After passing the OSCP course i decided to take a well deserved break. After about a month something started itching . I was so impressed by the learning method used by Offensive Security i just had to go for another one. Giving the fact i went through hell (got there, got lost, wandered around for a long long time, and finally got back) to pass for PWB i decided to go for WiFu. The main reason for this decision is that i feel i am not yet ready to pursue OSCE, cause of my previous experiences with PWB. Another reason is that even though how much i ould like to learn it, writing exploits, learning assembly etc., it is a little bit out of scope for the work i do, but WiFi becomes a more important factor for me. And last but not least, it is a bargain!
When i clicked the sign up now button i noticed a different registration process. I received a mail with additional information about the course, and a registration form. From what i remember this is new. It is good to see that the guys at OffSec are not only working on the course itself, but also everything else that counts to become a good, respectable learning institute.
The outline is pretty much equal to the other courses. You will receive a lab guide (which is in size equal to the OSCP one!) and ofcourse the video's, which will take about 2.5 hours to get through. They also specify the required skills needed to pass the course. This is a little bit more then the "basic linux commandline skills". I quote:
"You need to have basic Linux skills in order to complete this course- meaning you should be able to navigate through the Linux filesystem, run simple commands, edit files and be comfortable in the command line in general."
They also provide an estimated time for completing the course, which is according to OffSec 2 hours. Giving i have played with WiFi and the air-suite before i guess it will be a little less, but we will see.
The labs are hosted by the student. This means no VPN to connect to as with PWB, but set up your own wireless network. Besides the fact that this is also good to know, it provides a nice look on the other side of IT security, which is in this case not hacking it, but properly configuring it. They also provide some tips on hardware which should not be a problem, cause most of the wireless adapters have good support in the latest version of Backtrack.
Finally there is an exam (ofcourse). This one will take about 3 hours including the time to prepare your results and to send them by mail. There are no pre set dates, but you have to schedule the exam within 4 months from your starting date. My guess is this will be no problem.
right now i am waiting for further instructions, and i must say i am stoked to be starting another OffSec course again!
OK, this was supposed to be a first impression update, but since i already covered all material i will rename it to just impressions. As i suspected the course is significally smaller than OSCP. I knew this before i started the course, because of the CPE points you get for both exams. Ofcourse getting through the course so fast is partly my fault, because i spend almost the entire weekend on the course. First lets start with the course guide.
The first couple of chapters contain some background information on the wireless protocol. Mostly is about the used protocols and operating modes. Even though none of this information is required for the exam, it is very useful to read through to get a deeper understandig of the wireless protocol. There is also a chapter that covers the hardware aspect. While this information can be considered a little bit oudated because of the current developments within Backtrack 4 and the upcoming 802.11n protocol it makes the choice of hardware a little bit easier if you dont want to go dig in technical specifications of wireless adapters. This is something i decided to do just because i think it is fun.
Like mosts hackers i like new toys and if possible, the best toys available. I got myself an Alfa Network AWUS036NH, which is not supported out of the box by BT4R2, but there are tutorials around to get it fully working. I bought this specific one with current and future developments in mind, because the n protocol becomes more and more mainstream. While i was at it, i also ordered a 9dbi high gain antenna to make the picture complete. OK, enough about the hardware.
The course is mainly focussed on the aircrack suite. The last chapters cover some other tools briefly, but almost not noteworthy. I like the layout of the course, because the different attack techniques are explained before you start the actual attack. This gives a better understanding of what goes on while aircrack is doing what it does best. While doing some extended research on the tool (after getting some vague errors which somehow dissapeared after a reboot, so actually not noteworthy) i saw that most of the material is also covered on the aircrack site. This makes the course a little bit obsolete if you just want to learn WiFu and do not want to pursue the certification. Still the additional video's provide a good addition to the course guide.
Again, Mati does a great job explaining the different attack techniques and makes it all very understandable. I always say that if you have the power to make something difficult look easy, you truly master the skills. Even though some subjects may need some updates, (for example, why is still BT3 recommended with the madwifi drivers?) it is still a great course to follow. Since there are no real exercises in the course (except for trying everything yourself) i will skip this part and move right on to the exam, so stay tuned for the next update: Exam time!
The exam exists of multiple WEP and WPA wireless networks that need to be hacked. There is a wordlist present for the WPA network(s), so do not worry about failing the exam because of a bad wordlist. The exam is more about how you got the result instead of the actual result. You have 4 hours to complete the exam and a total of 24 hours to send in the acquired results. They specifically ask for a workout of the steps taken and commands used which got you to your result. After this you will receive a reply with your results within a few workdays.
Different from the other courses, you will login using a SSH connection on a Backtrack3 box where the wireless setup has been prepared. The host has two wireless devices hooked up, which gives you the decision to choose your favourite driverset (Atheros or Alfa). Since i practised at home with the alfa my choice was obvious.
Saying this, there is really nothing more to tell about this course. I like the introduction chapters that give a better theoretical understanding of the wifi protocol. The big advantage of this course is that you will learn different attack methods to obtain the key which can be different depending on the state of the network (client/clientless, OPN/SKA etc.).
I received a reply on my submitted documentation within 24 hours, which was extremely fast! since i owned all the networks i figured i would most certainly pass, but there is always that little piece of doubt. Still when i got the results i was stoked i passed the course. Thank you again for all the feedback i received and for taking the time to join me once again in this walkthrough. I hope you had as much fun reading it as i had writing it. Thanks again to everyone for this great experience and the opportunity to tell others about my experiences within the security field. Until next time.
earning my stripes appears to be a road i must travel alone...with a little help of EH.net