Zeyad Azima

Zeyad Azima

Brain Storming Stuff (Exploit Development, Reverse Engineering & More)

OSWP Review & Guide

4 minute read

Introduction

Welcome to this blog post! I will be sharing my experience with the OSWP (Offensive Security Wireless Professional) exam and providing a study guide for wireless (Wi-Fi) penetration testing and the OSWP certification.

Back in Time

I have been experimenting with Wi-Fi hacking since middle school. Over the years, I learned about IEEE concepts and how Wi-Fi works. I used to create access points (APs) and hack them for practice. The last time I did anything related to wireless penetration testing was during one of my projects in 2022, so it had been a while. However, I was familiar with the basics, and with some practice, I was able to get back up to speed.

Exam Review

The exam duration is 3 hours and 45 minutes, which might seem short, but it’s more than enough time to complete the tasks. The exam provides you with 3 different Wi-Fi APs, each using a different security method, such as WPA-PSK, WPS, WEP, or WPA-Enterprise. You are required to solve one mandatory task and another one of your choice.

When the exam started, I faced several technical issues—the APs were not showing up, and sometimes there were no clients on the APs. I had to contact support, and after some back-and-forth, the issues were resolved. The actual time it took me to solve the exam was around 1 hour, but with the technical difficulties, it extended to over 4 hours. Fortunately, the support team provided additional time to compensate for the troubleshooting. After completing the exam, it took me a few more hours to finish and submit the report. On July 5, 2024, I received my exam results:

image

Study Guide

As for studying, I didn’t go through the course material since I already had prior experience with wireless penetration testing. All I did was practice and familiarize myself with Wi-Fi pentesting again. However, I wasn’t familiar with WPA-Enterprise, so I studied and practiced it specifically.

The first thing you need to understand is IEEE 802.11. You can learn all about it from the IEEE. Next, get acquainted with wireless fundamentals, which you can find here.

For Wi-Fi security and encryption, these resources are helpful:

Next, familiarize yourself with the wireless tools on Linux:

Following that, learn how to use Wireshark specifically for wireless:

Then, dive into aircrack-ng tools and learn how to attack networks:

Practicing

For practicing, you don’t need to buy any wireless cards or additional equipment. You can use WiFi Challenge Lab, which offers a variety of challenges for Wi-Fi networks. It’s perfect for practicing wireless penetration testing in general. You can also follow the walkthrough here.

Notes & Tips

When starting the exam, solve the AP that is available first. Once finished, reset the next challenge you want to solve through the exam panel to avoid any issues with the APs. You can also refer to the OSWP PlayBook, which is an excellent resource to help you pass the exam and improve your skills in attacking wireless networks during a test. Make sure to have a backup for the machine/device you are using, Also make sure that your ISP supports Openvpn, Cause some countries blocking it. Finally, Be calm & Don’t panic!.

Conclusion

In conclusion, the OSWP exam is straightforward and to the point. If you encounter any issues, don’t hesitate to contact support through the chat feature. With proper preparation, especially focusing on the areas you are less familiar with, and a solid understanding of the tools and techniques involved, passing the exam is highly achievable. Remember to take your time, stay calm, and approach each task methodically.