Does pen-210 (OSWP) certification worth it?

blog + Certifications Z. Oualid today

share close

When talking about wireless attacks and penetration tests, there is a very few good certifications that anyone interested in this field may go after. One of the most popular ones is the OSWP made by the offensive security team. So, does the pen-210 course and OSWP certification worth it?

The OSWP certification is one of the best and the most up-to-date certification in the field of wireless penetration testing. With the technical aspect that offers its exam, you can be 100% sure that what you learn is applicable in the field.

In the following section of this blog post, I am going to discuss the different topics covered by this certification, and what you will learn during this course. In addition, I am going to give you my personal point of view about this certification to help you make the right decision for your career. You should be 100% sure that it is my own personal opinion and I am not getting paid for giving it (no affiliation). So, if you are interested in knowing more about this certification, just keep reading.

What are you going to learn in OSWP certification and why?

  1. IEEE 802.11
  2. Wireless Networks
  3. Wi-Fi Encryption

The first chapter in this certification is the IEEE 802.11 standard. Before you can be able to attack a protocol or any system you should first understand how it works. Knowing the internals of the IEEE 802.11 standard and its different variations helps you better understand the used techniques to attack it.

The same for the next two chapters wireless networks and Wi-Fi encryption. The offensive security team, try to introduce the student to the world of the wireless network by discussing the different key elements. In those chapters, both the technical and theoretical aspects of the wifi technology will be presented to have a full idea of the way, the wifi works before starting to blindly apply the attacks.

  • Linux Wireless Tools, Drivers, and Stacks
  • Wireshark Essentials
  • Frames and Network Interaction
  • Aircrack-ng Essentials

Always with the same logic, the offensive security team tries to introduce the student to some of the key tools that he will work with during the attack section of the OSWP certification. Knowing about Wireshark and aircrack-ng is mandatory to be able to analyze traffic and crack the wireless keys.

In addition, having some information about the different built-in wireless tools of the Linux system may help during an assessment.

  • Cracking Authentication Hashes
  • Attacking WPS Networks
  • Rogue Access Points
  • Attacking WPA Enterprise
  • Attacking Captive Portals

Once all the theoretical and technical aspect is well mastered, the OSWP certification tries to present and explain some of the most used techniques to attack the wireless network. Each one of those attacks could be used either separately or in combination with other techniques to attack wifi and gain access to it.

Some of those techniques could be used against any type of wifi encryption others are only used against specific ones like WPS or WPA.

Even if the WPA encryption seems to be very old and outdated content, it is still used in old used equipment. Therefore, it is essential to know about it to use it whenever needed. It is a sort of quick win during a pentest.

  1. bettercap Essentials
  2. Kismet Essentials

To apply the early discussed techniques you can go semi-manual or fully automatic by using either bettercap or kismet. Knowing about those tools is essential to automate the discussed attacks. In a professional penetration test, it will be time-consuming to redo the same techniques again and again. Therefore, using automated tools will help you accelerate the process.

  1. Determining Chipsets and Drivers
  2. Manual Network Connections

As enumeration and information gathering are the keys in any penetration test, at the end of the OSWP certification, try to give the student an overview of the different techniques that can be used to gather more information about the targeted network.

Does the content in the OSWP certification up-to-date?

If we compare the old content of the OSWP to the new one, then yes the team behind this certification has performed great changes and was able to add more useful content to help students. But does this still very useful with the new technologies?

The answer is yes and no at the same time, some of the presented techniques might work with any technology like for example the Rogue Access Points. However, others may not work if you are facing new technology.

However, I would say that like for any kind of certification in the cybersecurity field, they only give you the basics to start your journey of self-training.

Is it a technical or QCM-based exam?

When talking about purely technical cyber security certification, the first organization that comes to our mind is Offensive security. People that try to get more technical knowledge about a specific topic in the cybersecurity field go after the offensive security certification because they know they will learn and challenge themselves. All the certifications proposed by the Offensive security team are accompanied by a technical exam at the end.

The OSWP exam is composed of 3 wireless networks that you should attack and gain access to them by cracking their wireless key. Once the key is obtained the student should visit the file and submit its content in the lab control panel before the exam duration ends.

The whole exam last for 3h and 45min where you should apply all the techniques you learned during the pen-210 course. In addition, it is highly recommended to take a look at any newer technique to crack the wifi as you may face something you didn’t learn about in the pen-210 in the exam.

How to prepare for the OSWP certification?

Before getting into this certification I highly recommend reading and trying to understand as much as you can the TCP/IP protocol and the OSI model. Having a good understanding of this will help accelerate the learning process and you may be able to skip a big part of the OSWP certification.

Moreover, getting familiar with the Linux commands and architecture is also mandatory. This part is actually required for basically any technical cybersecurity certification you may want to get.

In addition, try to prepare your personal computer to host the Offensive security special VM. This means that you may need to clean your PC to get enough hard disk space. Also, try to upgrade your computer’s RAM to reach at least 16 Go to work comfortably on it.

Here is also some other Offensive Security hardware requirement for this certification:

Recommended Wireless Network Routers

  • NETGEAR AC1000 (R6080)
  • Linksys WiFi 5 Router Dual-Band AC1200 (E5400)

Recommended Wireless Cards

  • Alfa AWUS036NHA

OSWP vs OSCP who is the best for me?

I think that those two certifications are not comparable, as each one of them targets a specific penetration test field. In addition, the level of difficulty in each one of them is very different. The OSCP certification as explained in a previous blog post is designed to give penetration testers the right skills to perform network or web application tests.

However, in the case of OSWP, the certification allow the student to gain the required skills to perform a penetration test only against wireless networks.

If we try to compare the certification’s difficulties, I would say that OSCP is way more difficult than OSWP and that’s simply because it covers way more fields and information than OSWP. However, both certifications are good to go after, all you need to know is what field you want to master first. If you are just starting in the penetration test field with basically little to no technical skills, I may recommend going after the OSWP before OSCP, to get used to the way the offensive security team prepares the exam and its atmosphere.

Written by: Z. Oualid

Rate it

About the author

Z. Oualid

I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).

Previous post

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *