Review: Offensive Security Wireless Professional (OSWP)

After reading the title, you are probably thinking to yourself “Amin, we didn’t need yet another review about OSWP!” and I agree but I am still going to write it anyway because I have got too much time on my hand these days plus I haven’t wrote anything on the blog for a while now.

While many suggested not to take this certification due to outdated content, I still went for it mainly because of not having any other similar option. The industry these days require you to not just be good at something particular but also to be certified and hence, I took the course and this certification.

Introduction

For one to achieve OSWP which is one of the popular certifications from Offensive Security, the WiFU course has to be purchased and completed. An OSWP, by definition, is able to identify vulnerabilities in 802.11 networks and execute organized attacks in the wireless space.

If you are interested in learning about how WiFi/802.11 works from scratch and how you can go about attacking it, then this course might be for you but if you are already and expert in the domain, then be advised that you won’t learn any new technique.

Course Prerequisites

Those familiar with Offensive Security’s other courses will find this one to be slightly different because there are no online labs which you need to take but rather build your own lab at home. According to Offsec, you should go with the following as the recommended hardware to follow the course without any issues:

Recommended Wireless Network Routers

  • D-Link DIR-601
  • Netgear WNR1000v2

Recommended Wireless Cards

  • Netgear WN111v2 USB
  • ALFA Networks AWUS036H USB 500mW

While above are not the only options, I decided to follow the recommendation and chose D-Link DIR-601 as the router and ALFA as the wireless card.

It is also highly recommended to know your way around the Linux terminal because there are things that you would need to do in the course which require to be somewhat fluent on the Linux command line. Luckily, I have been using Linux as my primary OS for the last 12 years.

The Course Work

Once your registration process is complete, unlike OSCP/OSCE/OSWE, your course material is sent to you fairly quickly because there are no labs and you have to work on it yourself. At the time of writing, the course version is 3.2 and it consists of a course PDF guide and course videos which are about 3.5 hours long.

The detailed syllabus for the course can be found here: WiFu Syllabus

The course starts off by introducing the wireless drivers and why some hardware is recommended more than others and then moves on to introducing Aircrack-ng suite which is the go to package for anyone testing 802.11 security. The course then moves on to attacking WEP protocol with different tools & techniques and explains in a great detail about why these different techniques work the way they do. The course also teaches you about attacking WPA & WPA2 protocols which are the protocols being used mostly these days in homes.

I took my time and went through the course at a slow pace because even though I have a lot of experience in Wireless testing, I did not want to miss out any new information that I did not know before and that was indeed the case because I learned a lot from the nitty-gritty details in the course.

Exam

I have had the experience of taking Offsec’s exams and this exam is by far the easiest of them all because it is a straight 4 hour exam where you are expected to finish 3 tasks which are all about cracking the wireless keys.

I started my exam around 9:00 PM after taking a good nap and started working through the first challenge. I was able to complete the first challenge in about 20 minutes and moved on to the next one which was a little bit complicated and I faced several issues with the connectivity. I decided to come back to it after completing the 3rd and last challenge which funny enough took only about 10 minutes. I went back to the 2nd challenge to go through my steps again and I realized that I had made a huge mistake but by then 2 hours had passed; I redid the entire challenge and was able to get satisfactory results. In total, it took me about 2.5 hours to complete the entire exam but it took me a little bit more time after that because I had forgotten to take enough screenshots. Once that was done, I moved on to writing the report right after that.

I sent the report in the next 4 hours but I got the exam results from Offsec after about 5 days which was weird and I kept thinking to myself If I had made a mistake but it was probably something on Offsec’s end. After 5 days, the wait was over and I got the following email from Offsec.

Conclusion

As you would have read from the countless other reviews, the course is outdated as it does not cover recent attacks and techniques used in the industry but there hasn’t really been many new attacks either. I personally was expecting to at least see WPS attacks and may be enterprise protocols in the course but that was not the case. This course is a great starting point for someone who is new to WiFi testing and it can lay ground for further explorations but if you are like me who has had done his share of WiFi testing, you might want to lower down your expectations.

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *