PEN-300: Advanced Evasion Techniques and Breaching Defenses
Building on the skills acquired in PEN-200, OffSec’s PEN-300 course explores advanced penetration testing techniques against hardened targets. Learners gain hands-on experience bypassing security defenses and crafting custom exploits in real-world scenarios, enhancing their expertise in ethical hacking and vulnerability assessment.
This self-paced course culminates in a challenging exam, leading to the OffSec Experienced Penetration Tester (OSEP) certification. Achieving the OSEP certification distinguishes professionals with advanced penetration testing skills, making them highly sought-after experts in securing organizations from sophisticated threats.
Advance your penetration testing skills
Topics covered in the Advanced Evasion Techniques and Breaching Defenses course (PEN-300)
-
Operating System and Programming Theory
This comprehensive module provides a deep understanding of the inner workings of operating systems and fundamental programming concepts. You’ll study memory management, process scheduling, file systems, and other essential OS components, gaining a solid foundation for understanding and exploiting vulnerabilities.
-
Client-Side Code Execution with Office
This module focuses on leveraging known vulnerabilities in Microsoft Office applications (Word, Excel, PowerPoint) to craft malicious documents that trigger code execution on a victim’s machine, gaining unauthorized access and control.
-
Client-Side Code Execution with Jscript
Learn how to exploit Jscript, a scripting language used in Windows environments, for code execution attacks, gaining unauthorized access and control on a victim’s machine.
-
Process Injection and Migration
In this module, you’ll master the art of stealth and persistence by injecting your malicious code into legitimate running processes. You’ll also learn how to migrate between processes to evade detection and maintain control even if one process is terminated.
-
Introduction to Antivirus Evasion
This module introduces basic techniques to bypass or evade antivirus software, such as obfuscation and packing, allowing you to create malware that goes undetected.
-
Advanced Antivirus Evasion
Learn more sophisticated methods like signature-based and heuristic-based evasion, enabling you to create malware that goes undetected by even the most sophisticated antivirus solutions.
-
Application Whitelisting
Learn how to circumvent application whitelisting, a security measure that restricts the execution of unauthorized software.
-
Bypassing Network Filters
Discover various advanced techniques to bypass network filters and firewalls, gaining access to restricted resources and networks.
-
Linux Post-Exploitation
This module covers a wide range of techniques for maintaining access and escalating privileges on compromised Linux systems. You’ll learn how to navigate file systems, manipulate user accounts, extract sensitive information, and establish persistent backdoors for future access.
-
Windows Post-Exploitation
Learn various advanced techniques for maintaining access and escalating privileges on compromised Windows systems, including navigating file systems, manipulating user accounts, extracting sensitive information, and establishing persistent backdoors.
How to enroll
More information
# of Courses
1
Days of lab access
90
# of Exam attempts included
1
20% off for a limited time
More information
# of Courses
1
1
All
Days of lab access
90
365
365
# of Exam attempts included
1
Fundamental content
N/A
PEN-103 & KLCP Exam
N/A
Included
Included
PEN-210 & OWSP Exam
N/A
Included
Included
N/A
Included
Included
What our community is saying
Andrea I.
My favorite Offensive Security course, applicable to current environments, and this time going beyond execution of existing tools to actually developing them! Besides the well explained topics and top notch Active Directory and evasion content, this course is a treasure trove for offensive C# development and getting started with Win32 APIs.
Nullg0re
I thoroughly enjoyed this course. Not only did I improve my own skills, but I had a lot of fun doing it. I can take the skills taught in this course and immediately apply it to my day job....This course [PEN-300] does a very impressive and consistent job of starting with theory and then diving into practical application of that theory. Every single chapter follows the theme of “Let’s hit you with the theory, then let’s play around a bit in real-time."
Randy Becker
This course not only provided me with valuable knowledge but also encouraged me to explore more advanced techniques that can be applied to my job on a day-to-day basis. I’ve been able to utilize what I learned in the course to develop innovative approaches, especially in dealing with the most advanced EDR/XDR/MDR solutions available today.
Supercharge your cybersecurity career with the OSEP
Become an in-demand cybersecurity professional
-
Master advanced penetration testing techniques
Go beyond the fundamentals and develop specialized skills to uncover and exploit complex vulnerabilities in modern networks and systems.
-
Gain hands-on experience in real-world scenarios
Learn from experienced professionals through realistic lab environments and challenging exercises designed to simulate real-world attack scenarios.
-
Explore advanced attack vectors and methodologies
Dive deep into client-side code execution, privilege escalation, post-exploitation techniques, and more.
-
Develop expertise in network exploitation and data exfiltration
Learn how to navigate complex network environments, compromise systems, and extract sensitive data.
