offensive security - OSWA
demonfurbie
Member Posts: 1,819 ■■■■■□□□□□
has any one here taken this cert?
what are your feeling on it?
it looks interesting and id love to take it but there is very little out there about this one and id love to see what every one else thought about it
what are your feeling on it?
it looks interesting and id love to take it but there is very little out there about this one and id love to see what every one else thought about it
wgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers:
WGU MS IT Management: done ... double woot :cheers:
Comments
-
the_hutch Banned Posts: 827I assume you referring to OSWE? As far as I know, OffSec doesn't offer an OSWA. But as far as OSWE goes, I'm sure its a great course. The biggest reason I don't see myself ever taking it is that it is not offered online. Based on the description, I think it would be foolish to take it without first having completed OSCP and OSCE, which both focus heavily on web application exploitation.
-
demonfurbie Member Posts: 1,819 ■■■■■□□□□□it the wireless attack cert
its odd on one page they call it OSWA and on another they call it OSWPwgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
the_hutch Banned Posts: 827Ah...the wireless one huh? I'd say OSWP is correct, just because that is how it is listed on OffSec's site. And they are the one's that issue the cert
-
the_hutch Banned Posts: 827As far as wireless attacks go, I think they are interesting but I don't really see a point in getting professional cert in it. I say that for two reasons:
1). Wireless is the ugly step child of security. There is no professional demand for it. Wireless hacking is more of a novelty than a professional security discipline.
2). The scope of wireless security doesn't really warrant a need for penetration testing. Best practice configurations for wireless are the same across the board. The results of pen-tests against web apps can be difficult to predict before the pen-test is performed. It is a useful practice because it can actually help to identify weaknesses and vulnerabilities. This is not the case with wireless configurations. If you disclose to me the configurations of your wireless access point, I can identify the problems and tell you exactly how a penetration test would go...without even performing one. Wireless security comes down to a few basic principles...
- If you rely solely on MAC filtering to protect against unauthorized access...you're stupid
- If you think that not broadcasting your SSID actually provides anonymity and obscurity...you're stupid
- If you implement WEP...you're stupid
- If you implement WPA with RC4 encryption...you're stupid
- If you implement WPA2/AES without a sufficiently complex passphrase...you're stupid
- If you don't periodically change your SSID...you're stupid
- If you keep the router default configurations...you're stupid
- If you don't restrict physical access to your WAP...you're stupid
That's about the extent of security, as it is addressed by OSWP. And none of these best practices require a penetration test to verify. -
the_hutch Banned Posts: 827That being said, if OffSec did include other areas of wireless security, besides just IEEE 802.11 standards, to include bluetooth, RFID, emissions reconstitution, etc... the course might be more appealing to me. But as is...I have little interest.
-
demonfurbie Member Posts: 1,819 ■■■■■□□□□□i was looking at it as a stepping stone for something a little bit more than sec+wgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
the_hutch Banned Posts: 827Honestly, for anyone interested in OffSec...I'd say start with OSCP. Personally, I'm planning on trying my hand at it after I finish some preliminary work (SPSE and SecTube Assembly Primer)
-
docrice Member Posts: 1,706 ■■■■■■■■■■I wrote a review a while back:
http://www.kimiushida.com/bitsandpieces/ramblings/review_offensive_security_backtrack_wifu/Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
demonfurbie Member Posts: 1,819 ■■■■■□□□□□nice review it looks like something that i may go for
im still kinda on the fence about it. im really torn between this or CEHwgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: