Offensive Security offers a flexible training program to support enterprises and organizations of all sizes through the OffSec Flex Program. Offsec Flex Program. OffSec experts guide your team in earning the industry-leading OSCP certification with virtual instruction, live demos and mentoring. Offsec Academy.
|Published (Last):||7 July 2011|
|PDF File Size:||3.71 Mb|
|ePub File Size:||10.17 Mb|
|Price:||Free* [*Free Regsitration Required]|
The views and opinions expressed on this site are those of the author. Any claim, statistic, quote or other representation about a product or service should be verified with the seller, manufacturer or provider.
As always, everything in this post is both personal comments and my own experience with the course. It's not easy to create a course, especially with the amount of resources that are freely available, such as the aircrack-ng wiki and Security Tube's Wireless Megaprimer.
Both are good, if not great sources of knowledge that make them a valued resource, however, there is still room for WiFu - more on this later. Before doing the course, I had already dabbled with However, I still learnt more than a thing or two by the time I had completed the course.
Yes, I was able to learn, and teach myself for free. But, I spent time doing it, as I had to go out searching for it which made it easier to skip over certain areas, if you didn't seek them out. There are also conflicting bits of information online either because it's out-dated or it's "the blind leading the blind".
As always, with an Offsec course, all the information that you need is in one place. PDF — pages , and videos. SWF — little under 3 and a half hours. In the handbook, there are links to external example. CAP files that Offsec is hosting, allowing you to follow alongside. There is also a custom Backtrack ISO file, which is what the course recommends you use. I personally was able to progress through the entire course material in a weekend. They isn't any "step by step" instructions showing you how to alter the router configurations you sometimes see a glimpse of this in the videos , as each router's UI is different.
Instead they just inform you what settings you need to place your router in for this exercise. The upside to not having any remote labs, is that you are not limited to lab time, so you are able to work on it freely. However, the exam attempt that comes with the course is only valid for days after you receive the course materials — which is plenty of time to get you prepared. The exam however, is taken remotely. If you want to follow along yourself, you can find the course syllabus here.
Then it is chapter 3. This gives a full breakdown of Throughout this section, on nearly every page there is a screenshot, table, or diagram to help break up the text, and help explain the area in more depth.
I personally see it as a bit of a "dry" area, and the authors felt the same there are words of encouragement to stick with it and understand everything that is being said here. This is a large section over pages , as they have to cover too much in this area. This builds up a good proportion of background knowledge, showing why everything works.
Reading back on my notes for this chapter, the amount taken towards the ends does start to thin out however I have now got the PDF to use as reference to fall back on. After learning all that theory behind it, it starts to get ready for the practical. They do this by showing how to pick hardware note: I see this question being ask almost on a daily basis — it's a popular question! Rather than just saying "get this card", they explain what to look for in a card — and which one would be best suited for the job spoiler alert: there isn't a single card that "is the best and does everything".
I personally was impressed with the antennas section, showing the different signal patterns — this is something I hadn't looked into before. So, if you wish to do any of the practical you will need to purchase some of the hardware you have just researched as its not included in the course fees. The exam however, is taken online — this is covered later.
I mention this because it bugs me regarding people who are wanting help, but lacking detail however more often than not, it's also the manner of the person and how they are asking for help. The rest of the course from here on out it is now practical note: I'm guessing a lot of people's pre-course knowledge starts at this point. Most of the time, it uses the aircrack-ng suite, which is really a swift army knife. By the end of the course, I think you use all the attacks but one that aireplay-ng has to offer.
There is some similarity to the aircrack-ng's wiki content for parts of the remainder of the course. The course explains what is being shown on screen, with how it relates to what's been taught so far, followed by arguments to interface with the program as you see fit.
At the end of each chapter, there is now a lab to complete. These are tasks that relate to what has just been taught as well as a troubleshooting for common issues that the student may run into at certain stages. They start at the start with the aircrack-ng suite, by putting your card into the right mode, as this is something that you will always need to do before commencing any attacks.
This allows you to view the surrounding wireless networks. The last bit in this section, tests the wireless card, making sure "packet injection" works. Depending on which access point has been used, will affect which attacks are successful. Offsec does recommend certain access points to be used, and the course has been fully tested with them meaning all the attacks will work. If you wish to break away and use something different, you may find that certain attacks will not work.