-
Master Active Directory attacks and lateral movement
Understand how to exploit vulnerabilities in Active Directory and move laterally within a network to gain access to critical systems and data, increasing your value as an advanced penetration tester.
-
Harden your skills against modern security defenses
Learn how to bypass and evade cutting-edge security measures to successfully penetrate even the most hardened targets.
Open doors to exciting cybersecurity roles
-
Senior Penetration Tester
Lead penetration testing teams, design and execute comprehensive security assessments, and guide remediation efforts to strengthen an organization’s overall security posture.
-
Red Team Operator
Emulate real-world adversaries by conducting advanced penetration tests, identifying vulnerabilities, and providing actionable recommendations to improve an organization’s defenses.
-
Security Consultant
Leverage your expertise to help organizations assess their security risks, develop and implement effective security strategies, and ensure compliance with industry standards and regulations.
-
Vulnerability Researcher
Discover and analyze new vulnerabilities in software and systems, contribute to the security community by sharing your findings, and help develop patches and mitigations to protect against emerging cyber threats.
-
Security Engineer
Design, implement, and maintain security solutions for networks, systems, and applications. Ensure that security is integrated into the development lifecycle and that systems are protected from evolving cyber threats.
-
Security Architect
Design and implement secure architectures for complex systems, ensuring that security is a fundamental consideration from the start. Develop security policies, procedures, and standards to protect an organization’s assets.
FAQ
-
What is the OSEP exam?
The OffSec Experienced Penetration Tester (OSEP) exam is a challenging, proctored 48-hour assessment designed to evaluate your advanced penetration testing skills in a real-world environment. You’ll demonstrate your ability to identify, exploit, and report on vulnerabilities, culminating in the development of custom exploits.
-
What format is the OSEP exam in?
The OSEP exam is entirely hands-on. You will be given access to a target network and tasked with compromising it using various techniques, showcasing your practical penetration testing abilities.
-
Who is the PEN-300 course for?
The PEN-300 course is ideal for experienced penetration testers and security professionals seeking to master advanced penetration testing methodologies, ultimately earning the OSEP certification. While completion of PEN-200 (Penetration Testing with Kali Linux) is not a formal prerequisite, it is highly recommended due to the advanced nature of PEN-300.
-
What are the prerequisites for PEN-300?
While there are no formal certification prerequisites, a strong understanding of operating systems, networking, and scripting (e.g., Python, Bash) is highly recommended. Additionally, familiarity with the concepts and techniques covered in PEN-200 (Penetration Testing with Kali Linux) is highly recommended for success in this course.
-
What competencies will I gain?
Upon completing PEN-300 and successfully passing the OSEP exam, you’ll have mastered advanced penetration testing skills, including:
- In-depth vulnerability analysis and exploitation
- Custom exploit development
- Bypassing modern security defenses
- Exploiting authentication and authorization flaws
- Attacking Active Directory and cloud environments
- Post-exploitation techniques for maintaining access and escalating privileges
-
How does OffSec support my online journey?
Throughout the online training course, you’ll have access to:
- A virtual lab environment for hands-on practice
- Extensive course information and materials, including videos and exercises
- A vibrant online community of students and OffSec professionals
-
What is the exam retake policy?
For details on exam retakes, please refer to OffSec’s official policies.
-
Can I extend my lab time?
For information on lab extensions, please refer to OffSec’s official policies.
OffSec Penetration Testing Courses & Certifications
Advance your cybersecurity career with OffSec
-
Begin your wireless security journey
Establish a strong foundation with the Network Penetration Testing Essentials Learning Path, and then move to PEN-200: Penetration Testing with Kali Linux to build a strong foundation. Become an expert with PEN-300: Advanced Evasion Techniques and Breaching Defenses.
-
Become an expert penetration tester
Advance your offensive cybersecurity skills with the PEN-300 course. Master ethical hacking techniques to identify and mitigate vulnerabilities in complex systems and networks.
-
Enhance your offensive security expertise
OffSec’s Learning Paths and courses help you develop your offensive skill set. Explore advanced penetration testing, red teaming, and offensive cloud security to become a well-rounded cybersecurity professional.
-
Become a red team specialist
Specialize in advanced penetration testing by exploring additional courses and Learning Paths that focus on red teaming tactics, adversary simulation, and offensive security tools.
Start learning with OffSec
popular
Course + Cert
Exam Bundle
$1,649/once
The bundle includes 90 days of access to a single course, the associated labs and a single exam attempt.
Learn
One
$2,599/year*
$2,079/year*
One year of lab access alongside a single course plus two exam attempts.
access
Learn
Unlimited
$5,799/year*
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
Learn
Enterprise
Get a quote
Flexible terms and volume discounts available.
New to cybersecurity want to get educated on fundamental content before signing up?
Check out Cyberversity - our free resource library covering essential cybersecurity topics.
Learn more