PEN-300: Evasion Techniques and Breaching Defenses
Explore the OffSec PEN-300: Advanced Evasion Techniques and Exploits (OSEP)
Take your penetration testing skills to the next level with advanced techniques, preparing you for the prestigious OSEP certification.
Key features & benefits
60+ hands-on labs simulating advanced attack and evasion scenarios
Master stealth techniques to bypass modern security controls and defenses
Gain expertise in advanced exploitation, privilege escalation, and persistence
Built on real-world red teaming and offensive security methodologies
Prepares you for the OSEP certification, a globally respected credential for elite penetration testers
Develop job-ready skills to execute complex, targeted attacks in enterprise environments
Learn to think like advanced threat actors to strengthen organizational defenses
Trusted by top enterprises, governments, and defense sectors worldwide
A career-boosting step for senior penetration testers and red team professionals
Course outline
Module 01
Operating system and programming theory
Operating system and programming theory
Study memory management, process scheduling, file systems, and other essential OS components, gaining a solid foundation for understanding and exploiting vulnerabilities
Module 02
Client-side code execution with office
Client-side code execution with office
Focus on leveraging known vulnerabilities in Microsoft Office applications to craft malicious documents that trigger code execution on a victim’s machine, gaining unauthorized access and control
Module 03
Client-side code execution with Jscript
Client-side code execution with Jscript
Exploit Jscript for code execution attacks, gaining unauthorized access and control of machines in Windows environments
Module 04
Process injection and migration
Process injection and migration
Master the art of stealth and persistence by injecting malicious code into legitimate running processes, migrating between processes to evade detection and maintain control when processes are terminated.
Module 05
Introduction to antivirus evasion
Introduction to antivirus evasion
Create malware that goes undetected with basic techniques like obfuscation and packing to bypass and evade antivirus software/
Module 06
Advanced antivirus evasion
Advanced antivirus evasion
Use advanced methods like signature based and heuristic based evasion to create malware that goes undetected by complex antivirus solutions.
Module 07
Application whitelisting
Application whitelisting
Bypass security measures intended to restrict the execution of unauthorized software
Module 08
Bypassing network filters
Bypassing network filters
Gain access to restricted resources and networks with different techniques for bypassing network filters and firewalls.
Module 09
Linux post exploitation
Linux post exploitation
Navigate file systems, manipulate user accounts, extract sensitive information, and establish persistent backdoors on compromised Linux systems.
Module 10
Windows post exploitation
Windows post exploitation
Navigate file systems, manipulate user accounts, extract sensitive information, and establish persistent backdoors on compromised Windows system.
Module 11
Kiosk breakouts
Kiosk breakouts
Break out of restricted kiosk environments like ATMs or point-of-sale terminals to gain control of their operating systems.
Module 12
Windows credentials
Windows credentials
Use different methods and techniques to extract valuable credentials like passwords and hashes from Windows systems.
Module 13
Windows lateral movement
Windows lateral movement
Exploit trust relationships, leverage vulnerabilities in services and protocols to gain access to systems throughout a compromised Linux network.
Module 14
Microsoft SQL attacks
Microsoft SQL attacks
Attack vulnerabilities in Microsoft SQL Server databases to extract sensitive data, escalate privileges, and gain control over entire systems.
Module 15
Active directory exploitation
Active directory exploitation
Exploit vulnerabilities in Active Directory to compromise domains in Windows networks.
Module 16
Combining the pieces
Combining the pieces
Combine multiple exploits, techniques, and tools to create complex, multi-stage attacks to bypass multiple layers of security.
Module 17
Trying harder
Trying harder
Apply your knowledge and skills in challenging, real-world scenarios with complex network environments, hardened security measures, and realistic attack scenarios.
Our partners & vendors
Ready to grow your cybersecurity team?
Training prerequisites
Core Knowledge
Strong understanding of computer networking concepts, including: IP addressing and subnetting, Routing and switching, TCP/IP stack and key protocols (DNS, HTTP, ICMP, ARP).
Familiarity with common network services and how they function in enterprise environments.
Technical Skills
Proficiency with Linux systems, including: Command-line navigation and scripting basics. Managing file systems, permissions, and processes. Installing and configuring software packages
Solid understanding of Windows environments and administrative tasks.
Experience using common network and troubleshooting tools, such as: nmap, netstat, curl, ping, traceroute, nslookup, telnet, and PowerShell.
Recommended experience
2–3 years of professional experience in IT, networking, penetration testing, or system administration.
Completion of PEN-200: Penetration Testing with Kali Linux (PWK) or equivalent experience.
Prior hands-on experience with penetration testing tools, scripting, and exploit development.
Training & register details
TRAINING OVERVIEW
PEN-300: Evasion Techniques and Breaching Defenses
Equip your team with advanced evasion and exploitation skills through PEN-300, preparing for the prestigious OSEP certification.
Training Duration: 710h of content
Format: Online
Level: Expert
Language: English
Exam: online
HOW TO REGISTER
1. Submit your application
Fill out a quick application to show your interest in the PEN-300: Advanced Evasion Techniques and Exploits course.
2. Intro Call
We’ll schedule a brief call to discuss your background, advanced skills, and career goals.
3. Confirm Your Spot
Once accepted, complete your enrolment and receive the license code.
4. Start Learning
Access the PEN-300 learning platform, dive into advanced labs, and master evasion and exploitation techniques.
5. Join the Community
Connect with elite professionals and mentors through exclusive chats, events, and networking opportunities.
Who is OSEP for?
Penetration testers & professionals
Take your skills to the next level with advanced evasion and exploitation techniques. Earn the OSEP certification and stand out as an elite security professional.
Teams & Businesses
Train your teams to bypass modern defenses and execute advanced attack simulations, strengthening your organization’s resilience.
Government & Defense
Trusted by agencies worldwide to develop experts capable of tackling the most sophisticated cyber threats.
Educators
Enhance your curriculum with advanced, lab-driven training content to prepare students for real-world offensive security challenges.
FAQ
What is the OSEP certification?
The OffSec Experienced Penetration Tester (OSEP) certification is an advanced credential that validates your ability to evade modern security defenses, exploit complex environments, and perform advanced red team operations in real-world scenarios.
Who should take the OSEP course?
The OSEP is designed for:
- Experienced penetration testers and red team members
- Security professionals aiming to master evasion techniques and advanced exploitation
- Teams performing adversary simulation or threat emulation
- Security engineers looking to strengthen defensive capabilities by understanding advanced offensive tactics
What skills will I gain from the PEN-300 course?
You will learn to:
- Bypass endpoint protection tools like antivirus and EDR solutions
- Perform advanced privilege escalation and lateral movement
- Exploit Active Directory and complex enterprise environments
- Develop custom payloads and attack vectors to avoid detection
- Conduct stealthy and persistent red team engagements
What are the prerequisites for the OSEP certification?
Before attempting OSEP, you should have:
- Solid penetration testing experience (recommended OSCP certification first)
- Proficiency in scripting or programming languages like PowerShell or Python
- Familiarity with Windows environments, Active Directory, and security tools
- Knowledge of networking, privilege escalation, and post-exploitation tactics
How is the OSEP exam structured?
The OSEP exam is a 48-hour practical assessment simulating a complex corporate environment. Candidates must evade security defenses, gain control of systems, and submit a detailed penetration test report documenting their methodology and findings.