IR-200: Foundational Incident Response
OffSec's new incident response course and certification launches October 29th. In IR-200, Learners will gain a deep understanding of the incident response lifecycle, including incident detection, analysis, containment, eradication and recovery.
PEN-200: Penetration Testing with Kali Linux
The industry-leading Penetration Testing with Kali Linux (PWK/PEN-200) course introduces penetration testing methodology, tools, and techniques in a hands-on, self-paced environment. Access PEN-200’s first Learning Module for an overview of course structure, learning approach, and what the course covers.
Learners who complete the course and pass the exam after November 1, 2024 will earn the OffSec Certified Professional (OSCP & OSCP+) penetration testing certification which requires holders to successfully attack and penetrate various live machines in a safe lab environment. These certifications are considered to be more technical than other penetration testing certifications and is one of the few that requires evidence of practical pen testing skills. The OSCP is a lifetime certification and the OSCP+ expires after 3 years, representing learners’ commitment to continuing education in the complex cybersecurity space.
Topics covered in the Penetration Testing Course (PEN-200)
-
Introduction to Cybersecurity
Master the core concepts, technologies, and best practices that form the bedrock of cybersecurity, providing a solid foundation for your pen testing journey.
-
Report Writing for Penetration Testers
Learn to craft clear, actionable reports that detail security vulnerabilities, and potential impact, and provide step-by-step remediation guidance to help clients strengthen their security.
-
Information Gathering
Employ advanced ethical hacking techniques and tools like Nmap and Shodan to meticulously map target systems, uncover potential entry points, and discover exploitable vulnerabilities.
-
Vulnerability Scanning
Utilize powerful tools like Nessus and OpenVAS to systematically identify known vulnerabilities in networks, applications, and systems, streamlining your penetration testing process.
-
Introduction to Web Applications
Gain a deep understanding of how web applications function, their underlying technologies, and the architectural weaknesses that give rise to common attack vectors.
-
Common Web Application Attacks
Explore the techniques behind prevalent web attacks like cross-site scripting (XSS), injection flaws, and session hijacking, and learn essential mitigation strategies.
-
SQL Injection Attacks
Master the art of manipulating databases via SQL injections to extract sensitive information, compromise backend systems, and escalate your privileges.
-
Client-Side Attacks
Discover how to exploit vulnerabilities in web browsers, browser extensions, and client-side technologies like JavaScript to compromise user systems and gain unauthorized access.
-
Locating Public Exploits
Learn where to find reliable public exploits, how to assess their applicability, and how to integrate them responsibly into your security testing workflow.
-
Fixing Exploits
Adapt and customize existing exploits, employ obfuscation techniques, and develop creative payloads to bypass defenses and successfully test target systems.
Access PEN-200's first Learning Module
How to enroll today
Most
popular
More information
# of Courses
1
Days of lab access
90
# of Exam attempts included
1
Best
value
All
access
More information
# of Courses
1
1
All
Days of lab access
90
365
365
# of Exam attempts included
1
Fundamental content
N/A
PEN-103 & KLCP Exam
N/A
Included
Included
PEN-210 & OWSP Exam
N/A
Included
Included
N/A
Included
Included
What our community is saying
Alex Caughey
...I would 100% recommend this course to anyone seeking a broad and thorough technical understanding of many fundamental pentest concepts and practices, all delivered through a hands-on, well structured and complete lab environment.
Connor McGarr
...Things are just put in a way [in the PWK labs] where it forces you to think outside of the box. I think that is the biggest skill that a pentester can take away. You can Google something and get a gist of the technical aspects…but that creativity of ‘this is not working, now what’s my game plan’…that’s the mindset that is so valuable
Lee - @N3rdRag3PC
It's finally here! 🥺❤️
I want to give a huge shout-out to the folks over at @offsectraining for giving me the skills and training to have landed my dream job that I've had for 2 weeks now.
Forever grateful and will never forget to #tryharder ❤️
Supercharge your cybersecurity career with the OSCP+
Become an in-demand cybersecurity professional
-
Become an expert with hands-on training
Transform your knowledge into real-world expertise by mastering the practical techniques and tools used by certified penetration testers.
-
Command a higher salary
OSCP-certified security professionals are in high demand, empowering you to negotiate top-tier compensation for your specialized skillset.
