So, I've been playing with wireless networks for a few years now, as have most people.
However I think that our definitions of playing may vary somewhat, my idea of playing, is setting up a wireless network, and breaking into it. Yeah I'm a geek, but hey, I can't help it if I get excited about high powered wireless cards, or directional antenna's.
So it should come as no suprise to those who know me, that something like Offensive Security's Backtrack WiFu course would grab my attention, and that it did. Granted it may have taken me a while to get around to actually doing the OSWP challenge, what can I say, life gets in the way sometimes.
I'm kind of at a loss for words on where to start on this one to be honest, yes I know that I wrote an article on this one for SecuriTeam blogs, but this one is a bit more personal. For starters I would say that this should be a pre-requisite course for anyone learning wireless network penetration testing, and anyone involved in networking and planning on deploying a wireless network in the near future. If I had my way, I'd even pay for my my friends to do this course and take the challenge, it really is that good! I know a lot of people that work in the IT industry, and well going round their houses, and seeing that they're running a wireless network named "Netgear", and encrypted with WEP drives me nuts!
The course is amazing value for $350, which in the UK currently equates to £243, which for a training course of this stature is well worth the money. To be honest, it's worth a lot more. Damn, all TJ Maxx networking and security staff should be forced to pass the challenge for this one!
So what's the course cover then?
It starts off with the terms and concepts of wireless networking, which is not the easiest to get through, but this is the stuff that you need to know if you want to be any good at wireless security and at deploying wireless networks. Trust me, getting through this section of the material may be tough, but it's a hell of a lot easier that reading RFC's. To anyone taking the course, make sure that you understand the concepts thoroughly before you move on.
You then dive into what I like to refer to as the "fun stuff", the Aircrack-ng suite of tools, and how you can use these to crack WEP and WPA, replay packets onto the network, deauthenticate clients, and so on. Other extremely useful tools are also covered in the course, so bear in mind that this is a wireless security course and not just an Aircrack-ng course.
I read through the help files and man pages for the Aircrack-ng suite, and I was able to use them to get the job done before I took this course, now I feel that I have truly mastered them.
The courseware is presented in an easy to understand format, you get a PDF and video training, and they compliment each other perfectly. There is always someone available for help should you need it in the #offsec channel on the Freenode servers, so you have all the support you could ask for, even that of past and present students.
The challenge itself is way too much fun, even though you feel the exam type of pressure, you still end up loving it. Challenge is the correct word for it though, and I would recommend that you purchase the recommended hardware and practice until you can do all that you've learned in you sleep.
If you want to learn about securing and cracking wireless networks, this is THE course!
I'm looking forward to taking the next step in Offensive Security training, which is the CTP course, as if the last two have been anything to go by, it's going to be damn tough, and I'm going to love every minute of it!
To the guys at Offensive Security, thank you, and to Muts, thank you (you know what for)
Later world, time for sleep.