As there are various possibilities and different combinations of WEP configurations, not every scenario is "hackable" e. It even mentions the injection attack, which allows you to inject data into a network which you are not even "connected" to. I also understand not giving away a pre-done VM image, as that still has a lot of moving parts and could cause another set of issues. They course cover using CPU vs GPU with the speed increase between the two methods, as well using pre-calculated rainbow tables to speed up the brute force progress.
Afterwards it's the reconnaissance section which demonstrates a few different methods to visualize clients and their relationships using This is where you setup a "cloned" access point to mimic the target, and finding different ways to force targets to use it.
The last practical for the course goes into "Karmetasploit" to exploit the wireless client, which I felt is a good way to finish. There are a few extra "bonus" things that are included in the PDF alternate methods and techniques to speed up the attacks. For all of this, true Offsec style, you learn how to do this "manually".
You don't rely on any "One click GUI" programs that really is just a wrapper around aircrack-ng suite. I can't go into too much detail here without giving the game away. It would have been sooner, however there was a technical issue on the remote machine the wireless card needed to be switched out. All I had to do was ask on IRC and an admin had fixed it within 15 minutes.
Whereas with WEP there was a poor cipher implement which had a weakness with the maths that behind it. The result means there are various ways to crack WEP.
Looking into the history of it, I understand why it's not in the course The course is currently on version 3 , which came out in July However, about four months later, in December , as far as I can see there was the first public release of a PoC "tool" and paper to "hack" WPS. It's a bit of a shame with the timing as it didn't make it into this release of the course may do if there is a newer release of the course.
Whilst on the subject: shortly after the release of the tool which most people know today, reaver , but that hasn't been updated since January last version is v1. These are bypass-able, and could have an "extra mile" exercise like in PWB. With WEP, there isn't any mention of "key index" how to identify which key index is being used. However, "most" of the time, it is slot 1. I felt there isn't as much of a "self-study" element, compared to the PWB, as the course material does cover a vast amount of what you need to know as and as a result, limits the possible "extra mile" exercises.
You may think that you know it all, and you truly might do. However, for the people that don't, or those who are missing certain areas, this is a great way to learn about wireless The course itself isn't too complex and it's short and this is reflected in the course fees. It is also currently the cheapest course that Offsec's cheapest course on offer.
There is also an exam at the end, which will give you a certificate OSWP , which is recognized professionally. The aircrack-ng wiki is a manual showing how to use their tool rightly so! From what I saw from Security Tube, it might touch on more topics, however, I didn't feel that it went into the same amount of depth and I didn't like the style in which it was presented.
There is a chance that you will need to buy some hardware for the course, so don't expect or rely on your current wireless device. If something isn't working for you, try and troubleshoot why its not. It wireless security is a popular subject online, and the chances are, someone before you has already had the issue and found the solution. You do not need to have done any of the other Offsec courses e.
There isn't any "cross over" between the courses. This could be your first security certificate, or simply just another course for you to do. Offsec once again, starts at the start, and covers everything in a single package - including the stuff that you could have been afraid to ask. I wanted to learn about wireless Credit to Offsec, as it is obvious that there has been a fair amount of time and thought put into the course as always!
Thank you for doing so. So why do this course? What's wrong with the resources that are out there currently? Summary Advice.
WiFu and OSWP Certification Review
Offensive Security offers a flexible training program to support enterprises and organizations of all sizes through the OffSec Flex Program. Offsec Flex Program. OffSec experts guide your team in earning the industry-leading OSCP certification with virtual instruction, live demos and mentoring. Offsec Academy. Offensive Security Wireless Attacks WiFu introduces students to the skills needed to audit and secure wireless devices. In WiFu, students will learn to identify vulnerabilities in
Offensive Security Wireless Professional (WiFu) - Review
Before I start this review the opinions of this post are those of the authors. Less than a month ago I purchased and passed the Offensive Security's online course Wireless Attack, more commonly known as the WiFu course. Before starting this course I have been heavily involved in the world of radio frequencies and wireless security testing from a purely hobbyist point of view. This previous knowledge might have helped with the course. However, I wanted to validate my knowledge through one of the most trusted certification providers in the industry. As well, more and more devices are introduced with wireless capabilities, and wireless knowledge will soon become an industry standard for penetration testers, and system administrators. It was time to pull the trigger and dive into the world of wireless penetration testing.
Offensive Security Wireless Attacks Updated
As before, I will state that I adopted the nick Dyntra for Offensive Security and many know me by this name. Feel free to say hi on either irc. Starting on a negative, let me say that the first few chapters of the Wi-Fu course are dry. So much so that the authors state reasons in the first few pages not to skip them.