Rogue Wi-Fi & Captive Portals
- Prathamesh Khanvilkar
- Sep 22
- 1 min read
🔴 Rogue Wi-Fi & Captive Portals 🔴
One of the lesser-known but highly effective attack paths against organizations is through rogue Wi-Fi access points (APs) combined with fake captive portals.
This content has been put together by NAME, one of our Red Team resource at Secure Logic, based on practical assessment experience, to help organizations understand the risks and build awareness.
⚡ How attackers set the trap (in short):
Clone the company’s Wi-Fi name (SSID).
Redirect users to a login page resembling a trusted enterprise provider.
Mobile devices → captive portal pops up automatically.
Laptops → redirection occurs once a browser is opened.
Users often enter their credentials without much hesitation.
In some cases, attackers mimic MFA or password reset steps, tricking users into approving login requests or sharing OTPs.
💡 Key Takeaways for Organizations
Never trust open or unfamiliar Wi-Fi — verify before connecting.
Be cautious with captive portals — even if they look like familiar login pages.
Don’t approve unexpected MFA prompts or enter OTPs blindly.
Train employees regularly — awareness is the strongest defense against social engineering.
Test your defenses — simulated Red Team engagements reveal these blind spots before real attackers do.
🔐 Red Teaming isn’t about breaking systems — it’s about showing how attackers could combine technology and psychology to reach sensitive data. By addressing these risks early, organizations build stronger security culture and resilience.
Comments