My OSWP / WiFu Review
NOTE: All figures are correct at the time of publishing.
So my first post here and I thought I would start with a real quick review of the Offensive Security WiFu course. A couple of quick facts there, the course costs $450 and provides you with a huge PDF which is watermarked with your name should you feel the urge to immediately upload it to warez site of your choosing. You also get some video content (again watermarked) which I didn’t find particularly useful, but more on that later. You can pay $60 to resit the exam but if you work through the course material and take the time to understand why these attacks work, you won’t need to resit. Finally, the end of course exam has a time limit of 4 hours and you need to pwn 3 wireless access points in different configurations (think WEP / WPA, with or without clients).
For this course you will need a laptop with Kali linux and a wireless card / dongle that can support monitor mode and packet injection. The latter is quite rare, but I used a wireless dongle from TP-Link (FORGOT IT) which was nice and cheap. I also found my laptop (a HP FORGOT IT) had an integrated WiFI card that was injection-capable so its probably worth testing yours with Aireplay-ng before you run out to buy a replacement. The command for that is:
- ifconfig wlan0 promisc
- aireplay-ng –test wlan0
- airmon-ng check kill && airmong-ng start wlan0
- aireplay-ng –test mon0
Where wlan0 is your wireless interface name.
Okay so that’s the nuts and bolts of whats on offer here, the costs for the course and the associated bits you will need.
What to expect?
I’m a keen reader, so getting my hands on a solid course manual is always a win for me and I wasn’t disappointed here. With that in mind though, I do struggle reading from a PC screen for a big chunk of time and haven’t yet found a decent e-reader for PDFs so I had to get this printed (X Pages) which may be an extra cost to factor in. The course ware starts with a really good intro into wireless protocols, potentially a little too deep for the aims of the course but if you enjoy knowing that little bit more then this is great for you. It then moves onto talking you through some great tools found in the Kali distro, often covering the same attack across different tools to keep you from becoming tool dependent. The course comes with a video series to complement this PDF, but it rarely moves away from the PDF content. If you prefer learning from videos then this might be your bag but the narration voice was way too monotonous for me.
Where the course really comes into its element is with the exam. You ssh over the internet onto a linux server where you are in range of 3 wireless access points which are in different configurations. From here you have 4 hours to attack each access point and obtain its clear text key. That’s it, if you get all three you pass otherwise its $60 for another go. In my opinion, this is what makes the course (like all Offensive Security courses). There are no brain dumps to be memorised, you are either competent or you’re not.
In summary, I really liked this course. If nothing else it gives you a great insight into what makes for a secure wireless key and more importantly what doesn’t constitute a secure key. You will also get a good understanding of wireless protocols and how secure traffic is as it propagates. I would have liked to have seen more on rogue access points and compromising WPA-Enterprise installations but this course gives you the foundations to explore that yourself.