PEN-300: Advanced Evasion Techniques and Breaching Defenses

PEN-300: Advanced Evasion Techniques and Breaching Defenses

Building on the skills acquired in PEN-200, OffSec’s PEN-300 course explores advanced penetration testing techniques against hardened targets. Learners gain hands-on experience bypassing security defenses and crafting custom exploits in real-world scenarios, enhancing their expertise in ethical hacking and vulnerability assessment.

This self-paced course culminates in a challenging exam, leading to the OffSec Experienced Penetration Tester (OSEP) certification. Achieving the OSEP certification distinguishes professionals with advanced penetration testing skills, making them highly sought-after experts in securing organizations from sophisticated threats.

OSEP Certification Badge

Advance your penetration testing skills

PEN-300 takes OSCPs and experienced offensive security professionals to the next level. Learn how to launch attacks against mature organizations with an established security function. Develop your skills against hardened systems in real-time.

Topics covered in the Advanced Evasion Techniques and Breaching Defenses course (PEN-300)

  • Operating System and Programming Theory

    This comprehensive module provides a deep understanding of the inner workings of operating systems and fundamental programming concepts. You’ll study memory management, process scheduling, file systems, and other essential OS components, gaining a solid foundation for understanding and exploiting vulnerabilities.

  • Client-Side Code Execution with Office

    This module focuses on leveraging known vulnerabilities in Microsoft Office applications (Word, Excel, PowerPoint) to craft malicious documents that trigger code execution on a victim’s machine, gaining unauthorized access and control.

  • Client-Side Code Execution with Jscript

    Learn how to exploit Jscript, a scripting language used in Windows environments, for code execution attacks, gaining unauthorized access and control on a victim’s machine.

  • Process Injection and Migration

    In this module, you’ll master the art of stealth and persistence by injecting your malicious code into legitimate running processes. You’ll also learn how to migrate between processes to evade detection and maintain control even if one process is terminated.

  • Introduction to Antivirus Evasion

    This module introduces basic techniques to bypass or evade antivirus software, such as obfuscation and packing, allowing you to create malware that goes undetected.

  • Advanced Antivirus Evasion

    Learn more sophisticated methods like signature-based and heuristic-based evasion, enabling you to create malware that goes undetected by even the most sophisticated antivirus solutions.

  • Application Whitelisting

    Learn how to circumvent application whitelisting, a security measure that restricts the execution of unauthorized software.

  • Bypassing Network Filters

    Discover various advanced techniques to bypass network filters and firewalls, gaining access to restricted resources and networks.

  • Linux Post-Exploitation

    This module covers a wide range of techniques for maintaining access and escalating privileges on compromised Linux systems. You’ll learn how to navigate file systems, manipulate user accounts, extract sensitive information, and establish persistent backdoors for future access.

  • Windows Post-Exploitation

    Learn various advanced techniques for maintaining access and escalating privileges on compromised Windows systems, including navigating file systems, manipulating user accounts, extracting sensitive information, and establishing persistent backdoors.

How to enroll today

Most
popular

Course + Certification Exam Bundle

Course + Cert
Exam Bundle

$1,649

One-time payment

More information

# of Courses

1

Days of lab access

90

# of Exam attempts included

1

Best
value

Learn One

Learn
One

$2,599/year

Billed annually*

More information

# of Courses

1

Days of lab access

365

# of Exam attempts included

2

Fundamental content

Unlimited

Fundamental learning paths and assessments

Included

PEN-103 & KLCP Exam

Included

PEN-210 & OWSP Exam

Included

All
access

Learn Unlimited

Learn
Unlimited

$5,799/year

Billed annually*

More information

Recommended # of learners

2-9

# of Exam attempts included

Unlimited

Subscription Term

Annual

OffSec Learning Library Access

All access

Labs for every course

Included

# of Courses

All

Days of lab access

365

Fundamental content

Unlimited

PEN-103 & KLCP Exam

Included

PEN-210 & OWSP Exam

Included

# of Courses

1

1

All

Days of lab access

90

365

365

# of Exam attempts included

1

2

Fundamental content

N/A

PEN-103 & KLCP Exam

N/A

Included

Included

PEN-210 & OWSP Exam

N/A

Included

Included

N/A

Included

Included

Financing is now available through Climb Credit with as little as 0% APR and up to 36 monthly payments, excluding Learn Unlimited. State exclusions may apply. Learn more.

Once started, 90 day lab access cannot be paused.

Buying for a team?

What our community is saying

Andrea I.

Andrea I.

Security Professional

My favorite Offensive Security course, applicable to current environments, and this time going beyond execution of existing tools to actually developing them! Besides the well explained topics and top notch Active Directory and evasion content, this course is a treasure trove for offensive C# development and getting started with Win32 APIs.

Nullg0re

Nullg0re

Penetration Tester

I thoroughly enjoyed this course. Not only did I improve my own skills, but I had a lot of fun doing it. I can take the skills taught in this course and immediately apply it to my day job....This course [PEN-300] does a very impressive and consistent job of starting with theory and then diving into practical application of that theory. Every single chapter follows the theme of “Let’s hit you with the theory, then let’s play around a bit in real-time."

Randy Becker

Randy Becker

CISSP | OSCP | OSEP

This course not only provided me with valuable knowledge but also encouraged me to explore more advanced techniques that can be applied to my job on a day-to-day basis. I’ve been able to utilize what I learned in the course to develop innovative approaches, especially in dealing with the most advanced EDR/XDR/MDR solutions available today.

