Passed OSWP (Offensive Security - Backtrack WiFu)

I finally got around to successfully completing Offensive Security’s WiFu challenge today. This post will attempt to take you, the reader, through OSWP’s journey so that you can have an idea as to what to expect.

Registration

The registration process starts when a student visits their website and decides to take the WiFu course online. Once the student clicks on ‘submit’, the Offensive Security Team sends a few emails to him/her that contain legal forms, non-disclosure agreements, and payment instructions. Once the payment is processed, the registration process is complete. The next step involves the course material, which is provided by Offensive Security in another email. It can take anywhere from 24-72 hours after the payment is processed for them to email the student links to the course material. Upon receipt of the course material, the student has 72 hours to download it, store it, and make backups. Yes, make sure backups are made as the links are disabled after 72 hours, so additional fees will apply should the student need new links.

General Info

The course material consists of a lab guide in PDF format, and course videos. The lab guide will provide you with everything that you need for the WiFu challenge (OSWP exam). It starts with a basic discussion of wireless networks, but then it gets quite deep into fundamentals that any wireless professional should know. You can expect to be spoon-fed a lot of information about 802.11 standards, protocols, wireless operating modes, packets, antennas, etc. WARNING – do not skip the fundamentals as they will come in real handy when you take the exam. In addition, make sure to go over the ‘recommended hardware’ section, as you will be required to buy one or two wireless cards in order to be able to run the Labs. Yes, you read it right - you are required to run your own labs, so no VPN connection will be provided.

Once you are past the fundamentals, then the real fun begins. You will be exposed to many different tools within the aircrack-ng suite. The lab will discuss many different tools, and often times you will be required to use the tools on your own lab. Lab exercises will be provided at the end of each section – PLEASE do the exercises and you will do just FINE on the exam. I cannot stress this enough, the exercises will provide the foundation that is required for anyone to successfully pass the exam/challenge, so whatever you do, DO NOT SKIP THE EXERCISES.

The second part of the lab guide consists of step-by-step ‘hands-on’ exercises to be performed by the student. I found this section extremely useful as the exercises are a replica of the course videos. As a student, you will get a lot out of this particular section, so I highly recommend that you go over the exercises a number of times until you are comfortable with the material.

The course videos are extremely useful, in my opinion. On average, it will take students about 2 ½ hours to go through the course videos. I found that the course videos complement the lab guide quite well, so I personally loved them. With that said, I am sure you will have lots of fun going through them.

Scheduling WiFu

Scheduling the exam was the most difficult part for me. I wanted to get this course over with as soon as possible, but I was informed the lab was not available until August 10, 2011. After letting some steam off, I then proceeded to email the Offensive Security Team in order to schedule the exam for the next available weekend, which was August 13-14. Not surprisingly, I received an email not long after that informing me that they had that weekend fully booked. For those of you unfamiliar with the process, you must provide Offensive Security with three dates and times you would like to take the exam on. They will then try to accommodate your request, but there is no guarantee.

To make the story short, I proceeded to email them three new potential dates, which included the weekend of August 20-21, and Nov 27th. Why did I choose Nov 27th? Well, with CISSP on the 19th, I did not want to be studying for OSWP in parallel, so I was willing to postpone the challenge until CISSP was over with. Luckily for me, the Offensive Security Team did a great job of accommodating my request.

The Exam

Make sure to check your inbox and junk mail about 10-15 minutes prior to your exam/challenge. You will normally receive an email from Offensive Security with instructions on how to connect via SSH to a box you will use to launch your wireless attacks from. The box has two wireless cards, an Alfa based card and an Atheros based one. Depending on your familiarity with the cards, you can use either one to launch attacks.

The exam is more about how you got the result instead of the actual result. You have 4 hours to complete the exam/challenge, and a total of 24 hours after that in order for you to submit the results. They will specifically ask you for the steps taken and commands used to break into the networks, so make sure to document everything as you go along – this will make your reporting a lot easier. On a different note, do not worry about failing the exam due to an incomplete wordlist for WPA – they will provide one that has the correct passphrase.

Upon submission of your report, you will be required to wait a period of 24-72 hours for the official Pass/Fail result. In my case, I finished the exam in about 40 minutes and was able to break into every single access point. With that said, I was done with the challenge and the report in about 1 ½ hours. To my surprise, I got the final result about 3 hours later, which far surpassed my expectations – especially on a weekend!

Final Thoughts

Although the course is a bit dated and focuses almost exclusively on WEP, I would highly recommend it to anyone. I learned quite a few things from it, but most importantly, I had lots of fun during the challenge. To date, this has got to be the most exciting course I have taken aside from GPEN. I love the idea of students demonstrating their knowledge through ‘hands-on challenges’ as opposed to them answering a bunch of multiple choice questions. This course will definitely make you try harder, but it is very doable.
Every day hurts, the last one kills.

