October 2024 Content & Platform Update

We have had another busy month here at OffSec! Let’s dig in. 

Two days ago we released a new course and certification in cybersecurity defense: IR-200: Foundational Incident Response and OffSec Certified Incident Responder (OSIR).

Designed to equip professionals with essential, hands-on techniques, IR-200 covers the full incident response lifecycle—from detection to recovery—ensuring you’re ready to tackle real-world cyber threats. This 50-hour course, paired with the OSIR certification, combines practical labs and real-world scenarios to build confidence in managing and mitigating incidents.

Key highlights of IR-200: Foundational Incident Response:

• Hands-on training: Tackle real-world incident response scenarios, learning to detect threats, analyze digital evidence, and respond in high-stakes situations.
• Full incident response lifecycle: Cover everything from detection and analysis to containment, eradication, and recovery.
• Communication under pressure: Develop the ability to communicate clearly during incidents, ensuring swift, coordinated responses to minimize damage.
• OSIR certification: After passing the intensive 8-hour exam, validate your ability to respond to real-time cyber threats and bolster your organization’s defenses.

Who Benefits?

• Incident Responders & IT Pros: Gain vital skills for threat detection and containment.
• Security Managers: Strengthen team capabilities in rapid incident response.

Enroll now in IR-200 through Learn One, Course & Certification Exam Bundle, Learn Unlimited, or Learn Enterprise, and start building critical incident response expertise today.

We’re excited to announce updates to PEN-200: Penetration Testing with Kali Linux, adding a new learning module and a fresh machine to enhance your training experience. These updates are designed to deepen your understanding of key concepts and offer hands-on practice in realistic scenarios.

Attacking AWS Cloud Infrastructure
Duration: 120 minutes
Job Role: Network Penetration Tester: Understand and exploit common AWS CI/CD vulnerabilities like leaked secrets and dependency abuse, enabling you to assess cloud security and identify potential attack vectors.

Challenge Lab 8 – Poseidon

We’re also excited to introduce new updates to PEN-300: Advanced Evasion Techniques and Breaching Defenses. We’ve introduced two additional learning modules:

Phishing with Microsoft Office
Duration: 120 minutes
Job Role: Network Penetration Tester: Learn how to leverage malicious macros against modern Office environments, equipping you to assess and identify phishing vulnerabilities in real-world scenarios.

Reflective PowerShell
Duration: 120 minutes
Job Role: Network Penetration Tester: Develop stealthier PowerShell techniques using reflection to bypass traditional defenses, enhancing your approach to penetration testing in Windows environments.

To support learners in building a strong cybersecurity foundation, we have expanded the OffSec Learning Library with fundamental-level content:

LLM Sensitive Information Disclosure
Duration: 60mins
Job Role: Network Penetration Tester: Gain insight into identifying and mitigating risks related to sensitive information disclosure in LLMs, staying ahead of emerging attack vectors.

Secure Coding Principles with Java
Duration: 90mins
Job Roles: Software Developer: Improve your ability to prevent common vulnerabilities like IDOR by applying secure coding practices in Java, ensuring your applications remain secure and reliable.

Using AI to support Threat Reporting
Duration: 90mins
Job Roles: Incident Responder: Boost the accuracy and speed of your threat reports by leveraging AI, helping you respond more effectively to incidents. Threat Hunter: Utilize AI to streamline threat identification and reporting, giving you more time to focus on uncovering critical threats and attack patterns.

Essential Metrics to Boost Support for Your Cybersecurity Learning Program
Duration: 60mins

Output Encoding with Java
Duration: 120mins
Job Role: Software Developer: Ensure secure web applications by learning how to properly implement output encoding and understand how Java template engines manage encoded data.

In addition, we’ve added new machines to the Library. These machines provide hands-on environments that allow learners to practice and refine their skills in realistic, scenario-based settings.

OffSec Cyber Range (OCR):
CVE-2024-36401
CVE-2024-45595
CVE-2024-32651

Proving Grounds (PG):
Jordak
SPX
Keights
Chatroom

We hope these new updates bring you valuable resources to support your growth this month—stay tuned for more enhancements in the coming weeks, and as always, thank you for being a part of the OffSec community!