The will, the Wifu, and the paper

Since 1993, I have worked, lived, and breathed IT from both a career perspective and a personal ‘hobby’ point of view. My career has seen me work in various silos, such as Unix and MS sysadmin roles, networking, virtualisation, scripting, and SANs just to name a few. I have been able to absorb a large amount of knowledge by being quiet, listening to peers who have been willing to teach and whom I respect, and by returning that same knowledge to those wanting to climb the ranks. And year after year I continue to keep up the pace with the various twists and turns which a career in IT offers, never really pushing myself past my comfort zone. However throughout it all, one component of IT has always risen above all else as my real passion … security.

For me, I made the decision that 2014 is all about creating my own destiny in the security world. Not to simply continue just dipping my toes into the shallow end of the security space, but to fully immerse myself in the discipline. With the support of my family, I have been spending a lot of our time researching, learning, testing, breaking, and absorbing new knowledge. I am not entirely sure of where my path is leading to, but for now I am thoroughly enjoying the offensive security and grey hat arena. Whilst self learning is great, this year I really need to bite the bullet and start adding certification to my ammo box of knowledge.

Now I haven’t really studied for years… I have been one of those people that starts something but never really follows through. Partially due to a busy family life (sounds like an excuse to me), and mainly due to being an A+ grade procrastinator. What is different this time though is that I have the will to study. It is hard to explain exactly what that is, but I liken it to when I quit smoking years ago. You always wanted to stop smoking, but it is not until you have the will to quit that you actually commit to yourself and follow through with your goal. Well I have that will to study now, and it’s finally time to commit myself to my passion for security.

Enter stage left the Offensive Security Wireless Attacks course (aka Wifu) and the Offensive Security Wireless Professional (OSWP) exam. For the last few years I have already been playing with all things 802.11, be it breaking WEP, WPA, WPS enabled wireless networks (See my All your AP base are belong to us post), or MITM attacks around wireless. I have been pretty comfortable with my skill set in this arena so the logical choice was to qualify my knowledge of this area and hopefully ascertain the industry respected OSWP certification.


The Wifu

Offensive Security Wireless Attacks is a self-paced course. You simply register at the Offsec website, and after roughly 24 hours you will be emailed a link to where you can download the handbook/lab-guide and the associated training videos. You only have 72 hours to download this information, so once downloaded ensure that you make a backup somewhere just in case.

As with all Offensive Security courses, WiFu is completely hands on. You will need to prepare your own lab at home for your various attacks, and purchase your own wireless card (with injection ability) and a suitable WAP. I already own various Alfa cards, so I utilised the AWUS036H card for my study. I did however go out and purchase a cheap wireless router (D-Link DSL-2750B) so that I didn’t have to keep disrupting the kids wireless every time I disassociated clients. :) You will find a list of recommended lab hardware on the offsec website.

The lab guide is roughly 385 pages, and it should only take you a couple of weeks to complete the course if you already have a strong knowledge in the wireless space. The first 3 chapters of the course material deals with all the theory and technical knowledge you should know in order to have a solid foundation in wireless networking; it’s not all just black magic you know. From there on in, things really start to ramp up and you can get your hands dirty. I would highly recommend that you do not skip over the first 3 chapters, it is most definitely worth knowing the theory.

Did I learn anything based upon my previous assumption that I was already comfortable with wireless attacks? Most definitely! There were a number of scenarios and techniques that I had never touched on, and, if I had not learnt them I would not have been able to complete the exam. So for me, the course material was excellent and well worth the financial and time commitment.

The Paper

In order to achieve the Offensive Security Wireless Professional (OSWP) certification, you will obviously need to sit the exam. Once completed, holders of the OSWP will be able to demonstrate their ability to “conduct wireless information gathering, circumvent wireless network access restrictions, crack various WEP, WPA, and WPA2 implementations, implement transparent man-in-the-middle attacks, and demonstrate their ability to perform under pressure”. Now I cannot go into detail about the exam, however I can state that if you learn everything in the course material, you will do well in the exam. I was a nervous wreck for the 24 hours prior to the exam (queue my twit of “Busier then a one-legged man in an arse-kicking competition. Nervous about #offsec #oswp exam tmrw. Haven’t had to sit an exam for years!“), but in hindsight there was no justification to be so worried.

The exam runs for about 4 hours and once you complete the exam you have 24 hours to submit a report of your evidence and technique. Remember help is always at hand from the admins on IRC should you need them for any reason. If you ask for help because you’re stuck, they’re most likely going to feed you their trademark response of “Try Harder”. However, if you’re stuck because of something out of your control, the admin are very helpful and quick to respond. For my exam, I had trouble on a particular section as the hardware I was engaged with was faulting. A quick IRC /msg to an admin, and they had the hardware fixed within a couple of minutes and I could continue on my way. This is where my previous statement that “if you learn everything in the course material you will do well” is so important. Had I have not been so sure that my attack method was accurate, I would not of known that there was a hardware fault, and would have had to of assumed a methodology fault.

Where to from here?

I am at a bit of a crossroads deciding which path I want to take from here. There is always the vendor path, however I am not overly interested in spending my money or selling my soul to a particular vendor and limiting my knowledge to that realm only. I have always believed that your workplace should invest in you to do vendor certification. Then there is the theory versus practical roads. Theory such as the CISSP or some of the SANS certifications are great resume or CV fillers, but I am not entirely convinced that is where I need to be at this stage. I am not after a change of employer just yet, so the value of propping up my CV doesn’t really appeal. Right now, I am strongly starting to move down towards the Offensive Security Certified Professional (OSCP) road. The course and exam has been described by many peers as ‘brutal’, and I think that actually attracts me. It’s completely about getting your hands extremely dirty, and the certification is highly respected due to the amount of time, effort, and knowledge involved. Most people don’t get this certificate on their first try, and that only makes me want to succeed even more.

No matter what road I take, I am sure it will be the right path, and I am sure I’ll be rewarded accordingly.

“Ummmm…. aren’t you forgetting something? Did you pass?”

I passed, and I passed well. Thanks for asking. :)

We are happy to inform you that you have successfully completed the Offensive Security Wireless Attacks certification challenge and have obtained your Offensive Security Wireless Professional (OSWP) certification.



  1. OJ wrote:

    Congrats on passing your first Offensive Security certification. It feels good doesn’t it? I highly recommend doing the others. I had a blast doing OSCP and OSCE, and I learned a great deal from both. I doubt you’ll regret it.

    All the best for 2015, I look forward to catching up at various cons/meetups.


    PS. Nice blog. I only just stumbled on it.

    • admin wrote:

      Cheers OJ. Just passed the OSCP in November :) amazing feeling of accomplishment. Write up coming in next few days.

  2. chrisg wrote:

    Congrats on getting your cert!

    I too am moving into the security field from a sysadmin role. I am building myself up before I jump into OSCP. I am going to take OSWP first to get a feel for the Offsec courses.

    Looking at the Offsec website, there doesn’t look to be any set expiration date for the course. So once you have completed the training material/labs, you submit to take the cert?


    • xerubus wrote:

      Cheers mate. You’ll enjoy the OSWP and the OSCP. At the moment, you do your material/labs and set yourself a time/date to take the exam. Good luck and enjoy!

  3. chrisg wrote:

    Thanks and love your blog!