Penetration Testing

Wireless penetration testing that secures the airwaves.

Your wireless networks extend the attack surface beyond your walls. SubRosa tests WiFi infrastructure, protocols, and configurations, plus Bluetooth and RF, so an attacker cannot pivot in over the air.

WiFi · WPA2/WPA3 · Rogue AP · Bluetooth · RF

Wireless penetration testing, defined

What is wireless penetration testing?

Wireless penetration testing assesses the security of your WiFi and other radio-based networks: encryption and authentication (WPA2, WPA3, 802.1X/EAP), rogue and evil-twin access points, network segmentation, and RF technologies like Bluetooth, RFID, and NFC. The goal is to prove whether an attacker within radio range could get onto your network or pivot deeper, and to close the gaps that let them.

What we test

Every wireless vector that matters.

Specialized testing across all the wireless technologies and protocols in your environment.

WiFi security assessment

Encryption analysis, authentication bypass, and configuration review across your enterprise and guest WiFi networks.

Rogue AP & evil twin

Detection and exploitation of rogue and evil-twin access points to validate client behavior and wireless segmentation.

Protocol & enterprise auth

Testing of WPA2 and WPA3, 802.1X, and EAP enterprise authentication for weaknesses that enable unauthorized access.

Bluetooth & RF

Assessment of Bluetooth, RFID, and NFC devices and protocols for flaws in pairing, authentication, and data transmission.

Why SubRosa

Into the RF attack surface.

RF-aware testing

We test the full radio attack surface, WiFi, Bluetooth, and RF, not just a WiFi password audit, because that is where attackers actually pivot.

Segmentation focus

We validate that a foothold on wireless cannot become a foothold on the rest of the network, testing segmentation and monitoring end to end.

Real exploitation

We safely exploit what we find to prove real impact and confirm your controls hold, rather than handing you a list of theoretical issues.

Every finding, tracked to closed.

From report to remediation.

Your wireless pen test findings land in Sable, prioritized, assigned, and tracked from open to retested, so remediation becomes a managed workflow instead of a PDF that gets forgotten.

Wireless findings in Sable
Wireless findingsWiFi · RF
  • Critical
    Evil-twin captures corp creds
    WiFi
    Open
  • High
    EAP misconfig allows bypass
    802.1X
    In progress
  • High
    No isolation from corp VLAN
    Guest
    Retested
  • Medium
    Legacy pairing on badge readers
    Bluetooth
    Open
WPA2/WPA3 · 802.1X · RFPrioritized · assigned

Secure your networks over the air.

Book a wireless penetration test and find out exactly what an attacker within range could reach, and how to shut it down.