Offensive Security Wireless Professional (WiFu) - Review

Offensive Security Wireless Professional (WiFu) - Review

Before I start this review the opinions of this post are those of the authors.  Less than a month ago I purchased and passed the Offensive Security's online course Wireless Attack, more commonly known as the WiFu course.  

Before starting this course I have been heavily involved in the world of radio frequencies and wireless security testing from a purely hobbyist point of view.  This previous knowledge might have helped with the course.  However, I wanted to validate my knowledge through one of the most trusted certification providers in the industry.  As well, more and more devices are introduced with wireless capabilities, and wireless knowledge will soon become an industry standard for penetration testers, and system administrators.  

It was time to pull the trigger and dive into the world of wireless penetration testing. The material of the WiFu course is publicly available and can be referenced here.  The course begins by performing dive into the standards and protocols for the 802.11, and the history of WiFi.  Followed by the how a wireless network operates, and the different types of WiFi.  After the brief introduction the Offensive Security course moves into an exhausting description of how wireless packets are built and transmitted.  This knowledge is great for background knowledge showing the very intricacies of how wireless works, however I found this section to be painful to work through.   However, working through these many pages really helps the student understand how the Aircrack Suite works on a lower level instead of simply describing what a command is doing.  

Unlike the OSCP labs that are offered by Offensive Security the WiFu course is all self hosted in a local network.  Offensive Security as well references some hardware that is a prerequisite to help setup the lab network in order to attack locally.  Albeit, there are no instructions contained in the PDF on configuration of the hardware that is suggested.  This can be problem causing as you move into the practical lab section as certain attacks were unable to be performed even with the troubleshooting sections that are provided in the PDF.  There were certain sections where I have still yet to successfully perform on the suggested hardware which could be due to updates in firmware or changes in the rolling Kali release.  Additionally, I should mention here that when purchasing the course the student is provided with a version of BackTrack r5 to practice with.  I downloaded the ISO and fired it up in my version of VMware.  However, I wanted to utilize my wireless card I had purchased in 2018 for the lab.  The version of BackTrack is obviously deprecated and will therefore no longer get updates or be able to install packages to support the Alfa AC1200 that I had purchased.  With these problems considered I decided to just run a bleeding edge release from the rolling Kali 2018.2 build.  This might have caused some of the issues mentioned previously.

If you have suffered through all of the background knowledge and deep dives into packet building you will be rewarded with learning the practical side of wireless penetration testing processes.  To begin with Offensive Security begins by talking about administration of the wireless card and using the Aircrack Suite to get the cards into a "monitor" mode.  As mentioned earlier in the post I just had to make this process more difficult on myself by using an unapproved wireless card, in which I had to learn how to place the card into monitor mode in a more manual mode using the iwconfig command.  

Per the course agenda referenced above the course covers common WEP and WPA/WPA2 attack methods.  Unfortunately, it will only cover Pre-Shared Key (PSK) encryption and skips over common Enterprise level encryption attacks.  Surely the reason for not covering a common encryption method is due to the complex nature of setting up a wireless access point with some sort of centralized authentication behind it.  This could be a future selling point by providing a small lab for the WiFu course with additional topics covered.  

After covering the two encryption methods WEP and WPA the course also provides a brief description of wireless reconnaissance section which demonstrates connections between access point and client devices.  Whereas, this section is not necessarily critical it really seems like a fun way to demonstrate some of the more flashy skills that might help with building reports or just enjoying the world of wireless testing.  

The testing section has an exam guide just like the OSCP exam.  The exam guide provides the general guideline on the pitfalls that might cause a student not to pass the exam.  All of the information is clearly explained and provides a great checklist for making sure the directions were followed appropriately.  The maximum time allotted for the test is 4 hours with 24 hours to write the report, however I was able to wrap up the exploits in under 50 minutes.  Then spent the next 2 hours preparing the documentation and submitted under the initial 4 hour mark.

My final opinion on the OSWP.  Overall this is a great course for a beginner wanting to break into the world of wireless testing and reconnaissance.  The course does not feel updated though.  It still focuses heavily on the WEP encryption attacks instead of focusing on the market leading WPA/WPA2 encryptions.   As well there were no attacks for the WPS pin attack using the Reaver tool, and of course since I took the test before the latest WPA attack was released it wasn't expected.  However, these new methods that are still being developed and reported should be added to the course.  I would absolutely pay an additional fee to get an updated version of the PDF and to retake the test with more current attack methods.  

Ryan Villarreal

About Ryan Villarreal