Are you considering taking the OSWP exam but are unsure of what it covers or whether it's worth your time? Or maybe you’re wondering what the OSWP certification is?
This article will provide all the information you need to make an informed decision. We’ll explain what OSWP is, who it’s aimed at, and what you might encounter while pursuing it.
Next, we’ll cover the course material, including the tools and techniques you’ll learn. We’ll also give you a thorough breakdown of what to expect on exam day, and finally, we’ll help you decide whether it’s worth your time.
Let’s get started and answer the question: what is OSWP?
What Is OSWP (OffSec Wireless Professional)
Let’s closely examine what OSWP’s main focus is and who it’s aimed at.
Who is OffSec?
Offsec, formerly known as Offensive Security, is a company that trains and provides exams to aspiring cyber security professionals in penetration testing, web application hacking, exploit development, and, more recently, security operations.
Offsec is best known for its grueling 24-hour OSCP exam, which requires students to hack into various machines.
In addition to providing training, they also maintain open-source projects such as Kali Linux and ExploitDB.
Their philosophy centers around a foundational commitment: “Empowering individuals and organizations to fight cyber threats with indispensable cybersecurity skills and resources.”
Primary Focus
The OffSec Wireless Professional (OSWP) certification tests your ability to attack wireless networks. It’s designed to assess your practical ability to identify, exploit, and remediate vulnerabilities within different wireless network scenarios using various wireless attacks and techniques.
Experience Level
Before attempting OSWP, you should have a baseline knowledge of networking fundamentals and the Linux command line and a good understanding of cyber security concepts such as encryption, cryptography, and wireless security protocols. A basic knowledge of penetration testing methodologies will also help you succeed.
Primary Audience
OSWP is designed for network administrators, IT professionals, and cyber security professionals who want to expand their knowledge of wireless network security and penetration testing.
OSWP is well-suited if you want hands-on experience and practical skills in attacking and securing wireless networks rather than theoretical knowledge, which can serve you well if you’re starting your ethical hacking or penetration testing journey.
This certification is part of Stage 4 (cyber security specialization) of our career roadmap.
What Does the OSWP Exam Cover?
Let’s discuss the course's content, the hardware you’ll need, and the tools and techniques you’ll learn to prepare for the exam.
OSWP Material
The OSWP course is PEN-210: Foundational Wireless Network Attacks. In this course, which includes three and half hours of video and a 380-page course guide, you’ll be introduced to the following topics in detail.
- EEE 802.11 Standards: Covers the basics of wireless networking standards and their amendments, explaining the framework for wireless communication and encryption protocols.
- Linux Wireless Tools: Introduces the tools available in Linux for wireless network analysis, including the manipulation of wireless drivers and understanding of wireless stacks.
- Wireshark Essentials: Focuses on using Wireshark for packet capturing and analysis, teaching you how to filter and interpret wireless traffic for security assessments.
- Wi-Fi Encryption: This section discusses various Wi-Fi encryption methods, including WPA configurations.
- Aircrack-ng Suite: Provides a hands-on experience that includes monitoring, attacking, and wireless penetration testing.
- Attacking WPS: Explores vulnerabilities in Wi-Fi Protected Setup (WPS) and demonstrates how to exploit them.
- Rogue Access Points: This module teaches you how to create and utilize rogue APs for testing and methods for their detection.
- Attacking WPA Enterprise Networks: Focuses on advanced techniques for attacking more secure enterprise-level wireless networks.
- Attacking Captive Portals: Demonstrates methods for bypassing network access controls implemented through captive portals.
- Bettercap and Kismet: Introduce you to these tools for enhanced wireless network monitoring and analysis to identify potential vulnerabilities.
- Manual Network Connections: This section wraps up with the practical application of connecting to networks, determining chipset compatibility, and manually configuring wireless connections.
You can view the full course syllabus here.
OSWP Hardware
To complete the PEN-210 course, you must have compatible hardware to set up your own wireless lab, as OffSec doesn’t provide virtual machines or cloud-based labs for this course.
You’ll need a compatible router and wireless adapter to set up your own environment, and OffSec does not provide instructions.
You’ll need to find and follow a guide. Luckily, we have a great one to get you started: How to Hack WiFi With Kali Linux Like a Pro.
Here is the recommended hardware Offsec suggests you have.
Wireless Network Routers
Wireless Cards
To see what other cards are compatible with the course, refer to the Aircrack-ng wiki
OSWP Tools and Techniques
During the PEN-210 course, you’ll be exposed to the following tools and techniques, giving you the skills to perform Wireless hacking.
Tools
- Aircrack-ng Suite: A set of tools for auditing wireless networks, including airmon-ng, airodump-ng, aireplay-ng, aircrack-ng, airdecap-ng, and airgraph-ng, used for everything from monitoring and attacking to cracking Wi-Fi passwords.
- Wireshark: A powerful packet analyzer used for network troubleshooting and analysis
- Bettercap: A Swiss army knife for network attacks and monitoring. It’s a flexible tool for various network-related tasks, including MITM attacks.
- Kismet: Kismet serves as a sniffer, wardriving tool, intrusion detection system, and detector for wireless networks and devices.
- Hashcat: An advanced password recovery tool for cracking WPA/WPA2 passwords.
- coWPAtty: A tool to automate the attack for WPA-PSK networks, leveraging pre-computed hash files to speed up the cracking process.
Techniques
- Packet Capture and Analysis: Learning to capture and analyze packets to understand network behaviors.
- WPA Cracking: Techniques to crack WPA/WPA2 encryption, understanding the weaknesses and how to exploit them.
- Rogue Access Point Creation: Setting up and using rogue APs to understand how attackers perform rogue access point attacks.
- WPS Attacks: Exploring and exploiting vulnerabilities in Wi-Fi Protected Setup (WPS) to gain unauthorized access to wireless networks.
