OSWP Certification
In March 2020, I earned the Offensive Security Wireless Professional (OSWP) certification. The experience was rewarding and gave me a chance to formalize my understanding of wireless penetration testing. Having a solid foundation in wireless security already, I didn’t find the course or exam particularly difficult, but it was still a thorough test of my skills.
My job needed someone with wireless pentesting credentials, and since they were willing to pay for the certification, it was an easy decision. I also knew that Offensive Security certifications carry a lot of weight in the industry, making the OSWP a valuable addition to my resume. While I don’t always agree with everything OffSec does as an organization, I can’t deny the respect their certs command.
The OSWP course, known as "Wi-Fu," covers the basics of wireless security, including WEP, WPA, WPA2, and the tools and techniques used to attack these networks. For someone already familiar with wireless pentesting, the material wasn’t groundbreaking, but it was still well-structured.
That said, the labs had some frustrating moments. They needed to be reset more often than I’d like due to bugs, which disrupted the flow of learning. Despite these hiccups, the labs did their job. I felt confident going into the exam after working through the exercises and practicing the techniques.
The exam itself was a straightforward, hands-on test. Over the course of about four hours, you’re tasked with exploiting wireless networks in a controlled environment and retrieving specific keys. I appreciated the methodical nature of the exam—it’s not just about knowing the tools but understanding the process behind the attacks.
For me, the exam wasn’t too challenging since I had prior experience with the tools and techniques covered. I can see how it might feel overwhelming for someone less familiar with wireless security, but with enough preparation, it’s entirely manageable.
Even though the material was starting to feel outdated—WEP networks are practically nonexistent in real-world environments—it was still a solid certification to take. The course provides a great baseline for anyone new to wireless pentesting, and for those with experience, it’s a good way to validate your skills formally.
While I’m not the biggest fan of OffSec as a company, I respect the reputation their certifications hold. The OSWP is a solid addition to any penetration tester’s toolkit, even if the content could use a refresh to match the modern wireless landscape.
Update for 2024
Looking at things now, Offensive Security has released a new version of the OSWP, and it seems like they’ve made some significant updates. The course is now called "PEN-210: Foundational Wireless Network Attacks" and covers a broader range of modern techniques. I’m somewhat interested in checking it out to see how much has changed and whether it’s worth revisiting. It’s always good to stay current, and I may take another look at this updated version in the near future.