XYZ Corporation has hired you to audit their WLAN network security measures. XYZ Corp currently has the following security measures in place:
1. All access points have non-default management interface passwords.
2. Access points have been configured not to broadcast their SSID in Beacons or to respond to Probe Request frames with null SSID values.
3. 128-bit WEP is in use by all access point and wireless client devices.
4. MAC filters are implemented on all access points to allow only authorized users.
5. Wireless Intrusion Prevention System (WIPS) with rogue detection and prevention.
Your task is to compromise XYZ Corp's wireless network by gaining access to sensitive data. How do you start your initial attack against the WLAN, given the above security measures?