WPA EAP-TLS Mode Certificate Only

  • LAST UPDATED DATE: 2015/11/25
  • LAST UPDATED BY: @mubix


EAP-TLS based authentication is the best form of Wireless security currently available because of the need for a client certificate to authenticate to the wireless. However, without additional authentication it is difficult to detect misuse or theft of the client certificate.

Capabilities and Risk

  • Theft / Creation of valid certificate used for continued access wireless network


  1. Use of of client certificates on multiple IP addresses
  2. Reissuance of certificates with export flag enabled


  1. Revoke certiicate effected and start investigation into the user(s) effected. Unless re-issued in order to be exportable, administrative access to the machine it was installed on is needed in order to extract the certificate.



Scenario 1 - Exporting Certificate via Mimikatz

Want to contribute? Check out the readme and contribution page or Get in touch!
Last updated on 24th Jul 2019