In January 2018, I successfully passed the OSWP (Offensive Security Wireless Professional) certification. I wanted to provide feedback on my experience achieving this certification.
I started by visiting Offensive Security’s Wireless Attacks (WiFu) page to register for the course and to gather information about the exam. On this page, Offensive Security provides details on the topics covered, self-hosted lab, and the certification.
Prior to or during the registration process, I would recommend assembling the lab. The lab should contain a wireless router, an injectable wireless card, a virtual machine host, and victim machine. Offensive Security recommends the following equipment:
Wireless Network Routers
- D-Link DIR-601
- Netgear WNR1000v2
- Netgear WN111v2 USB
- ALFA Networks AWUS036H USB 500mW
When I built my lab, I used existing equipment that I had previously owned and only purchased the wireless card.
- BackTrack: MacBook Pro (2012) with VMWare Fusion
- Victim System: Dell Vostro; Windows XP
- Wireless Router: Cisco 1231
- Wireless Card: Panda Wireless PAUO5
I later purchased and added the following equipment for additional learning as well as to meet Offensive Security’s hardware recommendations:
- Wireless Router: D-Link 601
- Wireless Card: Alpha Atheros AR9271 (AWUS036NHA)
- Second Victim: Dell Inspiron; Ubuntu 10.x (previously owned)
After registering and purchasing the WiFu course, Offensive Security sends an email that contains links to download the course material. Contained in a compressed format are the training videos, the “Wireless Attacks — WiFu” PDF, and the BackTrack Wi-Fu ISO. It should be noted that both the videos and the PDF are watermarked with your name and your registered OS#.
The PDF is 386 pages and contains seventeen chapters. The first four chapters are the toughest read, but necessary in learning about wireless technology. The remaining chapters go over tools and techniques to exploit WEP and WPA.
The training videos compliment the PDF by providing demonstrations on the various tools and techniques. These were especially useful if a concept was not clear when reading the PDF.
I have read several blogs and posts about individuals working through the material in a weekend and then passing the exam. For me, I spent about two weeks working through the labs prior to registering for the exam.
Once registered for the exam, I obtained the report template and started trying to simulate what I thought would be on the exam. I went back through the material and timed each attack.
I then turned my attention to the final report. During my practice testing, I concentrated on capturing screenshots to be placed in the report. In addition, I spent time documenting procedures so that I could have a more polished look and feel when submitting the final exam report.
On exam day, Offensive Security sends an email with connectivity credentials and instructions. In addition, links to the official guide as well as a support contact are present in the email.
Pay close attention to the “OSWP Certification Exam Guide.” It provides details on the exam requirements, the exam information, and the submission instructions.
As to the exam, I will not go into details of what attacks or techniques were used. However, I will advise that one pays close attention to the details. Had I not “fat fingered” one of my attacks, I would have completed the exam within an hour to an hour and a half. However, I believe I was well into hour two prior to finding and correcting the error.
Since SSH is the method used to connect to the exam lab, I would recommend becoming familiar with the Linux screen command. This command keeps an active shell alive if connectivity issues are present during the exam.
Once all of the exam stages have been successfully completed its time to work on the documentation. For me, I finished the documentation within a couple of hours of completing the remote exam. I then followed the “OSWP Certification Exam Guide” to submit my exam document.
After submitting my exam document, I received an email that acknowledged my submittal. Within three days I received the email that I passed the exam. Then about 25 days later, I received the email that my certificate would be arriving by courier.
Overall, I really enjoyed this exam and the experience. I was very appreciative that the exam was not the traditional multiple guess at a testing center, but rather it was an exam that you had to demonstrate what you learned behind the keyboard. I hope the information that I have provided was informative and provides guidance for those looking to earn the OSWP certification.