On July 24, 2022 I took the well-known Offensive Security Wireless Professional (OSWP) practical exam and although Offensive Security can take days to inform of the result of the exam (pass/fail), the next day on July 25 they informed me that I had passed 🙂 Kudos Offensive Security for the quick response.
The truth is that I personally have been performing WIFI audits since early 2000 as you can see some of my old WIFI cards that I keep for nostalgia (Figure 1) and it was logical to get this certification (yes, I took it easy).
Nowadays for my audits I use modern technology that I will discuss throughout this post as it will be useful to obtain this certification for the interested reader. Let’s start, this is my story.
The PEN-210 course is focused on wireless attacks both to access points (AP) and clients. We must keep in mind that the course is an introduction to WIFI attacks (foundation course) and alongside the PEN-200 (OSCP) course, so if you have years of experience in WIFI audits you may find the course somewhat simple, although you will always learn something new, I’m sure.
In this link you will find the course content.
Hardware
On the course website we find the hardware recommended by Offensive Security which are:
Routers
- NETGEAR AC1000 (R6080)
- Linksys WiFi 5 Router Dual-Band AC1200 (E5400)
WiFi card
- Alpha AWUS036NHA
Personally, I did not find the recommended routers, but I used these others that have served me perfectly (see Figure 2). I recommend the TP-Link TL-WR841N as it allows all the necessary configurations for the course (WEP, WPA/WPA2, WPA Enterprise and WPS).
- Tenda F3 Wireless N300
- TP-Link TL-WR841N
Although I have quite a few WIFI cards (2.4G and 5G) for the course, I used only the Alpha AWUS036NHA (which is the recommended one). In Figure 3 you can see some of my cards, I have more, that I used for my WIFI audits.
- Alpha AWUS036NHA (top right)
- Alpha AWUS036NH
- Alpha AWUS036NEH
- TP-LINK WN722N
- CSL – 2 Wireless Dual Band Antenna
Exam
I can’t comment on the exam, so I recommend reading the official OSWP Exam guide very carefully.
The guide tells us that there are three attack scenarios and the total time we have is 3 hours and 45 minutes. At the end of the exam, we have 24 hours to send a report detailing the whole process.
Just tell you good luck 🙂
Conclusions
If you like WIFI audits and you can afford the cost of the certification (currently only available within the Learn One or Learn Unlimited subscriptions) then go ahead, I recommend it. Otherwise, no problem, you have different options such as other WIFI security certifications (Google is your friend) and keep learning on your own.
Some tips for OSWP certification:
- Join the Offensive Security Discord. Good people willing to help and lots of questions/answers that will be very helpful.
- If you buy the hardware I recommend, you should have no problem doing all the exercises in the course. If you buy another router, make sure it allows the different configurations needed. Buy the router on a website where you can return it without problems like Amazon.
- Remember that the exam is open book.
- Even if you have been doing WIFI audits for some time, don’t be overconfident and practice the different attacks before the exam (at least two or three times).
- Aircrack-ng is your friend. Use it wisely.
That’s it folks, and now to attack an AP (for an audit, of course 🙂
Anything you would like me to comment about OSWP or WIFI audits in another post or even video on my YouTube channel?
@simonroses
One Response to Offensive Security Wireless Professional (OSWP): my experience