Organizational Systems Wireless Auditor®

Wireless Auditing & Pentesting Certification

Course Overview:
The Organizational Systems Wireless Auditor® is an international practical
technical wireless security auditing certification designed by experienced IT-
security practitioners for those who want to learn more about the various ways
to professionally perform a wireless security audit or penetration test, with the
aim of identifying weaknesses in wireless deployments. With many
organizations using wireless technologies and many countries announcing
wireless internet access initiatives, attending the Organizational Systems
Wireless Auditor® will give you a solid grounding in how to audit the security of
wireless networks and clients.

The Organizational Systems Wireless Auditor® focuses primarily on providing attendees with the technical knowledge, methodology
and skills to execute a wireless audit/penetration test. The Organizational Systems Wireless Auditor® is designed by wireless-security
professionals from the ground up to teach wireless penetration-testing and security from the starting point of understanding the
fundamentals of Radio Frequency (RF) and RF Spectrum Analysis, through to understanding the IEEE 802.11 specification and how
to analyze information contained in 802.11 packet dumps before arriving at 802.11-based security concerns such as how to penetrate
wireless LANs and going on to advanced methods of auditing wireless networks by targeting wireless clients, as well as how to build
your own wireless hardware to augment your wireless auditing capabilities. In addition, it covers practical security issues affecting
other wireless technologies such as Bluetooth and RFID.

This instructor-led, intensely practical, hands-on programme teaches a vendor-neutral approach to practical security testing of
wireless networks and provides attendees with the correct balance of skill and ethics based on security best practices. By equipping
attendees with the correct technical skillsets, as well as an understanding of legal issues involved in testing a wireless network, the
Organizational Systems Wireless Auditor® will enhance the capability of professional security testers and provide attendees with the
proper methodology, skills and tools to conduct consistent and comprehensive wireless security tests. Attendees will also learn how
to hunt down and geographically locate wireless hackers and moochers on the fly and in real time using the MoocherHunter™ tool,
which has been used by law enforcement to hunt down wireless users and which is only authorized to be taught in the Organizational
Systems Wireless Auditor® certification course.

Attendees will also receive a custom-printed CDROM version of the widely-used OSWA-Assistant™ wireless auditing software toolkit
with on-board software for auditing 802.11-, Bluetooth- and RFID-based networks, to enhance their wireless penetration-testing
activities.

While the programme syllabus should be used to determine if this programme is appropriate for the attendee based on their current
skills and requirements, all attendees will come away with the following:

• A solid understanding about Radio Frequency (RF) fundamentals and its impact on upper-layer protocols..
• The ability to isolate and analyze wireless networks from Layer 1 to Layer 3.
• The knowledge of what preparations have to be made prior to conducting a wireless security audit.
• Comprehensive technical understanding of how to practically execute a wireless security audit.
• Comprehensive technical understanding and ability to isolate and track down unauthorized wireless users.
• How to audit wireless networks using a variety of tools, including "Build-It-Yourself" hardware.
• The ability to recommend countermeasures based on wireless audit results.
• The legal implications of wireless security auditing.

With its wide variety of practical classroom labwork and a practical certification exam, the Organizational Systems Wireless
Auditor® wireless auditing and penetration-testing certification programme is an ideal complement to the Open-Source Wireless
Integration Security Professional™ secure wireless deployment and administration training programme.

Technical Pre-Requisites: Who Will Benefit From This Programme :

• Required to have good understanding of how networking protocols and • IT-Security Penetration-Testers and/or Technical
standards such as TCP/IP, 802.3, HTTP, etc, work. Auditors
• Required to have existing understanding of standard IT-security • IT-Security Practitioners and/or Technical Professionals
principles and concepts such as CIA, defence-in-depth, etc. • IT-Security Consultants
• Required to have strong interest in wireless networking security. • IT Network Designers
• IT Network Administrators
• Attendees should preferably be in technical and/or practitioner
roles/positions/jobs. • IT Network Engineers
• and anyone who needs or wants to learn how to conduct
• Attendees should preferably have already attended the Organizational
a technical vendor-neutral penetration-test / audit
Systems Security Analyst™ course or obtained the Organizational
against wireless networks and technologies.
Systems Security Analyst™ certification.

