Building on the skills acquired in PEN-200, OffSec’s PEN-300 course explores advanced penetration testing techniques against hardened targets. Learners gain hands-on experience bypassing security defenses and crafting custom exploits in real-world scenarios, enhancing their expertise in ethical hacking and vulnerability assessment.
Topics covered in the PEN-300 course
Operating System and Programming Theory
This comprehensive module provides a deep understanding of the inner workings of operating systems and fundamental programming concepts. You’ll study memory management, process scheduling, file systems, and other essential OS components, gaining a solid foundation for understanding and exploiting vulnerabilities.
Client-Side Code Execution with Office
This module focuses on leveraging known vulnerabilities in Microsoft Office applications (Word, Excel, PowerPoint) to craft malicious documents that trigger code execution on a victim’s machine, gaining unauthorized access and control.
Client-Side Code Execution with Jscript
Learn how to exploit Jscript, a scripting language used in Windows environments, for code execution attacks, gaining unauthorized access and control on a victim’s machine.
Process Injection and Migration
In this module, you’ll master the art of stealth and persistence by injecting your malicious code into legitimate running processes. You’ll also learn how to migrate between processes to evade detection and maintain control even if one process is terminated.
Introduction to Antivirus Evasion
This module introduces basic techniques to bypass or evade antivirus software, such as obfuscation and packing, allowing you to create malware that goes undetected.
Advanced Antivirus Evasion
Learn more sophisticated methods like signature-based and heuristic-based evasion, enabling you to create malware that goes undetected by even the most sophisticated antivirus solutions.
Application Whitelisting
Learn how to circumvent application whitelisting, a security measure that restricts the execution of unauthorized software.
Bypassing Network Filters
Discover various advanced techniques to bypass network filters and firewalls, gaining access to restricted resources and networks.
Linux Post-Exploitation
This module covers a wide range of techniques for maintaining access and escalating privileges on compromised Linux systems. You’ll learn how to navigate file systems, manipulate user accounts, extract sensitive information, and establish persistent backdoors for future access.
Windows Post-Exploitation
Learn various advanced techniques for maintaining access and escalating privileges on compromised Windows systems, including navigating file systems, manipulating user accounts, extracting sensitive information, and establishing persistent backdoors.
The PEN-300 course is ideal for experienced penetration testers and security professionals seeking to master advanced penetration testing methodologies, ultimately earning the OSEP certification. While completion of PEN-200 (Penetration Testing with Kali Linux) is not a formal prerequisite, it is highly recommended due to the advanced nature of PEN-300.
Benefits of the PEN-300 Course
Advanced Techniques
Go beyond the fundamentals and develop specialized skills to uncover and exploit complex vulnerabilities in modern networks and systems.
Hands-on Experience
Learn from experienced professionals through realistic lab environments and challenging exercises designed to simulate real-world attack scenarios.
Expand your Knowledge
Dive deep into client-side code execution, privilege escalation, post-exploitation techniques, and more. Learn how to navigate complex network environments, compromise systems, and extract sensitive data.
Active Directory attacks and lateral movement
Understand how to exploit vulnerabilities in Active Directory and move laterally within a network to gain access to critical systems and data, increasing your value as an advanced penetration tester.
Certificate
The course ends with an exam, the successful completion of which results in the awarding of the OffSec Experienced Penetration Tester (OSEP) certificate.
Exam
- PEN-300 course and online labs will prepare you for OSEP certification - The exam lasts 47 hours 45 minutes - The exam is supervised
While there are no formal certification requirements, a solid understanding of operating systems, networking, and scripting (e.g. Python, Bash) is highly recommended.
Additionally, familiarity with the concepts and techniques covered in the PEN-200 (Penetration Testing with Kali Linux) course is highly recommended for success in this course.
All prices are given in USD (US dollars) net. We also allow payment in PLN (zloty) - in this case the final amount to be paid will be converted at the current NBP exchange rate on the day of the decision to purchase the product. 23% VAT should be added to the prices.
If the training and course are financed from public funds (applies to public sector entities), please contact us to agree on the price.
Note: A separate subscription is required for each course participant. Sharing a subscription between different individuals/companies is a violation of the Offensive Security course policy and may result in immediate termination of the course agreement.
Course + Cert Exam
1 749$
PEN-300 course + 90 days of access to the laboratory + 1 attempt at the OSEP exam.
Learn One
2 749$
PEN-300 Course (2 attempts at the exam) + Level 100 Courses + 365 days of lab access + PEN-103 Kali Linux Certified Professional (KLCP) Course (1 attempt at the exam) + PEN-210 Course (1 attempt at the exam) + Providing Grounds Practice Labs
Learn Unlimited
6 099$
All courses (unlimited exam attempts) + 365 days of access to labs + Providing Grounds Practice Labs.
Exam
249$
Re-attempt of the OSEP exam.
Access
359$
Extension of access to the laboratory by another 30 days.
Order course or subscription
Are you interested in purchasing a course or subscription?
Do you have any questions?
Write to us through the contact form.
Do you want to maintain confidentiality?
Download our PGP/GPG key under the icon below and send an encrypted message to [email protected].
Cybersecurity and data protection. Penetration, social engineering and performance tests. Security audits and trainings. Authorized OffSec partner in Poland.
EN 
PL