- Enterprise Network Attacks: Strategies and methodologies for attacking more secure WPA Enterprise networks, focusing on exploiting flaws in authentication mechanisms.
- Captive Portal Bypassing: Techniques to circumvent network access controls implemented through captive portals, often found in public Wi-Fi networks.
How Do I Become OSWP Certified?
You know what the course material entails and what information you’ll learn. Now, it’s time to discuss the steps to becoming certified. Here we’ll discuss your options for purchasing the OSWP exam and what you can expect on exam day.
OSWP Purchase Options
You have three options when it comes to purchasing the OSWP exam.
You can purchase the “Learn Fundamentals” a yearly subscription that provides access to:
- All fundamental learning paths.
- The PEN-210 course and an OSWP certification attempt.
- The PEN-103 course and a KLCP (Kali Linux Certified Professional) certification attempt.
- Cost: $799/year
Your second option is the “Learn One” yearly subscription that provides access to:
- The Proving Grounds (PG Play and Practice)
- All the fundamental content
- PEN-210 course
- One of the 200-level courses (PEN-200, WEB-200 or SOC-200) or one of the 300-level courses (PEN-300, EXP-301, EXP-312, or WEB-300) of your choice.
- 2 exam attempts for your chosen course
- 1 KLCP exam attempt
- 1 x OSWP exam attempt
- Cost:$2599/Year
Your third option is the “Learn Unlimited” a yearly subscription that provides access to:
- Proving Grounds (Play and Practice)
- All the 100, 200, and 300-level training materials, labs, and unlimited exam attempts to the corresponding courses (OSCP, OSDA, OSWA, OSWP, KLCP, OSWE, OSEP, OSED & OSMR).
- $5499/Year
OSWP Exam Format
The OSWP certification exam environment replicates a "live wireless network," wherein certain scenarios may involve Internet traffic and AP client behavior comparable to that observed in a physical network.
You’re allotted three hours and 45 minutes to finish the exam. Like other Offsec exams, it’s proctored, meaning you’ll need a stable internet connection and a webcam to ensure compliance with the rules. Before beginning, carefully read and follow the proctor's instructions and the exam guide.
You’ll be granted an additional 24 hours from the exam's conclusion to submit a report.
Starting OSWP
Before you start the exam, you’ll be given a connection pack to connect Kali via OpenVPN. Once connected, you’ll have access to a Kali machine. The Kali machine you use during the exam will be configured with a wireless card and all the tools you’ll need to perform the same attacks you learned in the course. You can connect the Kali machine using SSH or RDP.
Passing OSWP
To pass the exam, you must complete two of three scenarios by obtaining the proof.txt flag. One scenario is mandatory, and you must choose one of the remaining two. You can work on only one scenario at a time.
All scenarios involve gaining access to a wireless key. With this key, you must connect to the corresponding access point and access the proof.txt flag for that scenario.
Automated tools such as wifite and wifiphisher are strictly prohibited. Furthermore, the use of AI chatbots, including ChatGPT, is prohibited.
OSWP Report
Once you’ve finished your exam, the last step is to create a detailed report of your findings.
You must write a professional report explaining how you exploited each target and include all of your attacks, including the steps you took, commands, and the console output.
For each scenario, you need to show at least one screenshot of the cracked wireless network key and one screenshot of the proof.txt.
Your instructions should be clear enough for someone to replicate the attacks, and you’re encouraged to use one of two report templates provided by Offsec to create your report.
Your report must be in PDF format, packed in a .7z archive of no more than 200 MB, and uploaded to the specified Offsec portal.
Why Would I Pursue the OSWP Certification?
We've provided information on the course materials and the exam. Now, it's time to decide whether to pursue OSWP and assess whether it’s worth your time and effort.
We checked job listings on ZipRecruiter and Indeed for the keyword “OSWP” and found over 30 jobs on both sites. Although this certification is not highly regarded, some employers still seem to value it, even though it’s in a very niche area.
Most of the jobs we found were for penetration testers.
We also searched for job titles related to “wireless penetration tester” and found no matches, so it seems that it can be part of a pen tester's overall scope rather than its own job title.
While the PEN-210 course has been updated from the previous version, which emphasized the outdated WEP protocol to provide more coverage of WPA/WAP2 and enterprise networks, it's important to note that most corporate networks are currently integrating the newer WPA3 protocol.
As such, the coursework does not fully align with the latest protocols adopted across enterprise networks. However, the full switch from WPA2 to WPA3 will take some time, so you can still apply the principles learned to attack WPA/WPA2 environments that are still in use.
OSWP Benefits:
OSWP Drawbacks:
If you’re purchasing Learn One or Learn Unlimited anyway, we believe that pursuing OSWP is worth it if you have the time. However, this shouldn’t distract you from obtaining your primary credentials, such as OSCP or OSEP.
Depending on how quickly you grasp the PEN-210 material, you should be able to complete the course in 20-40 hours.
However, we wouldn’t recommend you to purchase the Learn Fundamentals package solely to access this material and exam.
Conclusion
The OffSec Wireless Professional (OSWP)) certification will prepare you with the skills and knowledge to perform wireless attacks against protocols such as WEP, WPA/WPA2-PSK, and WPA/WPA2-Enterprise using industry-standard tools and techniques.
In this article, we’ve covered everything you need to know, from the coursework and exam information to why this certification is worth considering.
If you have the time, we believe you should consider obtaining it, but ultimately, the decision is yours.
If you want to improve your hacking skills, consider joining the StationX Accelerator program and taking one of our many courses, including WiFi hacking. You'll also have access to mentorship, roadmaps, and more.
Frequently Asked Questions
Level Up in Cyber Security: Join Our Membership Today!
