Wireless security training programs often rely on generic network labs, where Wi-Fi is just one checkbox alongside Bluetooth, Zigbee, and cellular. Hands-on environments dedicated specifically to IEEE 802.11 are rare, even though Wi-Fi remains the default entry point to corporate networks and a recurring attack vector. A new paper from researchers at the Norwegian University of Science and Technology (NTNU) and the University of the Aegean addresses this gap by open-sourcing a cyber range built entirely for Wi-Fi security training.
The platform, now available on GitHub, provides a software-emulated Wi-Fi environment where learners can practice a wide range of attacks and defenses. It uses the Linux kernel module mac80211_hwsim to simulate multiple 802.11 radios, and Linux namespaces to isolate each emulated access point and client. Standard user-space services handle the rest: hostapd runs the access points, wpa_supplicant runs clients, dnsmasq manages DHCP, and FreeRADIUS provides 802.1X/EAP authentication for enterprise-grade scenarios. This setup allows a single host to run multiple wireless nodes that behave like separate physical devices.
The training gap
Rogue access points, deauthentication attacks, handshake weaknesses in WPA2 and WPA3, and protocol-level flaws in 802.11 frame handling each require setups that generic wireless labs rarely reproduce. The researchers note that most existing cyber ranges and testbeds bundle many wireless technologies together, leaving 802.11-specific scenarios underserved. Their literature review found no platform purpose-built around Wi-Fi security. On the educational side, wireless security teaching still leans heavily on lectures and seminars, with limited access to scenario-driven environments where learners can practice against realistic 802.11 conditions. This gap is critical because Wi-Fi vulnerabilities are increasingly exploited in real-world breaches, from credential theft via deauthentication to advanced attacks like WPA2's KRACK and WPA3's Dragonblood.
What the platform does
The proposed cyber range emulates Wi-Fi networks entirely in software. On top of the emulated network, the platform bundles offensive and analysis tools that learners would use in real engagements. Aircrack-ng covers wireless discovery and deauthentication testing. Wireshark, tcpdump, and tshark handle packet inspection. Two specialized tools developed by the same research group, WPAxFuzz and Bl0ck, extend the toolkit into WPA implementation fuzzing and block-acknowledgment-frame attacks against 802.11 connections. The architecture itself is organized into five zones covering infrastructure, learning management, monitoring, administration, and access control. This zoning follows conventional cyber range design but is applied here to a Wi-Fi-specific workload, ensuring that the environment can support multiple concurrent users and maintain security boundaries.
A scenario builder powered by a local LLM
One of the most interesting design choices sits in the scenario authoring workflow. Instructors can define exercises through a web interface in two ways. They can pick from prebuilt topology templates, or they can describe what they want in plain language and hand it to a locally hosted Llama model. The LLM converts the description into a structured scenario definition that the platform can deploy. Scenarios are stored as a bundle of configuration files, shell scripts, and a topology manifest, then instantiated on demand. The semi-automated path matters for a teaching tool. Writing a multi-AP, 802.1X-enabled scenario by hand is tedious, and that tedium often prevents instructors from running varied exercises week to week. By offloading scenario generation to a local LLM, the platform lowers the barrier to creating complex, realistic training environments. The local hosting also ensures data privacy, as no sensitive network configurations leave the institution's infrastructure.
What is built, and what is not
The full architecture is conceptual; the open-source release includes a working prototype covering scenario creation, storage, retrieval, and deployment. The remaining zones—monitoring dashboards, role-based access enforcement, and asynchronous task orchestration—are specified in the design but earmarked for later implementation. The researchers are upfront about the limitations. Software emulation does not reproduce radio interference, propagation effects, or hardware quirks that appear in real deployments. The platform has not been tested at scale with many concurrent learners, and learning outcomes have not yet been measured. Cellular, Bluetooth, and other wireless technologies are outside its scope by design. As Vyron Kampourakis, co-author of the research, stated: 'We anticipate that, when we have a full-fledged prototype developed, the platform can be utilized for further educational purposes (e.g., university lab exercises, education platforms like Udemy, and so on). At the same time, its modular design will also allow corporate training teams to utilize it on personnel with minimal adjustment and fine-tuning.'
Despite these limitations, the availability of a reproducible, software-only environment for practicing 802.11 attacks and defenses lowers the cost of building wireless security skills. The open-source release gives instructors and self-taught practitioners a starting point, with room for the platform to grow into the full design outlined in the paper. The growing attack surface from Wi-Fi 6 and Wi-Fi 7, which introduce more complex features like OFDMA and multi-link operation, makes such training environments increasingly important. As networks evolve, so do the vectors for exploitation, and hands-on training remains one of the most effective ways to prepare defenders.
Wi-Fi sits at the edge of nearly every corporate network. A cyber range that can simulate both legacy and modern 802.11 protocols fills a critical need in cybersecurity education. By open-sourcing the platform, the researchers invite the community to contribute, test, and extend its capabilities. The modular design allows integration with existing lab environments and learning management systems, making it a versatile tool for universities, bootcamps, and enterprise training teams. With the rise of remote work and the proliferation of IoT devices that rely on Wi-Fi, the demand for skilled wireless security professionals will only increase. Platforms like this one are a step toward meeting that demand.
Source: Help Net Security News