Wednesday, January 3, 2018

OSWP review


Hands-on Wireless Penetration Testing Training Course

For quite some time I have been thinking about writing this post. Not so much because I want to share everything that is going on in my life, though at some moment after reading dozens of other peoples reviews, I started thinking about adding something myself.

Starting from the most recent event. Today I submitted my OSWP exam report. For anyone interested, please read https://www.offensive-security.com/information-security-training/offensive-security-wireless-attacks/

It's primary goal (to my belief) is having people learn the basics in wifi hacking. Though its name suggest that other wireless technologies might be included, be aware, this courses main objective is teaching how to gain access to a really badly configured wifi access point. Other forms of wireless communication like bluetooth hacking are not in scope.

The really cool thing about this course (as with all offsec's trainings I guess) is the self hosted lab in which you are actually going to perform the attacks you recently learned about. So it is (and in many other senses) completely different than the OSCP course, in which you tunnel to a lab environment. You have to setup you're own router, with your own network card and install it custom for each attack variant.  Here I would like to place a remark w.r.t. the hardware that needs to be bought.

hardware

Offsec recommends following hardware for this course: (see earlier mentioned link)
Recommended Wireless Network Routers
  • D-Link DIR-601
  • Netgear WNR1000v2
Recommended Wireless Cards
  • Netgear WN111v2 USB
  • ALFA Networks AWUS036H USB 500mW
As one will notice, the hardware mentioned here is a little outdated and if you, like me, live outside the US, the hardware is kinda hard to buy.

That being said, several alternatives do exist, especially for the wireless card. I used the ALFA AWUS036NHA and the TP-LINK TL-WN722N without any notable issues.  Biggest issue was the router. I could not easily identify substitutes that would allow me to perform all attacks as required.  So I ended up buying a TP-LINK AC1200. As long as it capable of securing via WPA/WPA2 and WEP (both open as well as PSK authentication) you should be able to perform most of the attacks that are required for this course. I ended up not being able to perform two types of attacks (without going into detail) with this alternative.

Making good notes, really understand what is going one during the attack should compensate for this loss. Since I was able to achieve all required hacks in the exam today, I think this course can be completed with any wireless router that complies with mentioned specs.

Costs

USD 450, including one exam attempt. Reserve some additional money for buying the hardware.

Timelines

I registered for the OSWP course in the third week of December 2017. Once you pay you will receive an email stating that you have to book your exam within 120 days.  Actually I took mine, today on January 3, 2018. I completed all exercises in two weeks before prepping for the exam. Given my speed I would think thats easily feasible if you have like 2 to 3 hours a day. One can take the full three months and go through every bit in detail, but my focus was more on understanding the concepts and not really on thoroughly understanding every bit.  However, if you want to do that, the course compasses a nicely structured outline for this.

Since I have not yet received the feedback on my exam report, it is a little early to conclude on my time lines, but since I managed to "circumvent various security restrictions" I expect to be just fine.

Exercises

The  fun part. Being in your own lab (you really want to isolate the lab settings from your own (w)lan, because you will feel vulnerable big time!) and setup your own router with the purpose to crack it later is so cool. Seeing your consciously created, non-dictionary, password being retrieved within minutes is just fun (and scary btw).

With the videos (which I only used once) and excellent PDF all exercises can be done without that much effort. Sure, some basic understanding comes in handy, but the provided material is so comprehensive, that I wont expect anyone having genuine interest to have any issues.

Just make sure to make notes of the different attacks you practice, that'll make life much easier when going for the final round.

And please don't forget to visit the aircrack website every now and then when you feel like nothing is working.

As known, support with offsec courses is magnificent. They reply emails within a day, and have online support via chat if required in case you have any technical issues, or need the occasional nudge (thought, thats more an OSCP thing I guess).

Exam

Well, was I nervous? Yeah, for sure. Wind was blowing really hard this night, so the wind kept me awake, my 4 month old lovely daughter woke up at 3:30 and I had the magnificent idea to visit a new years reception from the billiard club in the local pub the day before.....Recipe for disaster.....Well, lots of coffee got me through the day eventually and honestly, adrenaline kicks in the moment you receive the email with the info you need for starting the exam.

Due to the code of ethics I will not mention anything more about the content of the exam then I've already stated previously. I finished "circumvent various security restrictions" within 1 hour and 12 minutes and spend the remaining 2.5 hours on rerunning the attacks, verifying my notes, reviewing my screen shots, had lunch (important) and had it all written down in a pentest report (for which a template was provided by offsec btw).

And...?


Now the big waiting has begun. Checking my email every 5 mins....
Since I failed my OSCP exam twice before passing, I would really not want the email to start with: " We regret to inform you that,......" But who knows.....Some admin on the offsec IRC channel suggested to send an email to bribes@offsensive-security.com with a big laugh. And thats what it should be! FUN and entertaining, but serious when it comes to the content and learning objectives.

No matter what the result of the exam will be. I had a great time, and did learn many new things.

Depending on anyone reading this post I'll write a review that'll include my OSCP experiences also (and I guarantee that'll be worth reading ;-)).

For now, I'm closing kali/backtrack and every peripheral I can find and gonna sleep. Waiting for the exam result mail in the inbox.

Cheers.
Posted by at No comments:
Subscribe to: Comments (Atom)