Offensive Security Wireless Professional (OSWP) Review

Introduction

The Offensive Security Wireless Professional is an ethical hacking certification offered by Offensive Security that teaches wireless penetration testing techniques, specifically for WEP, WPA, and WPA2.

It comes with the Offensive Security Wireless Attacks video and PDF course, which aims to prepare students for the exam. In this article, I take the time to talk about my experience with this certification, the pros and cons of the course, thoughts after taking and passing the exam, etc.

Pros

• At about $450 USD, it is substantially cheaper than any other Offensive Security certifications.
• The way the PDF course and videos are structured is very similar to PwK, which is great.
• Offensive Security has a great reputation in the industry, so this certification will look really good on your resume.
• The course material is considerably shorter than PwK, so it won’t take you nearly as long to complete.

Cons

• As many have pointed out on the internet, the material covered by the certification is very outdated and most of it does not apply to today’s WiFi penetration tests.
• There are a lot of other WiFi courses, such as the Pentester Academy WiFi Security Professional (PAWSP) that have updated content and most of them are cheaper than OSWP.
• Although Offensive Security holds great reputation in the industry, among the pentesting community this particular certification isn’t exactly known for being particularly challenging.
• Unlike other WiFi courses, it requires you to have hardware, and some of the techniques taught in the course will only work with specific devices.
• The entirety of the course is recorded in BackTrack 5, which means that some of the commands performed will be slightly different in Kali, unless you decide to use the Backtrack image provided by Offsec

Background

After achieving my OSCP certification in late 2020, I then decided to take a little break from exams and started writing this blog and simply kept doing capture the flag challenges to keep myself in good shape. Around the beginning of April, it was time to look at my next certifications, and since I wanted to try and get as many of Offsec’s certs as possible I thought this was a good option as according to Offsec it is the next level after OSWP as the PEN-210 name suggests.

So I decided to, first of all, get my hands on all of the hardware required to complete the labs before enrolling in the course, this turned out to be a great decision, as the routers specified in Offsec’s OSWP page are quite ancient and hard to get a hold of, especially here in Australia. I managed to find the D-Link DIR-601 on Amazon US and ordered it, even there it was out of stock and took about 90 days to arrive. Once it did, it was then time to enroll in OSWP!

The Course

The PDF slides and videos included with the course cover the following areas:

• IEEE 802.11
• Wireless Networks
• Packets and Network Interaction
• Linux Wireless Stack and Drivers
• Aircrack-ng Essentials
• Cracking WEP with Connected Clients
• Cracking WEP via a Client
• Cracking Clientless WEP Networks
• Bypassing WEP Shared Key Authentication
• Cracking WPA/WPA2 PSK with various methods
• Additional Aircrack-ng Tools
• Wireless Reconnaissance
• Rogue Access Points

The first few modules provide an overview of wireless technology in general, and later on the course jumps into actual attacks against WEP and WPA/WPA2 access points.

As many other students have pointed out online, the course material is very outdated, as most of it covers WEP, which nowadays is a very uncommon protocol, which almost never the default for today’s routers. Newer WPA/WPA2 attacks such as WPS and KRACK were not included in the course and there was no mention of WPA3 and WPA-Enterprise. As much as I appreciate how the content of the course was relevant 10 years ago, it probably needs an update to be on par with the competition.

The course overall was really comprehensive and easy to follow, it included labs in each section to help you practice the techniques covered and it is more than enough to be able to pass the OSWP exam.

Hardware Requirements

Offensive Security recommends the following hardware,

I personally used a D-Link DIR-601Netgear WNR1000v2 as my router and an ALFA Networks AWUS036H USB 500mW as my network card, however, most cards capable of being turned into monitor mode and most routers supporting WEP open auth/PSK and WPA/WPA2 should do just fine, it is understandable to want to use a different router as the ones provided by Offsec can be hard to find nowadays.

The Exam

Unlike the OSCP exam and other exams required in other Offensive Security certifications, this only lasts 3 hours and 45 minutes and it isn’t proctored. You will be required to SSH into a BackTrack machine and find the WEP/WPA key of three access points, all of the keys have to be retrieved in order to pass.

It personally took me about 2 hours to obtain all of the keys, which honestly was a lot more than I originally planned, but I got stuck for ~45 minutes as one of the commands I had in my notes had to be slightly modified for it to work on the exam access point and I didn’t realize this until later on. This includes the time to re-do all of my steps to make sure all of my notes and screenshots were accurate and exhaustive.

All of the steps followed have to be documented in a report, and same as other Offensive Security certifications, a handy Word template is provided to you. It took me about an hour to write up the report and it was only 23 pages long. After a couple of days, I received the following email, advising me I had passed the exam:

Conclusion

Despite what some people have to say about this course, I personally thought it was well made and provided me with some new knowledge. Considering it is an Offensive Security course and it is relatively brief and inexpensive, which makes it a fairly small investment in terms of both money and time, it is definitely worth it.