M4 Cyber Solutions logo M4 Cyber Solutions

Services / Wireless Testing

Wireless Network Testing

A complete assessment of your RF footprint — from encryption posture and rogue AP detection to captive portal bypass and client isolation failures. What broadcasts, who can hear it, and what can be done with it.

What we assess

  • Encryption standard inventory — WPA3, WPA2, WEP, open SSIDs across all facilities
  • Rogue and evil-twin AP detection — unauthorized devices broadcasting on your network name
  • WPA2/WPA3 handshake capture and offline key recovery testing against common password patterns
  • PMKID attacks where applicable
  • Guest network segmentation — can a guest network reach internal resources?
  • Captive portal bypass testing
  • Client isolation failures — can wireless clients reach each other?
  • RF signal leakage beyond facility boundaries

What you get

  • Complete AP inventory: SSID, BSSID, channel, band, encryption, signal strength, rogue flags
  • Coverage overlay map delivered in your portal — shows signal extent relative to your floor plan
  • Cracked or weak-PSK findings presented with masked values for safe review
  • Rogue AP alert list with BSSID, first/last seen timestamps, and recommended action
  • Segmentation test results — what's reachable from each network segment
  • Hardening recommendations per AP and per SSID
  • Executive PDF and full portal access

Methodology

1 · Passive discovery

Monitor mode capture across 2.4 GHz and 5 GHz bands. Every beacon, probe, and association recorded. Management frame analysis for unencrypted SSIDs and hidden network patterns.

2 · Active enumeration

Active client association tests, deauthentication frame injection for handshake capture, and PMKID extraction. All within agreed scope and safety constraints — no production disruption.

3 · Rogue detection

Compare observed AP inventory against your authorized AP list. Evil twins identified by SSID match with BSSID mismatch. Unauthorized devices flagged by channel, power, and association patterns.

4 · Segmentation testing

Associate to guest and employee SSIDs and attempt to reach internal subnets, printers, management interfaces, and domain resources. Client isolation bypass attempts from within the same SSID.

5 · Coverage mapping

Signal strength surveys at defined waypoints across your facility. Coverage boundaries plotted against floor plan — shows where strong signal extends beyond controlled areas.

6 · Reporting

Findings written with masked credential values, SSID-level risk ratings, and specific remediation steps (PSK rotation, SSID isolation, guest VLAN hardening, rogue AP alerting configuration).

Best for

  • Campus environments, retail, healthcare, and multi-site offices
  • Organizations where guests or vendors have wireless access
  • PCI-DSS compliance — wireless must be assessed annually
  • Post-renovation or new-office wireless deployment validation
  • Environments concerned about neighboring building signal bleed

Map your wireless exposure

We'll walk through your site count, floor plans, and compliance requirements to scope the right assessment.

Request a consultation All services