Wednesday, March 15th 2023

PEN-200 (PWK): Updated for 2023

Explore the enhancements we’re made to PEN-200 (PWK) 2023, including restructured course content, expanded Learning Modules, & Challenge Labs.

PEN-200 (PWK): Updated for 2023

PEN-200 was last updated approximately three years ago, and we’re ready to announce the next phase of its evolution as the premier Penetration Testing training and certification course on the market. 

In this blog post, we’ll explain why we are updating PEN-200 (PWK), what the changes are, and when and how they are happening. We’ll also discuss how the changes will impact the course material, the labs, and exam for current and future learners. Grab a snack and hold on tight, here we go. 

There is a lot of content here and we highly suggest you take your time and read it all carefully. 

OffSec’s Pedagogical Growth

The primary reason to update PEN-200  at this time is pedagogical. This is to say, OffSec’s methodology for creating and publishing educational content has evolved significantly over the past three years. The concepts of Learning Units, Learning Objectives, Module Exercises, and Challenge Labs are reflected in courses like SOC-200 and WEB-200, but are not yet fully represented within PEN-200.

With this update, we aim to restructure the PEN-200 course and labs to better reflect our more modern approach to learning. We’ll also take the opportunity to improve the content itself, both in terms of how it is written as well as the breadth and depth it covers. 

What’s Changing?

Everything! Some Learning Modules of PEN-200 (PWK) are being removed and incorporated into other Learning Paths as they no longer make sense to have as part of the course. The rest are undergoing a significant overhaul.

Each Learning Module contains four essential ingredients:

    • Learning Units are atomic, easily digestible, and self-contained pieces of content that can be absorbed in just a few hours.
    • Learning Objectives communicate to learners and their employers the exact knowledge, skills, and abilities they will obtain in a given Learning Unit.
    • Module Exercises give learners the opportunity to apply their knowledge in a hands-on environment so that they can reinforce what they learned in a particular Learning Unit. 
    • Capstone Exercises are new with PEN-200, and test a learner on the content of an entire Module. 

Each new PEN-200 Module contains these ingredients, which allow learners to really sink their teeth into the material before they go on to tackle the brand new PEN-200 Challenge Labs (more on the labs later).

The following is a very high level syllabus of what PEN-200 will look like after the update is complete:

  • PWK: General Course Information
  • Introduction to Cybersecurity
  • Effective Learning Strategies
  • Report Writing for Penetration Testers
  • Information Gathering
  • Vulnerability Scanning
  • Introduction to Web Application Attacks
  • Common Web Application Attacks
  • SQL Injection Attacks 
  • Client-Side Attacks
  • Locating Public Exploits
  • Fixing Exploits
  • Antivirus Evasion
  • Password Attacks
  • Windows Privilege Escalation
  • Linux Privilege Escalation
  • Port Redirection and SSH Tunneling
  • Tunneling through Deep Packet Inspection
  • The Metasploit Framework
  • Active Directory Introduction and Enumeration
  • Attacking Active Directory Authentication
  • Lateral Movement in Active Directory
  • Assembling the Pieces
  • Try Harder: The Challenge Labs

The full syllabus can be downloaded here

Current learners will likely notice two important things:

  1. There are some Modules from the current version of PEN-200 that appear to be missing
  2. There are new Modules included here that aren’t part of the current version of PEN-200!

We’ll now go over each of these observations in turn and provide some more details.

Exit(0): Which Modules are Out? 

The following Modules will no longer be included in PEN-200:

  • Getting Comfortable with Kali Linux
  • Command Line Fun
  • Practical Tools
  • Bash Scripting
  • Introduction to Buffer Overflows
  • Windows Buffer Overflows
  • Linux Buffer Overflows
  • File Transfers
  • PowerShell Empire

In general, there are three distinct reasons why these subjects won’t be included. 

Five Modules are either already included in Network Penetration Testing Essentials (previously PEN-100), which contains all the prerequisite material for PEN-200:

  • Getting Comfortable with Kali Linux
  • Command Line Fun
  • Practical Tools
  • Bash Scripting
  • File Transfers

The Buffer Overflow Modules will be moved to another area in the OffSec Learning Library. While we firmly believe that basic exploit development provides an excellent mental toolset for penetration testers, we also recognize that in 2023, it’s unlikely that vanilla buffer overflows will play any significant role in most penetration tests. Therefore, we are moving them from the course to another area so that we can make room for more modern penetration testing subjects, primarily web, privilege escalation, and Active Directory content.

Finally, the PowerShell Empire Module is also being moved elsewhere in the library since the material is essentially duplicated in practice inside the Metasploit Module. This has allowed us to expand on Metasploit as well. 

Hello World! Which Modules are In?

There are four main areas that have undergone substantial expansion:

    1. Web Applications is being expanded into Introduction to Web Applications, Common Web Application Attacks, and SQL Injection
    2. Privilege Escalation is being expanded into Windows Privilege Escalation and Linux Privilege Escalation
    3. Port Redirection and Tunneling is being expanded into Port Redirection, SSH Tunneling, and Tunneling through Deep Packet Inspection
    4. Active Directory is being expanded into Active Directory Introduction and Enumeration, Attacking Active Directory Authentication, and Lateral Movement in Active Directory

Finally, we are also including three modules from our Fundamental content to serve as an optional on-ramp: Introduction to Cybersecurity, Effective Learning Strategies, and Report Writing for Penetration Testers. 

These areas represent what we believe are some of the most important subjects for modern penetration testers to learn.

Brand new for 2023: The first PEN-200 Module is available for FREE for anyone to download. It explains the pedagogical and practical goals of PEN-200 in substantial depth and can be accessed here

PEN-200 2023 changes

The Challenge Labs

The current version of the PEN-200 labs is monolithic, in the sense that many learners have access to the same shared lab environment. The benefit of this model is that it has historically allowed us to give access to a high number of machines to all our learners. However, we recognize that learners today prefer to have exclusive access to machines so that they do not get interference from other learners. In addition, the open lab environment can be especially intimidating to new learners who haven’t had significant exposure to penetration testing before.

For this reason, we will be implementing a new lab architecture consistent with our latest courses, such as PEN-300 and WEB-200. Every learner will receive access to their own environment. Within that environment, the learner can start sets of machines (called Challenge Labs) that are designed to help the learner work through particular penetration testing problems. As a learner progresses through the Challenges, they will encounter progressively more difficult and more varied sets of machines with greater complexity and dependencies. The final challenges are reminiscent of the current lab environment, where learners will have to compromise a large and rich network. More information about the specific Challenge Labs can be found in the General Introduction to PWK Module above. 

The Exam

The exam itself isn’t going to change directly as a result of these updates except in two regards: the Buffer Overflow machine, and exam bonus points.

Since Buffer Overflows will no longer be a part of the course material, they will also be removed from the exam body of knowledge and no longer part of the exam. 

With regard to bonus points on the exam, we have created a plan to make the transition phase during this update as painless as possible for our learners. Please see below for details.

Note that everything in the course material is able to be on the exam. Any new content that is included in the new version of PEN-200 won’t make its way to the exam until at least six months post-launch. 

How do I Qualify for Bonus Points in PEN-200 (2023)?

Edit: The following section has been revised as of March 22nd, 2023:

Since we released PEN-200-2023, there has been some confusion on what exactly is required to do in order to obtain bonus points on the OSCP exam. We also recognize that many learners would prefer more time to complete the 2022 bonus point objectives. To that end, we have clarified the language below, and have extended the length of time where the PEN-200-2022 Modules and Exercises will be available.

On both versions of the course, there are two objectives that must be met to achieve Bonus Points:

  • The completion of 80% of each Module’s exercises
  • The submission of at least 30 proof.txt hashes

Let’s take each of these objectives in turn.

Module Exercises

  • Learners have the opportunity to complete either 80% of each Module’s exercises on PEN-200-2022 or PEN-200-2023. You may not mix and match progress from one version of the course to the other to be eligible for Bonus Points.
  • The PEN-200-2022 Module and Exercise environment will remain available until July 1st, 2023.
  • On March 15th, 2024 we will stop accepting the 2022 version of the Module exercise requirement as valid. At this point Learners will need to complete 80% of each Module exercise on the 2023 version.
  • Learners who previously had access to PEN-200-2022 who purchase a lab extension after March 15th, 2023 will receive access to PEN-200-2023. They will also receive access to the PEN-200-2022 Module and Exercise environment until July 1st, 2023 or until their access expires – whichever comes first.
  • Immediate access to PEN-200-2022 via a lab extension may not be possible. If you do not receive access by March 31st, 2023, please reach out to for assistance.
  • Learners who previously had access to PEN-200-2022 who purchase a new product (for example, a Learn Unlimited subscription) will only receive access to PEN-200-2023.

Proof Submissions

  • The requirement to submit 30 lab machines’ proofs is cumulative. This means that any machines that have already been compromised and submitted in the OffSec Platform will count toward a Learner’s progress in PWK2023.

Transition Period

  • For any exam taken between March 15, 2023 and April 18th, 2023 – we will drop the Module Exercise requirement and utilize the 30 proof.txt hashes as the only bonus points objective. 

Phased Release Plan

Though we are releasing the new version of PEN-200 (PWK) today, not every learner will gain access to the new content and labs immediately. The reason for this staggered launch is to monitor our lab performance and ensure that learners’ quality of experience is not negatively impacted.

Here is the release schedule:

Today, Learners who began PWK between March 7th, 2023, and March 15th, 2023 will obtain access

  • On March 22nd, 2023, Learners who began PWK between December 14th, 2022 and March 7th, 2023 will obtain access*
  • On March 29th, 2023, all Learners will obtain access*
  • Learners that start PWK as of today will obtain access immediately when their course or subscription begins
  • Learners that purchase a lab extension for PWK will obtain access to the new materials and new labs immediately

*Note, these release dates are subject to change depending on our lab performance after the launch on March 15th, 2023. An update will be made should the release dates change.

All Learners will continue to maintain access to the complete version of PEN-200-2022 until April 18th, 2023. On April 18th, we will decommission the PEN-200-2022 shared lab environment. Learners will maintain access to the private instances related to the Module Exercises until July 1st, 2023.

We at OffSec are really excited about these changes to PWK, and we believe they will significantly improve the learning experience. We have several fun events planned to talk more about these changes, our methodology in creating the courseware and labs, and more.

Should you have more questions or require any assistance, please contact us at