Kirkian Computing

Month: June 2020

  • Offensive Security Wireless Professional (OSWP)

    In April 2019, I took the Offensive Security Wireless Attacks (WiFu) course and the OSWP exam. (Along with PenTest+ and Microsoft 365 Fundamentials, this was my third exam in a month!)
    NB This course was later rebranded as PEN-210, but this blog post refers to the older course.

    In brief, I enjoyed this. I thought the content was interesting, and the exam was actually fun (similar to an escape room). However, the course material was written in 2014 and it could do with an overhaul; Offensive Security updated the OSCP in Feb 2020, so hopefully they will do the same for the OSWP at some point.

    In particular, the course objectives include these:

    • The student will learn to implement attacks against WEP encrypted networks.
    • The student will learn to implement attacks against WPA encrypted networks.
    • The student will learn alternate WEP and WPA cracking techniques.

    So, is this course/certification still relevant? How many people are actually using WEP/WPA rather than WPA2 (or open networks that don’t need cracking)? WiGLE (Wireless Geographic Logging Engine) has some stats on this. Here’s a snapshot from 2020-06-07:

    In particular:

    • 5.26% on WEP
    • 5.01% on WPA

    So, that’s about 10% of wireless networks. Based on that, I can see the skills being useful. However, when I scanned my local (residential) neighbourhood, I couldn’t find any WEP/WPA networks. Any new router from an ISP should come pre-configured with WPA2, and it’s been that way for several years now. I also wonder how up to date those stats are, i.e. whether the WEP networks still exist.

    The good news (as a pen tester) is that the same attacks will work on WPA-PSK and WPA2-PSK. According to WiGLE’s stats, 67.5% of networks use WPA2, although unfortunately they don’t show a breakdown of Personal vs. Enterprise. If you’re using WPA2-Enterprise (802.1X authentication) then you’re safe against these attacks. However, in my anecdotal experience there are a lot of WPA2-PSK networks out there.

    So, that’s a roundabout way of saying that yes, this exam is still relevant.

    If you run a wireless network (at home or at work), how worried should you be? Before I did this course, I’d already heard that WEP is essentially worthless; now that I’ve experienced this from the attacker’s perspective, I can confirm that’s true. WPA2-PSK can be cracked, but it relies on a dictionary attack; if you’ve got a random passphrase then you’re pretty safe, e.g.
    ~*TJ8H|^u@<)Fk05Uq}t;5?N\v(bv<4s-nT`H””yA$(ha.bEP”+jEg)”&y({Fr

    (more…)

  • Microsoft 365 Fundamentals (MS-900)

    In April 2019, I took the Microsoft 365 Fundamentals (MS-900) exam.

    Microsoft offer free training; they say that this will take 4 hours 11 minutes, although you might find that you need to repeat some of the videos if you didn’t fully understand it the first time through (e.g. if you got distracted). It would also be useful to supplement this training with hands-on experience; if you don’t have access to Microsoft 365 already, you can get a single user subscription to Exchange Online (plan 1) for £3/month (+VAT), which won’t break the bank.

    You might also find these blog posts useful:

    The actual exam costs £69 (+VAT) which is definitely at the cheaper end of the spectrum, and I took it from home via online proctoring. According to the FAQ, the actual exam lasts 60 minutes, but the total “seat time” is 90 minutes (allowing for time to read the NDA etc). Unusually, they don’t specify how many questions there will be:
    The number of questions on an exam is subject to change as we update it over time to keep current changes in the technology and job role. Most Microsoft Certification exams contain between 40-60 questions; however, the number can vary depending on the exam.
    My exam had 36 questions, and some of those had multiple parts (e.g. a list of statements where you had to mark each statement as true or false). However, the content has changed since then (most recently on 2020-04-14), so your experience might be different. As another example, @Microsoft365Pro said:
    “I passed this exam on 31/01/2019 the day of the release. I had 63 questions in this particular paper.”
    Either “63” is a typo for “36” or we had significantly different exams! The whole thing took me about an hour; I wasn’t pushed for time, but I didn’t have loads of time left over, so I think they got it about right.

    (more…)