Comments

  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Congrats, I am watching the Welcome to SecurityTube! dvd for wireless get very familiar with the information and go for WiFu
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,893 Admin
    Congratulations on your pass, and thanks very much for the excellent review! :D
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Im thinking about taking this cert because it looks fun and the cost. What level of knowledge would you need to succeed in this course? A good understanding of tcp/ip and networking?
  • joestewiejoestewie Registered Users Posts: 2 ■□□□□□□□□□
    Hi, thanks for the detailed review! I'm very motivated to take this class but I'm a little concern about the level of Linux required! I do have a reasonable knowledge of TCP/IP, OSI but I'm not familiar with Liniux. I don't work in this field but I'm very eager to learn this fascinating skill. Any feedback is appreciated! Joe
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    The amount of Linux knowledge required is pretty basic, actually. If you can do ifconfig, iwconfig, lsmod, modprobe, export, grep, and your general file system navigation, you'll probably be fine. It's all command-line though, so if you're used to doing everything with a point-and-click GUI, you may require some adjustment.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • joestewiejoestewie Registered Users Posts: 2 ■□□□□□□□□□
    Thanks for your response! I will have to improve my command lines skillsicon_sad.gif Congrats on passing it
  • Chivalry1Chivalry1 Member Posts: 569
    Great review. Sounds like a lot of hands-on. We were all recently talking about this certification course during a Certified Ethical Hacker V7 course I took recently.
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
  • ipchainipchain Member Posts: 297
    JDMurray wrote: »
    Congratulations on your pass, and thanks very much for the excellent review! :D

    Thanks JD! I will be writing similar reviews for OSCP, GCFA and OSCE next year.
    Every day hurts, the last one kills.
  • ipchainipchain Member Posts: 297
    impelse wrote: »
    Congrats, I am watching the Welcome to SecurityTube! dvd for wireless get very familiar with the information and go for WiFu

    Thank you! Best of luck to you.
    Every day hurts, the last one kills.
  • ipchainipchain Member Posts: 297
    Im thinking about taking this cert because it looks fun and the cost. What level of knowledge would you need to succeed in this course? A good understanding of tcp/ip and networking?

    Knowing your way around Linux is all you will need for the course. Having a foundation on wireless networks is useful, but not required.
    joestewie wrote: »
    Hi, thanks for the detailed review! I'm very motivated to take this class but I'm a little concern about the level of Linux required! I do have a reasonable knowledge of TCP/IP, OSI but I'm not familiar with Liniux. I don't work in this field but I'm very eager to learn this fascinating skill. Any feedback is appreciated! Joe

    docrice's response is right on the money - you only need basic Linux skills.
    Every day hurts, the last one kills.
  • ipchainipchain Member Posts: 297
    Chivalry1 wrote: »
    Great review. Sounds like a lot of hands-on. We were all recently talking about this certification course during a Certified Ethical Hacker V7 course I took recently.

    Although the course is a bit dated, it was well worth the money. I don't regret having spent the ~300 USD on it.
    Every day hurts, the last one kills.
  • an_animalan_animal Registered Users Posts: 4 ■□□□□□□□□□
    this may sound silly question, but....

    how big the pdf, how many pages? Is it similar to the OCSP one ?
    Thanks.
  • the_hutchthe_hutch Banned Posts: 827
    New guy comes in and uses first post to revive thread that's over a year old icon_rolleyes.gif. I would be willing to bet that the PDF used for the current version of the course is probably changed quite a bit since the OP took the exam. And excepting the fact that it is a backtrack course from Offensive Security, there are hardly any similarities between the two courses. OSWP is exclusively wireless. OSCP doesn't touch wireless. OSCP course (PWB) provides you access to a large enterprise simulation lab environment. The OSWP course requires you to set up your own lab. OSCP is an extremely valuable and marketable certification. OSWP is NOT.

    Hope that helps. Welcome to the forums. icon_thumright.gif
  • an_animalan_animal Registered Users Posts: 4 ■□□□□□□□□□
    thanks, should i have started a new thread?
    the idea is i'm doing ocsp now....but after i'll finish this in max. 2 months i hope, i'll have limited time to take another certification.....that's why i was asking if it is as hard and requires similar amount of study as ocsp does....hope that makes things clear.

    Thanks!
  • the_hutchthe_hutch Banned Posts: 827
    I was just giving you a hard time. It really doesn't matter. If you pass OSCP, OSWP should be a breeze. And good luck with OSCP man. I'm actually enrolling in it as soon as my tax returns come in, in a few weeks.
  • the_hutchthe_hutch Banned Posts: 827
    In my opinion, OSWP is more of a novelty certification. It would be a fun course to take, but not anywhere near the professional demand for it that there is for OSCP.
  • an_animalan_animal Registered Users Posts: 4 ■□□□□□□□□□
    haha, ok man, thanks for your answer!
  • iztaniztan Registered Users Posts: 1 ■□□□□□□□□□
    ipchain: can you tell me if the challenge involves the use of rogue access points / Karmetasploit or man-in-the-middle attacks (as covered by the last two course modules) to solve any of the problems?
  • the_hutchthe_hutch Banned Posts: 827
    Haven't taken the exam...but the answer to your question is a no
  • the_hutchthe_hutch Banned Posts: 827
    Disregard my last post. I was in an OSCP mind-frame. I can't really speak of the content for OSWP (as I haven't taken it).
  • ipchainipchain Member Posts: 297
    iztan wrote: »
    ipchain: can you tell me if the challenge involves the use of rogue access points / Karmetasploit or man-in-the-middle attacks (as covered by the last two course modules) to solve any of the problems?

    My sincere apology as I somehow missed your question and didn't see it until today. Although I cannot disclose much about the exam for obvious reasons, I wouldn't worry too much about rogue access points / Karmetasploit or man-in-the-middle attacks.
    Every day hurts, the last one kills.
Sign In or Register to comment.