packet data. Essential for WiFi traffic analysis and attack investigation.
MAC Address Filtering
A security mechanism allowing only devices with specific MAC addresses to connect. Easily bypassed by spoofing.
EAP
Extensible Authentication Protocol — a framework for authentication used in wireless networks. Methods include PEAP, EAP-TLS, and EAP-TTLS.
RADIUS
Remote Authentication Dial-In User Service — a central authentication server used by enterprise WPA2-Enterprise networks.
Captive Portal
A web page requiring user authentication or terms acceptance before granting network access. Common in hotels and airports.
Wardriving
Driving around with a WiFi scanner to locate and map wireless networks, often GPS-tagged for building AP location maps.
AES-CCMP
Advanced Encryption Standard Counter Mode CBC-MAC Protocol — the encryption protocol used by WPA2 for securing WiFi frames.
Dragonblood
Vulnerabilities in WPA3's Simultaneous Authentication of Equals (SAE) handshake, enabling offline dictionary attacks.
Probe Request
A WiFi frame sent by a client searching for known networks. Can be used for tracking and fingerprinting devices.
Frequency Bands
WiFi operates on 2.4GHz (longer range, more interference) and 5GHz/6GHz (shorter range, faster speeds, less congestion).
Ready to Study the Attacks?
Each attack in the catalog links directly to the relevant glossary terms. Start with Evil Twin.