Offensive Security - BackTrack WiFu

docrice

Has anyone gone through this course? I'm at a point in the year where I need to relax and do something a bit more "fun" than the mundane-but-important Microsoft / Cisco material. I understand it's somewhat dated and still focuses mostly on breaking WEP, but I just want to reinforce what I already know and fill in gaps that exist.

http://www.offensive-security.com/online-information-security-training/backtrack-wifu/

dynamik

My only complaint is that it's dated and focuses almost exclusively on WEP (WPA/WPA2 get a very small mention at the end). It's awesome for developing an understanding of 802.11 and WEP though.

I'd go with Penetration testing training course if I could do anything fun at the moment. You save $100 if you register within the next few weeks.

docrice

I just want to take something (seemingly) short and sweet right now. I probably will sign up for the eLearnSecurity course before the month is over since the lifetime access to the material (within the same major version) at that price is definitely appealing. I don't see anything in their syllabus that covers 802.11 so the Offensive Security training shouldn't overlap.

dynamik

If you want to work with 802.11, check out the following:
Amazon.com: Hacking Exposed Wireless, Second Edition (9780071666619): Johnny Cache, Joshua Wright, Vincent Liu: Books (Wow, a new one just came out, and Josh Wright contributed this time around. Time to upgrade!)

Amazon.com: CWNA Certified Wireless Network Administrator Official…

It looks like there's an update of Wi-Foo coming too! Amazon.com: Wi-Foo II: The Secrets of Wireless Hacking (2nd Edition) (9780321393715): Andrew Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky: Books (edit: Aw, 2008 is listed. Hopefully that's an error and this project isn't dead. This seems new as I didn't see it when I was looking Wi-Foo up a few months ago...)

If you want a wireless cert, I'd do CWNA over OSWP; it's just really dated.

docrice

CWNA looks much more involved. I might take that another time though since I'm guessing I can go through the OSWP course within a few days. I can actually borrow the CWNA book at a local library (call me cheap, because I can be).

I have the earlier editions of Wi-Foo and Hacking Exposed. I wish they could just sells the deltas so I don't have to purchase the entire thing over again. Those Hacking Exposed series are great, but new editions keep coming out like there's no tomorrow.

docrice

To those who have taken the OSWP challenge, how "real-world" is it? Are there scenarios where you have to patiently wait for a target station to eventually show up to the AP or get within radio range? Are you expected to use tools like Easside-ng / Kismet / etc., or it is exclusively focused around Aireplay-ng / packetforge-ng? Is the challenge based on just the self-guided labs, or is anything in the lab manual applicable?

If the answers reveal too much about the test, don't spoil it for me.

I started this course last Monday and while the content is somewhat dated as mentioned before, at the same time it's the most fun I've had (for technical-studying / certificate purposes). Much more fun than reading through Microsoft / Cisco "push this button for x" material. I ended buying two Alfa cards for the class (accidentally double-ordered on checkout) but still worth it for me. Someone in the neighborhood had an Atheros-based card that they just gave me so it kind of made up for it, I guess.

docrice

I finally got around to completing this yesterday. While the class material is a bit old at the moment, I think it was a great departure from your typical Cisco / Microsoft / [choose your favorite vendor] exam prep. I really loved the format of the course and the challenge exam was a lot of fun (and a little more nerve-racking than I expected). Although I'd guess it's way easier than doing their PWB course, if you're looking for a basic "attack" class that can be done in a short time span, this might be worth looking into. I can't think of any other wireless attack course in this price range.

I wrote a review here:

Bits&Pieces: Ramblings (Review: Offensive Security BackTrack WiFu)

This week I'm onto the Heorot.net intro class. Should make a good complement to the eLearnSecurity course that I've already signed up for. It's going to be another busy month...

