After finishing the OSCP back in September, I decided that I was interested in taking the Offensive Security Wireless Professional course that Offsec offers (syllabus here). I read many of the other reviews out there, and they were all pretty spot on. This is my 2 cents on the course FWIW.
If you’ve been doing wireless pentesting for any amount of time, you might not get a tremendous amount of value out of it, but if you haven’t and want a good base of knowledge to start with, this is your jam. Admittedly the content is initially dry and heavy on the technical side, but if you want to understand how wireless protocols operate and work behind the scenes, just keep plugging away at it. As many have said, the tendency is to want to jump right in and hack away, but do yourself a favor and learn the theory behind what you’re doing.
Depending on your background and what equipment you currently own, you will possibly need to shell out a few bucks for an AP and an injection-capable wireless NIC. Between the NIC and AP, it might set you back $75 or so dollars. Note that since the lab material is a few years old at this point, I did have some issues with one or two of the attacks not working as expected, most likely due to the underlying vulnerability being mitigated in more recent firmware.
Offsec recommends the following APs:
- D-Link DIR-601
- Netgear WNR1000v2
and the following wireless NICs:
- Netgear WN111v2 USB
- ALFA Networks AWUS036H USB 500mW
Once you have your gear, you’re all set. There’s no lab to connect to which makes it nice in that you can lab when/where is convenient for you without having to worry about VPN access into the Offsec lab. You have 120 days from the date when you signed up to take the lab to take the exam. The lab exam itself is accessed via SSH into an Offsec provided host. You’ll have to either open multiple SSH sessions to the host or learn how to use the screen utility in linux. Whichever works best for you, go with that…there’s no right/best answer.
The exam provides you 3 hours and 45 minutes of access. I was done in just about an hour and a half, and took the remainder of the time to make sure I had any needed screenshots. Even with writing the report, I was pretty much wrapped up within just the time allotted for the exam. You do, however, have up to 24 hours to turn in your report after your time expires.
While yes, you can get all of the knowledge provided in this class for free elsewhere, but if you’re like me, and appreciate having a structured format and outline/blueprint to go by, this was well worth the investment. It helped solidify my knowledge on the tools and utilities used in wireless attacks, and helped to detail what’s going on behind the scenes. All in all, I was pleased with the course content and would recommend it to others. I would be interested to see if the Offsec team decides to release a new version once more information/tools become available regarding the recently discovered “KRACK Attacks.”
One last closing thought…yes, this course covers a lot of WEP attacks. WEP, you say? Yes…WEP. It’s still out there, as I’ve seen it on a few recent pentests, so don’t discount the course because it covers WEP. It still can be relevant in certain situations…