OSWP - Foundational Wireless Network Attacks - Review (2023)
Introduction
Greetings, fellow cyber peoplez! Just wanted to give you guys some insight into my journey towards earning the Offensive Security Wireless Professional (OSWP) certification. In this blog post, I will take you through some of my experiences throughout this certification and how I tackled some of the issues I faced.
The PEN-210 (OSWP) is considered a foundational course alongside the PEN-200 (OSCP). In comparison to the challenging PEN200 certification(💀), the OSWP certification can be seen as a more approachable step in the journey towards wireless network security. In other words, it's not as tough!
Background
I've had little to no (practical) experience pentesting wireless networks before this. However, I was familiar with the aircrack suite and cracking tools that can be used in conjunction with it. I had a wifi pineapple for a little while and was experimenting with it couple of months ago.
Thus, I was looking forward to getting more hands-on experience with this course. I'm proficient in setting up wired networks but that proficiency didn't carry over to the wireless side of things while setting up the labs.
Gear
Router
NETGEAR AC1000 (R6080)
Linksys WiFi 5 Router Dual-Band AC1200 (E5400)
Offsec recommends the routers mentioned above to all students taking the course. However, they're pretty old (as expected) and the availability of the router depends heavily on where you're based out of. Fret not, there were some alternatives that saved me.
DD-WRT
DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.
After some intense g00gling, I came across dd-wrt which was the evolved version of OpenWrt. I had this extremely old D-Link dir-868L
sitting around collecting dust in my rack.
Luckily enough dd-wrt had custom firmware for it and I was able to flash it with no issues. If you were going to purchase the recommended router, I'd recommend looking into dd-wrt to check for your old router's compatibility before wasting some cash.
Wireless Adapter
Alfa AWUS036NHA
For wireless card compatibility, please refer to the Aircrack-ng wiki
For the wireless adapter, Offsec recommends students to get the Alfa adapter mentioned above or rever to the Aircrack wiki and pick one of their liking.
However, I ended up getting an Alfa AC1900
which was slightly overkill. After the card arrived, I realized that the Kali did not support the adapter out of the box. Thankfully the fix was as simple as installing the following package.
apt install realtek-rtl8814au-dkms
Shoutout to this kind soul over in the Amazon reviews section😂.
Labs
With the gear out of the way, let's discuss labs. To make things somewhat difficult, the course did not come with any labs. This would explain why offsec had to recommend routers. Students were required to set up most if not all the labs by themselves. However, there were a ton of guides on how to set up the following networks for attacking. (WEP, WPA[1/2/enterprise], WPS).
Setting up the various networks with dd-wrt wasn't too complicated. The process was pretty much the following:
Find a guide
Find the corresponding setting on my dd-wrt GUI
Wait for the network to go up
The "annoying" part was actually getting a client to connect to the network constantly and capture the attack. I just ended up using another VM with a wifi adapter passed through.
Do keep in mind to verify that your router is not using 802.11W
as that would prevent deauth attacks and make it tougher for you to capture the handshakes.
The Exam
My Experience
The exam was pretty straightforward. I was presented with 3 different types of networks to attack and had to successfully compromise 2 out of the 3 networks to pass. However, there was a guideline that stated that cracking 1 of the networks was mandatory to pass. This basically meant that you could only "choose" one other network to compromise.
My exam environment was pretty stable (for the most part). When I was sniffing on one of the networks, I was only getting stations. Thankfully that issue was solved with a simple revert.
Word of advice, don't limit yourself to the tools within the coursebook. There might be another tool out there that might get things done with a little bit more ease even though the end product is the same.
Thoughts
Overall, the exam was pretty doable as long as you went through the courseware and familiarised yourself with the commands and processes! Reporting was as simple as other offsec examinations. Modify the given template to your liking and submit!
Conclusion
I enjoyed the PEN-210 and understood some fundamental content and debunked a few misconceptions of mine. Was definitely less stressful compared to the other offsec courses I underwent. Hope this helps someone out there, all the best for your attempt!
Subscribe to my newsletter
Read articles from Nee directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Nee
Nee
All things Information Security!