Researchers Open-Source Wi-Fi Cyber Range for Security Training

Wireless security training has long treated Wi-Fi as a checkbox alongside Bluetooth and cellular, with hands-on environments dedicated to IEEE 802.11 remaining uncommon. A new open-source platform from researchers at the Norwegian University of Science and Technology and the University of the Aegean attempts to close that gap with a cyber range built specifically for Wi-Fi security scenarios.

The research paper, published on arXiv, details a conceptual architecture organized into five zones: infrastructure, learning management, monitoring, administration, and access control. A working prototype covering scenario creation, storage, retrieval, and deployment is available on GitHub, though the full design remains partially implemented.

Software emulation drives the platform using mac80211_hwsim, a Linux kernel module for simulated 802.11 radios. Linux namespaces isolate each emulated access point and client, allowing a single virtual host to run multiple wireless nodes that behave as separate devices. Standard user-space services handle the rest: hostapd runs the access points, wpa_supplicant runs the clients, dnsmasq handles DHCP, and FreeRADIUS provides 802.1X/EAP authentication when enterprise-grade setups are required.

On top of that emulated network, the platform bundles offensive and analysis tools learners would reach for in real engagements. Aircrack-ng covers wireless discovery and deauthentication testing. Wireshark, tcpdump, and tshark handle packet inspection. Two specialized tools developed by the same research group, WPAxFuzz and Bl0ck, extend the kit into WPA implementation fuzzing and block-acknowledgment-frame attacks against 802.11 connections.

One of the more interesting design choices sits in the scenario authoring workflow. Instructors can define exercises through a web interface in two ways. They can pick from prebuilt topology templates, or they can describe what they want in plain language and hand it to a locally hosted Llama model, which converts the description into a structured scenario definition that the platform can deploy. Scenarios are stored as a bundle of configuration files, shell scripts, and a topology manifest, then instantiated on demand.

The semi-automated path matters for a teaching tool. Writing a multi-AP, 802.1X-enabled scenario by hand is tedious, and that tedium is often what keeps instructors from running varied exercises week to week (the kind of friction that kills momentum in any training program).

The researchers are upfront about the limits. Software emulation does not reproduce radio interference, propagation effects, or hardware quirks that show up in real deployments. The platform has not been tested at scale with many concurrent learners. Learning outcomes have not been measured. Cellular, Bluetooth, and other wireless technologies sit outside its scope by design.

"We anticipate that, when we have a full-fledged prototype developed, the platform can be utilized for further educational purposes (e.g., university lab exercises, education platforms like Udemy, and so on). At the same time, its modular design will also allow corporate training teams to utilize it on personnel with minimal adjustment and fine-tuning," Vyron Kampourakis, co-author of the research, told Help Net Security.

Wi-Fi sits at the edge of nearly every corporate network, and the attack surface keeps growing as Wi-Fi 6 and Wi-Fi 7 roll out. A reproducible, software-only environment for practicing 802.11 attacks and defenses lowers the cost of building wireless security skills. The open-source release gives instructors and self-taught practitioners somewhere to start, with room for the platform to grow into the full design the paper lays out.

Whether organizations actually adopt it depends on whether the prototype matures beyond its current state and whether instructors can tolerate the gap between software emulation and physical radio behavior. The code is available, but the real test comes when someone tries to teach a class with it and the students notice the difference between simulated packets and actual airwaves.

The platform works on a laptop, not a radio tower. That's both its advantage and its limitation.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn