Wireless Reconnaissance in Penetration Testing

Wireless Reconnaissance in Penetration Testing, 1st Edition

Wireless Reconnaissance in Penetration Testing, 1st Edition,Matthew Neely,Alex Hamerstone,Chris Sanyk,ISBN9781597497312

  &      &      





235 X 191

The go-to resource for penetration testing and radio profiling!

Print Book + eBook

USD 59.94
USD 99.90

Buy both together and save 40%

Print Book


In Stock

Estimated Delivery Time
USD 49.95

eBook Overview

VST (VitalSource Bookshelf) format

DRM-free included formats : EPUB, Mobi (for Kindle), PDF

USD 49.95
Add to Cart

Key Features

  • Author Matthew Neely is a respected and well-known expert and speaker on radio reconnaissance and penetration testing
  • Includes real-world case studies of actual penetration tests using radio profiling
  • Covers data leakage, frequency, attacks, and information gathering


In many penetration tests, there is a lot of useful information to be gathered from the radios used by organizations. These radios can include two-way radios used by guards, wireless headsets, cordless phones and wireless cameras. Wireless Reconnaissance in Penetration Testing describes the many ways that a penetration tester can gather and apply the information available from radio traffic. Stopping attacks means thinking like an attacker, and understanding all the ways that attackers gather information, or in industry terms profile, specific targets. With information from what equipment to use and how to find frequency information, to tips for reducing radio information leakage, to actual case studies describing how this information can be used to attack computer systems, this book is the go-to resource for penetration testing and radio profiling.


Information Security Professionals, Penetration Testers, Risk Analysts, Security Operations, Wireless Network Engineers

Matthew Neely

Matthew Neely (CISSP, CTGA, GCIH, GCWN) is the Profiling Team Manager at SecureState, a Cleveland, Ohio-based security consulting company.

Affiliations and Expertise

Matthew Neely (CISSP, CTGA, GCIH, GCWN) is the Profiling Team Manager at SecureState, a Cleveland, Ohio-based security consulting company.

Alex Hamerstone

Alex Hamerstone, CTGA - Security Consultant, Risk Management.

Affiliations and Expertise

Alex Hamerstone, CTGA - Security Consultant, Risk Management.

Chris Sanyk

Chris Sanyk is a journeyman IT professional with over twelve years of experience with everything from desktop publishing and web design, to user support, to system administration, to software development. In his spare time, he blogs and develops video games at his website, csanyk.com.

Wireless Reconnaissance in Penetration Testing, 1st Edition


Author Biography


Chapter 1. Why Radio Profiling?

Guard Radios, Wireless Headsets, Cordless Phones, Wireless Cameras, Building Control Systems

Case Study

Chapter 2. Basic Radio Theory and Introduction to Radio Systems

The Electromagnetic Spectrum

Regulatory Agencies

Applying the Science: Radio Technology Basics



Radio Systems


Further Learning

Chapter 3. Targets

Two-Way Radios Used for Verbal Communication

Devices that Use Radio Frequencies

Chapter 4. Offsite Profiling

What is Offsite Profiling?

Case Study: Offsite Profiling

Chapter 5. Onsite Radio Profiling

Initial Onsite Reconnaissance

The Guard Force

Using a Frequency Counter

Visual Recon

Search Common Frequency Ranges

Common Ranges

Scanner Tips

Finding Trunked Systems

Case Study: Onsite Profiling

Chapter 6. How to Use the Information You Gather

Who is Guarding the Guards?

Monitoring Phone Calls

Wireless Cameras

Chapter 7. Basic Overview of Equipment and How it Works

Common Scanner Controls and Features

Selecting a Scanner

Scanners Recommended for Wireless Reconnaissance

Building You Kit: Helpful Accessories

Chapter 8. The House Doesn’t Always Win: A Wireless Reconnaissance Case Study


Office Work

Out in the Field

Glitz and Glamour

Learning the Local Lingo

Time to Gamble


Chapter 9. New Technology

Everything is Going Digital

Software-Defined Radios (SDRs)

Network-Enabled Dispatch Systems

Conclusions and Looking Forward



Quotes and reviews

"Despite the increasingly number of wireless devices, these security and information technology professionals contend that physical penetration tests for defending computer systems and companies neglect wireless traffic outside of Bluetooth and 802.11 devices and thus, often miss testing other wireless devices such as guard radios, wireless headsets, and cordless phones."--Reference and Research Book News, August 2013

Free Shipping
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy

Contact Us