Hi all, long time to update this blog post due to busy work at office and some other activities especially learning and practice the WiFu materials till get certified :).
If you’re interested in the information security field specific on the penetration testing, you must take this course. Here are some information about WiFu and OSWP that I took from the Offensive Security website :
Offensive Security Wireless Attacks (WiFu) is an online penetration testing training course which teaches you the skills needed to audit and secure today’s wireless devices. In this course, students will learn to identify existing vulnerabilities in wireless networks and execute organized attacks in a controlled and focused manner.
“The Only Performance Based Wireless Attacks Training in the Industry”
The Offensive Security Wireless Professional (OSWP) is the only practical wireless attacks certification in the security field today. The OSWP challenges the students to prove they have the practical ability to perform 802.11 wireless audits using open source tools through a hands-on, four-hour certification exam.
The OSWP exam consists of several dedicated wireless networks with various configurations and vulnerabilities. The examinees are tasked with identifying, analyzing, and attacking each of the wireless networks presented to them, with the goal of gaining access to the network encryption keys.
1. Conduct wireless information gathering.
2. Circumvent wireless network access restrictions.
3. Crack various WEP, WPA, and WPA2 implementations.
4. Implement transparent man-in-the-middle attacks.
5. Demonstrate their ability to perform under pressure.
As usual, Offensive Security always provide the best course and certification including the WiFu course materials that have been managed and organised properly with the best delivery method. .
After I Ordered Wireless Devices for Offensive Security Wireless Attacks (WiFu) Course and Completed the Offensive Security Wireless Attacks (WiFu) Registration Process , then I continue to learned the WiFu materials, performing the wireless attack on my self hosted lab, and do the exam ( wifu challenge ) and then writing the wifu report.
Learning the WiFu Materials
WiFu materials contain of 81 videos file and one .pdf file. You’re able to read the WiFu syllabus here : Download Syllabus . I read each of chapters on the .pdf file then read the videos. While learning the WiFu materials, I’m taking some notes ( on the KeepNote application ) of each attack scenario and other important thing that need to be noted. So I’m able to read and re open it while preparing the exam.
Totally I agree with g0tmi1k that if you’re taking the WiFu course you need to learn all of the materials although there are some pure theory. Trust me, it will help you along the WiFu course and the exam later.
Performing the wireless attack on my self hosted lab
There are some tasks ( lab exercises ) on each chapter of WiFu materials. I did all of them and wrote them into my WiFu report at the end. I need to set up the wireless access point as the target and attempt to attack it with various configuration ( WEP and WPA ). It is very fun because the nature of wireless is always need us to try and error :).
For exam preparation, I create a methodology of each wireless attack scenarios with some various configuration. Then always practice and practice till I’m ok with everything :). That’s it! .
I took the OSWP certification exam on February 28, 2016 at 4:00 PM. As the mentioned on the WiFu and OSWP page, I need to perform wireless attack to some targets with various security configuration. Offsec gave the students 3 hours 45 minutes to do the exam. OSWP certification exam is very challenging. Finally I’m able to finish the exam together with screenshots less than one hour :).
Writing the Report
After done the exam, I continue to write the wifu report including the self hosted lab report into one .pdf file although the lab report is not a must to be submitted. After I submitted the report next day ( February 29, 2016 8:19 AM ), then I got an email confirmation at 8:37 AM that I will receive an email with the exam results within 3 business days.
The OSWP certification challenge result
I got the “Offensive Security Wireless Attacks – OSWP Certification Exam Results” email next day ( March 1, 2016 at 8:33 AM like below :
Lesson learned & Tips
I’m planning to take the Cracking the Perimeter (CTP) course to obtain the Offensive Security Certified Expert (OSCE) Certification once “everything” is ready 🙂