My l3g3nd

There is no spoon

OSWP: How Strong Is My WiFu?

| Comments

Offensive Security has several good certifications and most of them are top-notch which will make you go crazy and presents challenges at every step. Out of the box thinking is what their certifications are all about. They also have a certification for pen testing wireless networks called Offensive Security Wireless Professional (OSWP).

This certification by no means matches the thrill of doing OSCP or any other certification that Offsec conducts. And this is due to the fact that cracking WEP and WPA are not that difficult as long as certain criterias are met. Also, use of WEP is discouraged today due to its vulnerable nature and WPA/WPA2 does not have lot of publicly disclosed vulnerabilities.

Why did I do took challenge?

I always want to learn more about security and the way I learn is to actually do some hands-on challenges/exercises. Obviously, I have read a lot about WEP/WPA2 security over the years but never got a chance to actually crack APs and exploit vulnerabilities. Yes, one can actually do so themselves without taking OSWP but its just their style of learning. Its good to get a reward when you put your time and effort :).

Also, If you are in penetration testing industry then you might come across situations where knowing about this could be very helpful. Last but not the least is that you get a certification that may add some value to the resume.

The Course

Before going for the certification you have to register for Offensive Security Wireless Attacks – WiFu course. Unlike OSCP, this is a self paced learning and students themselves need to setup the wireless labs at home to follow videos and lab guide. So, even before registering for the course make sure you have one AP and one wireless usb card. Now the question is which ones to buy? Offsec has taken care of that and recommended couple of each here.

WiFu course is primarily based on the Aircrack-ng suite of wireless attacking tools. Most of the course is about is WEP cracking, 802.11 packets and network interactions. More about the course description can be found here. The course also covers some war-driving, rogue APs and wireless reconnaissance which are very interesting.

The Challenge

Obtaining OSWP certification is very simple as long as all the lab exercises are followed and then there shouldn’t be any reason to fail this exam. Its a four hour challenge where you are given access to a BackTrack machine over ssh and required to crack WEP/WPA keys of given APs. At the end of the exam you need to write a short report with all the commands that were executed and some of the obvious screenshots within 24hrs. I was able to finish the exam and send my report as well in about 3 hours or so.

At the end of this adventure I learned a lot about WEP/WPA security and by no means I am done learning. There is a lot to learn and its a continuous learning process. So big shout-out to Offsec folks for putting this course together and making it fun. Its is an excellent way to understand and learn 802.11 security. Cheers fellas!


There are lots of resources available on the internet. But the 2 that I benefitted the most were:

Good luck if you are going to take this challenge!