Passing OffSec’s OSWP Exam (Review)

Ibad Altaf
4 min readNov 20, 2023

--

Certification number 4 of the year! I have been meaning to work towards some offensive security certifications. OffSec’s annual Learn One 20% discount offer, which started on the 1st of November, perfectly aligned with my plans, so I went on to purchase it. With the purchase, I also got OSWP and KLCP exam attempts. So the first certificate that I went with was, you guessed it, OSWP. So, I’d like to share my experience of the certificate in general.

OSWP Course Review

So first of all, the course has been criticized for being a bit outdated, however, I’d like to disagree. The course indulges in most of the attacks that are applicable in modern networks. The course starts off with information about IEEE 802.11, Wireless Networks & Encryption, Wireless Essentials, information about frames and networks on a lower (technical) level and, troubleshooting drivers used by wireless adapter. I’ll admit this part was a bit too dry and OffSec could work on it to make it a bit more lively and interesting to read.

The course then quickly picks up the pace with the tools that are needed to perform these wireless attacks, most of these tools come under the suite of Aircrack-ng. Straightly after the introduction of the tools, you get to learn the techniques to attack WPA/WPA2, WPA3 (Yes, you get a brief introduction of it, one of the most known attacks; Dragonblood), WPS, setting up rogue access points to attack WPA enterprise portals, and lastly, attacking captive portals. It also teaches you how to create custom wordlists based on various factors, like special characters, type of organization, and other gathered info about the organization through OSINT. The course finishes off with alternatives to the aircrack-ng suite, like bettercap and Kismet.

The course introduces you to wireless penetration testing and teaches you about almost every type of attack with great detail. What I like about the course is that it forces you to manually attack the access points, instead of allowing the usage of automated tools. This helps build your methodology and makes sure that you have understood the underlying details about how and why each attack works.

Regarding the time taken to prepare for the course, it took me 6 days to go through the whole material, then I set up the lab and used some other resources (mentioned below) to perform the attacks to prepare myself which took an additional 3 days.

OffSec Exam Review

During the weekend, I had some plans and the exam timeslots were not feasible for me, so I decided to take the exam on Friday at 4 AM (Yes, early morning :D). I joined the proctored session 15 minutes before my exam time, however, there were some internal issues which delayed my exam by 24 minutes. The proctor and their team were kind enough to allow me an extension of 30 minutes. You are provided with SSH/RDP details, you can use that after connecting to the VPN to access the attacking machine and proceed with the exam from there. I was able to finish the practical aspect of the exam in about 90 minutes that too because the environment was a bit unstable. After the exam, you get 24 hours to finish the report. I was thinking of taking a good rest and doing the report later, however since it was the last working day of the week, I wanted to finish the report as early as possible for the slightest chance that they grade my attempt before the end of the week. So I quickly finished my report in 90 minutes and submitted the report. In just over 24 hours, at exactly 9 AM on Saturday, I got an email that I had cleared the exam and had been awarded the certificate.

Suggestions & Resources

  • If you want to set up your own lap then the hardware requirements can be found here.
  • However, if you don’t want to set up your own lab, then you can download the VM and do all the challenges here to practice what you learned during the course.
  • During the exam follow the methodology that you have created during your learning of the course.
  • If you have hiccups in your environment, then make sure to instantly revert your environment, you get a good amount of reverts. However, the caveat is that you will lose all the progress upon reverting or switching to another network environment, so be wary of that.

--

--

Ibad Altaf
Ibad Altaf

Written by Ibad Altaf

Penetration tester and a red teamer. Love to learn techniques to bypass various security solutions. Find me at linkedin.com/in/ibad-altaf

No responses yet