-
Expand your skillset
Develop proficiency in a vast array of security tools, methodologies, and attack vectors, making you an indispensable asset to any cybersecurity team.
-
Advance your career
This broader knowledge base opens doors to a wide range of exciting cybersecurity roles, from certified ethical hacker to incident responder, threat hunter, or a software developer with a focus on building security.
-
Validate your expertise
The OSCP penetration tester certification is globally recognized, serving as a powerful validation of your skill and dedication to cybersecurity excellence.
Open doors to exciting cybersecurity roles
-
Penetration Tester
Proactively identify and exploit vulnerabilities in systems and networks to improve an organization’s security posture.
-
Cybersecurity Consultant
Advise organizations on security strategies, implement security solutions, and help them mitigate cybersecurity risks.
-
Security Analyst
Monitor networks for intrusions, analyze security events, and respond to cyber threats to protect an organization’s assets.
-
Network Security Engineer
Design, implement, and maintain secure network infrastructures, including firewalls, intrusion detection systems, and VPNs.
-
Vulnerability Researcher
Discover new vulnerabilities in software, hardware, and systems, developing exploits and reporting them responsibly for remediation.
Your exam toolkit
Comprehensive lab environment
Access a virtual lab to practice techniques and refine your skills in a safe, controlled setting.
Extensive course materials
Dive into detailed course content, videos, and interactive exercises covering all aspects of the exam.
Supportive community
Join a vibrant online community of OffSec students and professionals for help and collaboration.
FAQ
-
What is the OSCP+ certification?
The OffSec Certified Professional (OSCP+ & OSCP) certification, are designed for cybersecurity professionals to validate practical, hands-on skills in ethical hacking and penetration testing. The OSCP+ certification is issued upon completion of the exam, anytime after November 1, 2024. Successful candidates demonstrate proficiency in identifying vulnerabilities, exploiting systems, escalating privileges, and documenting their findings in a real-world environment. The certification is relevant to roles such as penetration testers, security analysts, and consultants, confirming their ability to conduct comprehensive security assessments.
-
What's the difference between the OSCP & the OSCP+?
Beginning November 1, 2024, when learners pass the updated exam, they will earn both the OSCP and OSCP+ certification. The OSCP+ designation will differ from the existing OSCP certification in only one way–it will expire three (3) years from issuance. During those three years learners will have the opportunity to maintain the “+” designation by completing one of three continuing education paths:
- Take and pass a recertification exam within 6 months of the + expiry date
- Take and pass another qualifying OffSec certification exam before your + expires.
List of qualifying exams:
- OSEP (OffSec Experienced Penetration Tester)
- OSWA (OffSec Web Assessor)
- OSED (OffSec Exploit Developer)
- OSEE (OffSec Exploitation Expert)
- Successful completion of OffSec’s new CPE program, details of which will be announced in late 2024-early 2025
OSCP+ not only reflects the holder’s expertise in cybersecurity but also signifies that they are up-to-date with the latest industry standards and practices. The “+” designation highlights a learner’s commitment to continuous learning and staying current in a field that is constantly evolving.
Learners who choose not to maintain the + designation will still keep their OSCP certification.
Please note: The OSCP certification has no expiration date and continues to be valid indefinitely.
-
What is the OSCP+ exam?
The OffSec Certified Professional+ (OSCP+) exam is a rigorous, proctored, 24-hour practical assessment of your penetration testing skills. You’ll demonstrate your ability to identify, exploit, and report on vulnerabilities in live systems within a lab environment. Following the exam, you have an additional 24 hours to submit a comprehensive penetration testing report.
-
What format is the OSCP+ exam in?
The OSCP+ exam is entirely hands-on. You will be given access to a lab environment and tasked with compromising live systems, demonstrating your practical penetration testing abilities.
-
Who is the PEN-200 course for?
The PEN-200 course is ideal for security professionals seeking to enhance their ethical hacking skills and earn the industry-recognized OSCP pen testing certification. It’s designed for individuals who have a solid foundation in networking and basic familiarity with Linux and Windows systems.
-
What are the prerequisites for PEN-200?
While there are no formal prerequisites, it’s strongly recommended that you have:
- A solid foundation in TCP/IP networking
- Basic scripting abilities (e.g., Bash, Python)
- Familiarity with Linux and Windows operating systems
Learners can also go through our Network Penetration Testing Essentials Learning Path to ensure they’re ready for the course, included in Learn Fundamentals and Learn One subscriptions.