QHalo

Cool ****, thanks for the write up. When we find someone here doing something they're not supposed to it's fun to go headhunting. I can see how exciting and frustrating it can be and how different it is than normal run of the mill cert stuff.

dynamik

Wow, someone's making me look like a slacker. I'm going to have to pick up the pace

Congratulations!

docrice

A bit off topic, but Richard Bejtlich gave the new edition of Hacking Exposed: Wireless a 5-star rating. Apparently it's a major re-write.

http://taosecurity.blogspot.com/2010/09/review-of-hacking-exposed-wireless-2nd.html

I think I hear the sound of money slipping out my pocket and a cha-ching from amazon.com.

dynamik

Spooky. I was just reading that. Here's a post from Josh Wright from a mailing list I'm on:

---

BEGIN PGP SIGNED MESSAGE

---

Hash: SHA1

For the past 12 months, Jon Ellch, Vinnie Liu and I have been re-writing
the Hacking Exposed Wireless book, producing the 2nd edition. This is a
complete re-write of the book, adding me as an author where I
contributed several chapters on Bluetooth, ZigBee and DECT wireless
technology, a chapter on exploiting Windows Vista/7 wireless features,
and tech-review for the other authors.

I'm especially happy about this content because I feel that it is the
first time a book has demonstrated attack techniques against wireless
technology including and beyond 802.11. Here is a smattering of topics:

802.11 Hardware Solutions, Building an Attack Platform, Breaking
WPA2-PSK, Breaking Enterprise WPA, Exploiting EAP, Exploiting DNS over
Wireless, WLAN Man-in-the-Middle Attacks, Exploiting Client Software
Updates, Web Hacking and WiFi, Leveraging Compromised Clients, Active
and Passive Bluetooth Device Discovery, Sniffing Bluetooth Networks,
Leveraging Software Defined Radio for Wireless Attacks, Manipulating
Bluetooth Identities, Abusing Bluetooth Profiles, ZigBee’s Security
Model, Exploiting ZigBee with KillerBee, ZigBee Hardware Exploits,
Exploiting DECT Pairing and Authentication, DECT Audio Eavesdropping
Attacks and Effectively Scoping a Wireless Security Engagement.

While writing the book, we realized there was more content that we
wanted to cover than we could accommodate given our page count limit.
As a result, much of the detailed content behind how radio frequency,
802.11 and Bluetooth work have been moved to free online chapters, which
you can grab at our companion website:

http://www.hackingexposedwireless.com

Chapter 1 "Hacking 802.11 Wireless Technology" is also available as a
free sample chapter at the companion website (above), as well as extra
tools, scripts, patches, high-resolution images and more.

You can find the book at Amazon (Amazon.com: Hacking Exposed Wireless, Second Edition (9780071666619): Johnny Cache, Joshua Wright, Vincent Liu: Books) or your favorite
reseller. There is also a Kindle edition if you prefer e-books like I
do. If you feel so moved after buying the book, we always appreciate
reviews and feedback!


It's been a pleasure working with all of my past students, and a lot of
the content in this book was directly influenced by your questions,
suggestions and ideas. Thank you for all your support.

- -Josh

---

BEGIN PGP SIGNATURE

---

Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - Enigmail: A simple interface for OpenPGP email security

iEYEARECAAYFAkx+S4IACgkQapC4Te3oxYwa5gCeO8x0sNh6/B3yXgh5jmybBxmF
J5YAniIV51sQX6UYINy65cXixwFlecsj
=YoF9

---

END PGP SIGNATURE

---

docrice

I think I've seen one other picture of the OSWP certificate on the web. It comes on thin cardboard stock (or heavy paper stock, depending on how you look at it). It's a bit different-looking from your typical certificate so I figured I'd post it here:




The back of the folder has the Offensive Security logo on it.

rogue2shadow

It looks sick haha.

down77

Awesome, totally awesome!

ipchain

I realize this is an old thread, but I couldn't help it - the certificate rocks. On a different note, I just ordered this course as we are about to perform a WiFi pen test at work and I thought I could probably learn a thing or two from it.

With that said, I have a quick question - do you have to take the exam within 'X' amount of time after having ordered the course? I got my hands full at the moment, so I don't believe I will be able to take the exam until the end of the year.

Thanks!

docrice

I believe you have to take the exam within 4 months of starting the course.

Bl8ckr0uter

Dude I totally forgot about OSWP. This could become very relevant to me in the next few months.