After studying the Offensive Security’s course, this Friday I passed OSWP exam. I will try to do a little review of both the course and the exam.
I found the course to be very well done; it gives structured information about the subject in an understandable way. It has many videos that present various tools and attacks, and a pdf manual that completes the course.
The manual starts with almost 160 pages of theory covering various subjects: the IEEE 802.11 standard, discussion about wireless networks, and very in depth theory about packets, frames, how authentication and association takes places in different scenarios. The theoretical part ends with a discussion about hardware used: cards, adapters and antennas.
Being an offensive course it covers in depth the Aircrack suite (cca 155 pages), with very much emphasis on: airmon-ng, airodump-ng, aireplay-ng, packetforge-ng, aircrack-ng, airtun-ng, wesside-ng and easside-ng tools. Each module comes with detailed explanations, videos, labs and examples. There are many captured files that can be downloaded, and once opened in wireshark helps you a lot to understand the principles. The others tools from the suite are briefly discussed.
The next big part of the course (~80 pages) covers the attacks against the wireless networks. Here are also videos, examples and “to do” labs that helps the student to understand how to perform the attacks, and how to apply the tools already studied.
The last part of the course discusses in few pages the other tools that can be used in order to do wireless penetration and assessment: Kismet and John the Ripper. Here there are no labs to do.
In conclusion I found the course to be interesting, sometimes fun and I think I learned a lot from it. I would like to see some examples on using John the Ripper, and definitely I would like the course to cover other subjects like Bluetooth, using GPS and some other modern subjects. But, this course is what it pretends to be: and offensive wireless security course.
After studying the manual and doing a lot of practical exercises I found the exam medium as difficulty. I finished it in 1 ½ hours out of the 4 allocated hours. Without the course maybe I would find it more difficult.
It was an offensive exam, so practically you connect to a machine in their environment, and you are given the challenge to find the keys for different networks.
After the exam you have 24 hours to send them a document containing the keys you have found, and (more important in my opinion) to explain what have you done and how.
For those of you that are interested in this field I certainly recommend this certification. If you want to understand more about wireless networks and how to penetrate them go for the course + exam version. You’ll learn a lot, especially about how to crack a WEP network.
If you are low on money or you consider that you have enough knowledge on the subject go for the exam. At 80$ it is very affordable. Play with your router at home, try to crack all the access control combinations: WEP (with or without clients, open authentication, shared key authentication, hidden ESSID) and WPA PSK. If you can do this you’ll pass the exam.
This certification will give you a formal recognition of your skills and knowledge, and, also, will help the guys from Offensive Security to be better known in the industry, and will supply them the funds necessary to improve and develop their courses.