WIFI-DEAUTHImpact

Deauthentication DoS

Spam 802.11 deauth frames at clients of a target AP — disrupts service, also a primer for handshake capture / evil twin.

§ Where this technique fits

WIFI-DEAUTH is catalogued under the Impact tactic of the offensive-security kill-chain. It appears in 3 approved dossiers in the registry, typically at step 2.3 on average.

§ Dossiers chaining this technique

Zigbee network key sniff → smart-home control
Sniff a fresh device-join with an Atmel RZRAVEN — Zigbee broadcasts the network key in plaintext during pairing. Decrypt all subsequent traffic + send commands.
step 2 / 5
WPA2-PSK handshake capture + crack → LAN access
Deauth a connected client to force re-association, capture the 4-way handshake with airodump-ng, crack the PSK offline with hashcat.
step 2 / 6
Evil twin + captive portal → credential harvest
Spoof the corporate SSID with a stronger signal and a captive portal that looks like the company AD login. Auto-connecting clients submit creds to the attacker page.
step 3 / 5

§ What commonly comes next

01
Valid Accounts
T1078 · Initial Access
seen 1×
02
WPA2-PSK Handshake Capture + Crack
WIFI-WPA2-PSK · Credential Access
seen 1×
03
Zigbee Network Key Extraction
IOT-ZIGBEE-KEY · Credential Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Zigbee network key sniff → smart-home control

WPA2-PSK handshake capture + crack → LAN access

Evil twin + captive portal → credential harvest

§ What commonly comes next