the wifu/oswp experience and alternatives

Just over a week ago I signed up for the Offensive Security WiFu/OSCP course and exam. This week I took and passed the exam. Much like the OSCP exam, this is a hands-on practical exam whose goal is to break into several wireless networks.

What sort of material does it cover? Well, there is a syllabus posted. But breaking it down, about a third of the material is about the 802.11 wireless spec, plus some tips on hardware and setting up wireless in BackTrack 5. Another third covers cracking WEP encryption with various attacks. Another roughly 20% covers WPA/WPA2 PSK cracking (old, insecure setups). The last roughly 15% covers graphing tools for wireless recon and MITM/client attacks using airbase-ng, airserv-ng, airtun-ng, and karmetasploit.

Is the course dated? Well, yes. But learning the basics is the first step to learning the harder stuff. And keep in mind, back in the early to mid-2000s, it was ridiculously exciting to see wifi hotspots popping up everywhere and start cracking insecure WEP and WPA configurations, all with the backdrop of grey, largely undefined laws regarding wifi shenanigans. That said, I do wish it covered more stuff or had an advanced version of the course to cover bluetooth, SDRs, mobile devices (to an extent), pineapples, and other fake AP/client shenanigans. But, I do understand there are severe channelges to the labs to accomplish all of that.

If it’s dated, is it worth the money? That’s always going to be a personal decision.

Can the same material be found elsewhere for less overall cost? Of course! And in lieu of actually purchasing the course, here are sources that should hold the same knowledge as presented in the course (and so much more!) for less monetary cost.

802.11 Wireless Networks (O’Reilly blue bats book) acts as the best technical reference for wifi. Incidentally, a new edition is due in 2018. The first third of WiFu is the briefest of summaries about the 802.11 spec.

Hacking Exposed: Wireless (Wright/Cache) is a complete book for wireless weaknesses and attacks, and will cover Bluetooth and SDRs. It’s not going to walk someone through every single issue, but will fuel google searches for more complete tutorials on pretty much everything.

Penetration Testing: A Hands-On Introduction to Hacking (Weidman). Weidman’s book devotes only a small chapter to wireless hacking, but it covers the bulk of what WiFu covers: WEP and WPA auth and key recovery.

Aircrack-ng tools wiki/documentation. The WiFu material reads pretty closely to the documentation of these tools, and will cover things like airserv-ng and airtun-ng.

Metasploit Unleased is a free course hosted by Offensive Security, and has a section devoted to a tool that I don’t think is covered by any of the above sources: Karmetasploit.

All of the above should cost less than the course, but provide just as much information and far beyond as well. (Which does translate into needing to spend more time doing and more time reading many more pages.) There are also undoubtedly plenty of related videos and how-tos over the years for these topics as well posted in various free and less-free sites.

Leave a Reply

Your email address will not be published. Required fields are marked *