OSEP OffSec Experienced Pen’Tester - Advanced Evasion Techniques & Breaching Defenses (PEN-300)
Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. Learners who complete the course and pass the exam will earn the OffSec Experienced Pentester (OSEP) certification.
This course builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching learners to perform advanced penetration tests against mature organizations with an established security function and focuses on bypassing security mechanisms that are designed to block attacks.
The OSEP is one of three certifications making up the OSCE3 certification along with the OSWE for advanced web attacks and OSED for exploit development.
Take penetration testing skills to new heights with Evasion Techniques and Breaching Defenses (PEN-300) from Offensive Security. We set a strong foundation with our industry-leading Penetration Testing with Kali Linux (PWK) course, and are bringing students to the next level with this advanced pen-testing training course.
PEN-300 teaches the skills necessary to bypass many different types of defenses while performing advanced attacks that avoid detection. Students who complete the course and pass the exam earn the Offensive Security Experienced Penetration Tester (OSEP) certification, demonstrating their ability to perform advanced penetration tests against mature organizations.
- Preparation for more advanced Penetration Testing field work Knowledge of breaching network perimeter defenses through client-side attacks, evading antivirus and allow-listing technologies
- How to customize advanced attacks and chain them together
Agenda / Topics to be Covered
This course is the next step for penetration testers who have completed the OSCP. The course covers the following topics. View the full syllabus: https://www.offsec.com/documentation/PEN300-Syllabus.pdf
- Operating System and Programming Theory
- Client Side Code Execution With Office
- Client Side Code Execution With Jscript
- Process Injection and Migration
- Introduction to Antivirus Evasion
- Advanced Antivirus Evasion
- Application Whitelisting
- Bypassing Network Filters
- Linux Post-Exploitation
- Kiosk Breakouts
- Windows Credentials
- Windows Lateral Movement
- Linux Lateral Movement
- Microsoft SQL Attacks
- Active Directory Exploitation
- Combining the Pieces
- Trying Harder: The Labs
Target audience / Who should take this course
- PEN-300 is an advanced course designed for OSCP-level penetration testers who want to develop their skills against hardened systems
- Job roles like senior penetration tester, security researcher, application penetration tester, and any software developer working on security products could benefit from the course
Student requirements [knowledge pre-requisites]:
- Solid ability in enumerating targets to identify vulnerabilities
- The ability to identify and exploit vulnerabilities like SQL injection, file inclusion, and local privilege escalation
- A foundational understanding of Active Directory and knowledge of basic AD attacks
What students should bring with them to the class:
What students will be provided with onsite:
- Wi-Fi Internet
About the Exam
- The PEN-300 course and online lab prepare you for the OSEP certification
- 48-hour exam