Page 1 of 2
The Organizational Systems Wireless Auditor and its logo are registered trademarks of THINKSECURE PTE LTD in Singapore and trademarks of THINKSECURE PTE LTD in certain other countries.
Course Outline:
Practical coursework is interspersed throughout the course and the Part 5: Wireless Security Testing - Client
following is a brief course module outline: Sun Tzu's Guiding Principle
Auditing the Wireless Client
Part 1: Why Audit Wireless Networks?
Discovering Wireless Clients
Sun Tzu's Guiding Principle Client Probing
The Need for Wireless Auditing Probemapper™
The Law of the Land Mass Client Profiling
Legal & Best Practice compliance Targeted Client Profiling
Introducing the 5E Attacker Methodology™ Client Targeting
5E: Exploration The WCCD Vulnerability
5E: Enumeration Workbook Lab Exercises
5E: Exploitation
5E: Embedding
Part 6: Testing with a Twist
5E: Egress
Sun Tzu's Guiding Principle
Ph00ling
Part 2: Radio Frequency (RF) Fundamentals
Why is Ph00ling possible?
Sun Tzu's Guiding Principle Ph00ling Technique
The Concept of RF Long Range Auditing
Wavelength Build Your Own Hardware: Cantennas
Resonance Cantenna: Components
Calculating Frequency Wavelengths Cantenna: Assembly
Gain Cantenna: Optimization
Power and Distance Cantenna: Benchmark Performance & Range Testing
Attenuation Build Your Own Hardware: WNIC Jacks
Diffraction WNIC Jack Construction & Assembly
Interference
RF Spectrum Analysis
Part 7: MoocherHunting
Understanding the Wireless Footprint : ThinkSECURE Pte
Sun Tzu's Guiding Principle
Ltd's MAX-SOIL & SR-SOIL Concepts
MoocherHunter™: Real Time Geo-Location of Wireless
Workbook Lab Exercises
Hackers & Moochers
MoocherHunter™: Preparation
Part 3: Wireless Networking Protocols, Equipment & Security
MoocherHunter™: Technique & Execution
Issues Workbook Lab Exercises
Sun Tzu's Guiding Principle
Wireless Networking Standards Part 8: Concluding The Audit
Bluetooth Unexpected Results
Bluetooth: Attacks Reporting
Bluetooth: Threats to Companies and Individuals Practical Recommendations
Bluetooth: Defences
RFID
RFID: History
RFID: Privacy Issues Methodologies & Tools:
RFID: Architecture The following are just some of the methodologies & tools
RFID: Tag Characteristics
RFID: Use Categories & Legislation covered in the Organizational Systems Wireless Auditor®
RFID: Information Theft & Enumeration certification course:
RFID: Deployer Security Measures  The 5E Attacker Methodology™
RFID: Carrier Security Measures  MAX-SOIL / SR-SOIL
802.11: Wireless Equipment
 OSWA-Assistant™ Wireless Auditing Software Toolkit
802.11: Wireless Chipsets
802.11: Selecting Wireless Chipsets  Wireshark
802.11: Master, Monitor & Frame-Injection  Kismet
802.11 Accessories: Antennae  Aircrack-ng / Aircrack-ptw
802.11 Accessories: Detection Tools  Airodump-ng
802.11 Frame Architecture  Aireplay-ng
802.11 Frame Analysis  Packetforge-ng
Locking Down the Auditing Station  CoWPAtty
Wireless Penetration-Testing Tool Selection  Probemapper™
The OSWA™-Assistant Auditing Toolkit  MDK3
Workbook Lab Exercises  MoocherHunter™
 RF Spectrum Analyzer
Part 4: Wireless Security Testing - Infrastructure  WiFi Finder
Sun Tzu's Guiding Principle
 Digital Hotspotter
Wireless Sniffing
Understanding 802.11i : WEP, WPA-PSK & WPA/WPA2  Yagi, Parabolics & Cantennas
WEP Analysis  Rfdump
Auditing WEP  Bluetooth hacking tools
WPA, WPA-PSK, WPA2 & WPA2-PSK Analysis ...and much more!
The 4-Way Handshake
WPA Authentication Schema
Auditing WPA-PSK & WPA2-PSK For more details regarding the availability, schedule
Auditing WPA & WPA2 and pricing for your country, please visit :
802.11-based Denial of Service http://oswa.securitystartshere.org
Workbook Lab Exercises

Page 2 of 2
The Organizational Systems Wireless Auditor and its logo are registered trademarks of THINKSECURE PTE LTD in Singapore and trademarks of THINKSECURE PTE LTD in certain other countries.