-
What competencies will I gain?
Upon completing PEN-200 and successfully passing the OSCP exam, you’ll have mastered core penetration testing methodologies, including:
- Information gathering and vulnerability scanning
- Exploit development and execution
- Privilege escalation (Windows and Linux)
- Web application attacks
- Active Directory exploitation
-
How does OffSec support my online journey?
Throughout the online training course, you’ll have access to:
- A virtual lab environment for hands-on practice
- Extensive course information and materials, including videos and exercises
- A vibrant online community of students and OffSec professionals
-
What is the exam retake policy?
If a learner needs more lab access time or needs to retake an exam, Exam Retakes & Lab Extensions can be purchased additionally through the OffSec Training Library.
- OSCP Certification Exam Retake Fee: $249
- PEN-200 lab access extension of 30 days: $359
-
What’s next after the OSCP+?
The OSCP+ certification opens up a wide range of exciting possibilities within cybersecurity! Here are a few paths to consider, depending on your interests:
- Deepen your penetration testing expertise: Advance your skills with specialized courses in web application security (WEB-200/300) or take on the rigorous PEN-300: Advanced Evasion Techniques and Breaching Defenses (OSEP) course.
- Develop exploit writing skills: Learn the intricate art of crafting your own exploits with courses focused on windows and macOS vulnerabilities (EXP-301/312).
- Transition into defensive roles: Gain a strong foundation in security operations and incident response (SOC-200, Incident Responder Essentials Learning Path) to enhance your value as a well-rounded security professional.
- Explore lateral movements: Design your ideal career path by strategically combining OffSec’s offerings. Pursue roles like secure software developer, cloud engineer, or threat hunter by supplementing your OSCP knowledge with adjacent specializations.
OffSec Penetration Testing Courses & Certifications
Advance your cybersecurity career with OffSec
-
Start your journey
Build a strong foundation with our Network Penetration Testing Essentials Learning Path
-
Master network penetration testing
Hone your offensive skills with the flagship Penetration Testing with Kali Linux (PEN-200) course, preparing you to identify and exploit a wide range of network vulnerabilities.
-
Expand your cybersecurity skillset
OffSec’s Learning Paths help you develop expertise in adjacent areas like exploit development, web application penetration testing, and incident response, opening doors to new career opportunities.
-
Become a web application security expert
Specialize in web application security with Foundational Web Application Assessments with Kali Linux (WEB-200) and Advanced Web Attacks and Exploitation (WEB-300).
-
Develop exploit writing skills
Take your skills to the next level with in-depth exploit development training in Windows User Mode Exploit Development (EXP-301) and Advanced macOS Control Bypasses (EXP-312).
-
Transition to defensive roles
Gain foundational security operations and defensive analysis skills with Foundational Security Operations and Defensive Analysis (SOC-200). This knowledge is invaluable for transitioning to roles in SOC teams and incident response.
-
Take on advanced challenges
Put your skills to the ultimate test with the rigorous OffSec Certified Expert (OSCE3) certification, demonstrating your mastery across networks, web applications, and exploit development.
Most
popular
Course & Cert
Exam Bundle
$1,649/once
The bundle includes 90 days of access to a single course, the associated labs and a single exam attempt.
Best
value
Learn
One
$2,599/year*
One year of lab access alongside a single course plus two exam attempts.
All
access
Learn
Unlimited
$5,799/year
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
Large teams
Learn
Enterprise
Get a quote
Flexible terms and volume discounts available.
Learn One is an annual subscription for individuals and organizations who want to enroll in a single course and ultimately earn an OffSec certification. Learn One includes one course of your choice, two cert exam attempts, hands-on lab access, and all Learn Fundamentals content.
What’s included
1 year of access to the course of your choice
2 exam attempts during your subscription
365 days of lab access
1 year of unlimited access to all fundamental content and OffSec curated Learning Paths
PEN-103 + 1 KLCP exam attempt
PEN-210 + 1 OSWP exam attempt
1 download of course material
Financing for Learn Fundamentals and Learn One now available through Climb Credit with as little as 0% APR and up to 36 monthly payments.
State exclusions may apply. Learn more.
New to cybersecurity want to get educated on fundamental content before signing up?
Check out Cyberversity - our free resource library covering essential cybersecurity topics.
Learn more