Passing the CWAP


I finally got around to signing up for the test and really going over the study guide. You can see my most of my notes here if you want an idea of the content and if it wasn't implied in the title already, I passed!

While I was able to take a CWNA course through a previous employer that was not the case this time. My study methods were basically reading the book from front to back, reading various blogs (also listed in the top bar), doing packet captures and taking the practice tests. Out of those methods, I feel being able to take packet captures is what will solidify your knowledge for this exam. Luckily I was able to acquire a WLANPi a few years ago before the shortage and discontinuation of the neo2 board. Wlanpros appears to be working on another version (I think I also spied dual radios so maybe we'll get the ability to capture roaming events!) but I haven't seen anything for sale yet. 

For those who don't have the pi you can either purchase software like CommView for Wifi, use a Macbook as they can set their adapters to monitor mode natively or use Kali with a compatible adapter. I highly recommend one of these solutions since they will allow you to practice capturing and analyzing events on your wireless network. 

Also the practice tests I got when I purchased the exam voucher helped me get in the mindset of what kind of questions (and how they would word them) would be on the test. 

The test is split in to 6 categories. Overall I scored 87% on the test and my breakdown is as follows.

Protocol Analysis:                        89%
Spectrum Analysis:                    100%
PHY Layers and Technologies:    83%
MAC Sublayer and Functions:     80%
WLAN Medium Access:            100%
802.11 Frame Exchanges:            80%

Considering the bulk of the test is from MAC Sublayer and Frame Exchanges (55%) sections Im not too surprised about my score. I did go over these chapters repeatedly but there is a lot of details and some very specific questions about certain frame types or elements within the frame. This is also where the ability to do packet captures comes in handy. Without being able to do captures and examine them on my own network I don't think I would have done as well as I did. The official study guide does a good job of going over everything but nothing can replace actually opening up Wireshark and loading in a few PCAPs for further analysis. 

I was slightly annoyed about Protocol Analysis and PHY Technologies sections since I felt like I knew enough to answer any question relating to it but oh well, no one is perfect. 

Spectrum Analysis didn't have too many questions (on my test at least) but I found reading that section interesting and boring at the same time. Understanding how to read the RF space is really cool but without a spectrum analyzer it wasn't nearly as fun as capturing packets. Not a fault of the study guide, just my learning style. 

Medium access also only had a few questions but I feel my success could be directly connected to spending hours finding a way to illustrate and describe how the contention process works for wifi. I even did a small presentation for some of my coworkers for fun. There were some mistakes I realized after, but again, you cant learn if you don't mess up occasionally. 

My biggest suggestion for passing this test is to follow the outline they provide and do some captures. If you cant do any captures there are a number of blogs out there who are posting and going over them.

There are still more posts relating to analysis that I want to do so in time I hope this blog can be of use to others like so many have been to me. 

Study hard and good luck!




Study Materials:



Comments

Post a Comment

Leave a comment...

Popular posts from this blog

Capturing Roaming Events

Image
Finally! I scored a newer laptop to put Kali Linux on along with Windows to do some more wifi shenanigans. Before I was using a WLANPi on my desktop, which limited my mobility of course. Now I can follow devices and get closer to some of my other APs. Yes I know you can also use Pi as a remote capture device but that still didnt help with looking into roaming events. Now its been a few years since Ive used Kali and I was amazed at how polished its become. I think I used Backtrack about a decade ago to try and 'hack' my wifi with a WPA cracking tool. Needless to say that didnt launch my security career but it was quite interesting. There are plenty of tutorials on how to set you capture device in monitor mode so I wont go into that here. If you are curious here is the Airmon-ng website. Please note only certain chipsets are supported in Kali for this. Atheros cards seem to be the defacto standard for monitor mode support but I had a Comfast CF912 and TPLink Archer T9UH adapter ...
Read more

IoT and Smart Home Devices: Part 1

Image
  Source: https://www.sparkfun.com/products/17146                 This is going to be a multi part post going over a little IoT smart plug I picked up on clearance at Walmart. I'll make it clear I'm generally very skeptical about these types of devices so much that I don’t even want my roommates Alexa on the same network as mine. However with these things being so prolific it is best to understand them so we can better protect our networks. Ill start with a little background of the device, how I acquired it, and my research on the brand. I will then do my best to uncover any (hopefully) FCC filings and their documentation. From there we will explore a bit of the theory on how the majority of these cheaper devices connect to our networks. Lastly Ill do my best to capture packets during the join process but we will see how that goes with my limited setup.  I was looking to purchase a new Roku and since Walmart was the closest st...
Read more

Frame Exploration: Authentication Frames

Image
Authentication Frames in 802.11 are not about verifying the identity of clients or forming a secure connection. These frames are used to ensure each radio is actually a valid .11 device that can communicate on the network. It has been described similarly to plugging a network cable into the wall or switch.  Please note this is only valid for networks using WPA or WPA2. WPA3 introduces SAE (Simultaneous Authentication of Equals) and uses a 4 message exchange for authentication. We will be looking at Open System Authentication frames here.  In the above we have the two frame exchange between the client device and the AP. Each message is the essentially the same and contains a Sequence Number and Status Code to tell whether or not authentication was successful.  As with all other frames we can look at the FCF to verify what type of message it is too. And that's all there really is to it. If each radio can authenticate with one another they can proceed to the Association stag...
Read more