OSWP certification. Back|Track’s wifu.

Backtrack’s wifu is a course about wifi networks security organised by  Offensive Security, the guys behind the GNU/Linux Back|Track distribution. Unlike other certifications, based upon multiple choice tests, to get an Offensive Security certification you need to “get your hand dirty” and pass a practical exam in a lab, to which you will connect through ssh, and demonstrate that you master the topic. Another good point is that you do not need to renew the certifcaion periodcally.

At $350 you will get a lab guide of about 400 pages and roughly 10 hours of videos that will guide you during course. The videos are in Adobe Flash format and, therefore, can be viewed in any browser. The prerequisites required by the course range from low to medium knowledge of GNU/Linux distributions.

The course is pretty exclusively oriented versus the use of the aircrack-ng suite to attack wireless networks. The lab to do execises must be hosted by the student. You need to own a wifi Access Point and a wifi card capable of doing packet injection. To help you choose the right gear there is a webpage with suggested hardware.

Registering for the course you will receive an email with a registration form that you need to fill in. Once sent you will be contacted to learn if you have been scheduled for the course or not. If you have been admitted (and I don’t see reasons why you shouldn’t) you have to do payment for the course fee, that is $350.

Once payed, Offensive Security will realize your personalized copy of the lab guide and videos. You’ll need to wait a few days because both pdf and videos will be watermarked with your registration data. Once they are finished you will receive an email with links where you can download pdf, videos and a copy of Back|Track 3. The last is  needed to exercise yourself with it because the exam will be made on a Back|Track 3 machine. The download links will be available for three day after which you’ll need to pay ($100) to get a new packet, therefore I suggest you to make backup copies.

When you are confortable and feel ready to take the exam, you need to send an email to Offensive Security giving them three dates on which you are available to take the exam. Normally one of the three provided dates will be accepted. A few minutes before the scheduled exam (time is in GMT+0 be carefull) you will receive an email with the exam objectives and access credentials for the lab. The exam will be made entirely through a ssh session without GUI. During the exam you will be assisted, through IRC or MSN Messenger, by an Offensive Security tutor that will resolve any problem that should arise. Regarding this last point I have to say that the Offsec guys are pretty good at this! I had access problems to the ssh platform and problems with the wifi interfaces installed on the lab machine both readily resolved via IRC.

As already said the exam will done through ssh in the Offensive Security labs. Do to policy reasons I can’t say much about exam details but I can tell you that you will have the possibility to choose between two wifi nics: an ALFA with Realtek chipset and another one with Ahteros chipset driven by madwifi drivers. Your objectives are to crack a certain number of wifi access points protected by WEP/WPA. In your home directory you will find a file to use where dictionary attacks should be needed, so don’t be afraid about this.

Overall I found the course much interesting and stimulating. The part I liked most was the “hands on exam” where you have to demonstrate that you know what you are doing! Very usefull are the first three chapters of the guide where the 802.11 standards and WEP/WPA implementations are described. There is a chapter about antenna types available for wifi networks too. The following chapters are dedicated exclusively to wifi networks attacks giving you step by step directions with real examples available both in the guide and in the companion videos.

To be honest, I have to admit that the course is behind actual wireless standards. Much attention is dedicated to WEP attacks with some mention to WPA attacks while other wireless technologies,  such as bluetooth for example, are not covered at all. Despite this I highly recommend this course and can’t look forward to find some spare time to dedicate myself to something more challenging such asPenetration Testing with BackTrack.

By the way, exam passed