Hi, my name is Tulpa, and I’m addicted to Offensive Security certification. If you’ve read my OSCP review, then you have a good idea of the how incredibly rewarding the experience can be. I say ‘can be’ because the real take away of such a course depends on the student’s willingness to immerse themselves in a playful but serious state of curiosity to discover a world that’s illusive to many. I loved my OSCP training and as a result, I can prove to the world beyond a shadow of a doubt that I tried harder. That was it, the Offsec bug bit me bad. As much as I would have loved to have gone onto OSCE, I thought it wise to gear down and quickly snap up two other certs – one of which was the OSWP. Man was I wrong about this course. I read a lot of reviews ahead of time and I found a wide degree of mixed feelings and thoughts. None of that really accurately reflects what the course is about and it’s my aim to lay it out as clearly as possible to those wanting to know more.
Firstly, I heard that the course is dated and no longer applicable. The most common defence is that “there are only so many ways you can attack WPA”. Let’s take it a step back. Yes, the course spends a lot of time on WEP, most of which I will probably never use. Does that mean it’s a waste? Hell no, and let me explain. The fundamental concept of hacking is gaining a sufficient understanding of a subject matter in order to make it do things that it wasn’t designed to do. Honestly you will find no better explanation of wireless theory than what’s presented in this course. In order to do that you have to deep dive into WEP to a large extent because it allows you so many different ways to interact with the technology. To the Offensive Security team: Bravo.
I also hear people says, I already know how to hack wireless so what’s the point of doing the cert? Sure you know how to use Packet Forge, but do you know how it works? Can you make your own tools? What if there are no clients connected? Only you can answer these questions for yourself.
People also say that it’s a quick course that you can do in a weekend. Sure this is possible, but you would be doing yourself a disservice because you could go deeper. If I were on holiday, I think this course would have taken me about a week – but that’s because passing the exam is not enough for me. I want to really immerse myself into the material and understand every inch of it.
Would I recommend this course? That depends on your objective. I really enjoy deep diving, and I enjoy earning a certification which is backed by one of the best training providers out there. The material is phenomenal and I loved the videos and the PDF. Obviously this certification alone won’t land you a job but I think it makes a nice addition you other learning. Also note that this cert will NOT prepare you for OSCP in any way what so ever. The skills are just not transferable beyond basic linux commands and wireshark.
Now as much as I love Offensive Security training I also have a wish more than a criticism that I would like to add to this. Personally I would have loved if it was a ‘Wireless’ course and not just ‘Wifi’. Topics such as Bluetooth hacking and Software Defined Radio are not covered and I think that would have been incredibly interesting given how exceptionally well they covered other topics. I also would have loved to have seen a larger section of the hardware aspect such as antenna’s, using ARM devices etc.
In short it can be a worthwhile course if it’s in alignment with what you’re looking for. If you want to nerd out a deep dive, then this is the course. If you want to build a CV, then look at it as a nice to have and not a core qualification.
- Make sure you have fast connection. I had huge issues with my ADSL connection at home that made it very difficult for me.
- Make sure you practise everything that covered in the material.
- Have a cheat sheet ready with all the commands to use in different situations.