Supercharge your cybersecurity career with the OSEP

Become an in-demand cybersecurity professional

  • Master advanced penetration testing techniques

    Go beyond the fundamentals and develop specialized skills to uncover and exploit complex vulnerabilities in modern networks and systems.

  • Gain hands-on experience in real-world scenarios

    Learn from experienced professionals through realistic lab environments and challenging exercises designed to simulate real-world attack scenarios.

  • Explore advanced attack vectors and methodologies

    Dive deep into client-side code execution, privilege escalation, post-exploitation techniques, and more.

  • Develop expertise in network exploitation and data exfiltration

    Learn how to navigate complex network environments, compromise systems, and extract sensitive data.

  • Master Active Directory attacks and lateral movement

    Understand how to exploit vulnerabilities in Active Directory and move laterally within a network to gain access to critical systems and data, increasing your value as an advanced penetration tester.

  • Harden your skills against modern security defenses

    Learn how to bypass and evade cutting-edge security measures to successfully penetrate even the most hardened targets.

Open doors to exciting cybersecurity roles

  • Senior Penetration Tester

    Lead penetration testing teams, design and execute comprehensive security assessments, and guide remediation efforts to strengthen an organization’s overall security posture.

  • Red Team Operator

    Emulate real-world adversaries by conducting advanced penetration tests, identifying vulnerabilities, and providing actionable recommendations to improve an organization’s defenses.

  • Security Consultant

    Leverage your expertise to help organizations assess their security risks, develop and implement effective security strategies, and ensure compliance with industry standards and regulations.

  • Vulnerability Researcher

    Discover and analyze new vulnerabilities in software and systems, contribute to the security community by sharing your findings, and help develop patches and mitigations to protect against emerging cyber threats.

  • Security Engineer

    Design, implement, and maintain security solutions for networks, systems, and applications. Ensure that security is integrated into the development lifecycle and that systems are protected from evolving cyber threats.

  • Security Architect

    Design and implement secure architectures for complex systems, ensuring that security is a fundamental consideration from the start. Develop security policies, procedures, and standards to protect an organization’s assets.

FAQ

  • What is the OSEP exam?

    The OffSec Experienced Penetration Tester (OSEP) exam is a challenging, proctored 48-hour assessment designed to evaluate your advanced penetration testing skills in a real-world environment. You’ll demonstrate your ability to identify, exploit, and report on vulnerabilities, culminating in the development of custom exploits.

  • What format is the OSEP exam in?

    The OSEP exam is entirely hands-on. You will be given access to a target network and tasked with compromising it using various techniques, showcasing your practical penetration testing abilities.

  • Who is the PEN-300 course for?

    The PEN-300 course is ideal for experienced penetration testers and security professionals seeking to master advanced penetration testing methodologies, ultimately earning the OSEP certification. While completion of PEN-200 (Penetration Testing with Kali Linux) is not a formal prerequisite, it is highly recommended due to the advanced nature of PEN-300.

  • What are the prerequisites for PEN-300?

    While there are no formal certification prerequisites, a strong understanding of operating systems, networking, and scripting (e.g., Python, Bash) is highly recommended. Additionally, familiarity with the concepts and techniques covered in PEN-200 (Penetration Testing with Kali Linux) is highly recommended for success in this course.

  • What competencies will I gain?

    Upon completing PEN-300 and successfully passing the OSEP exam, you’ll have mastered advanced penetration testing skills, including:

    • In-depth vulnerability analysis and exploitation
    • Custom exploit development
    • Bypassing modern security defenses
    • Exploiting authentication and authorization flaws
    • Attacking Active Directory and cloud environments
    • Post-exploitation techniques for maintaining access and escalating privileges
  • How does OffSec support my online journey?

    Throughout the online training course, you’ll have access to:

    • A virtual lab environment for hands-on practice
    • Extensive course information and materials, including videos and exercises
    • A vibrant online community of students and OffSec professionals
  • What is the exam retake policy?

    For details on exam retakes, please refer to OffSec’s official policies.

  • Can I extend my lab time?

    For information on lab extensions, please refer to OffSec’s official policies.

OffSec Penetration Testing Courses & Certifications

Advance your cybersecurity career with OffSec

  • Begin your wireless security journey

    Establish a strong foundation with the Network Penetration Testing Essentials Learning Path, and then move to PEN-200: Penetration Testing with Kali Linux to build a strong foundation. Become an expert with PEN-300: Advanced Evasion Techniques and Breaching Defenses.

  • Become an expert penetration tester

    Advance your offensive cybersecurity skills with the PEN-300 course. Master ethical hacking techniques to identify and mitigate vulnerabilities in complex systems and networks.

  • Enhance your offensive security expertise

    OffSec’s Learning Paths and courses help you develop your offensive skill set. Explore advanced penetration testing, red teaming, and offensive cloud security to become a well-rounded cybersecurity professional.

  • Become a red team specialist

    Specialize in advanced penetration testing by exploring additional courses and Learning Paths that focus on red teaming tactics, adversary simulation, and offensive security tools.

Most
popular

Course & Cert <br /> Exam Bundle Course & Cert <br /> Exam Bundle

Course & Cert
Exam Bundle

$1,649/once

The bundle includes 90 days of access to a single course, the associated labs and a single exam attempt.

Best
value

Learn <br/>One Learn <br/>One

Learn
One

$2,599/year*

One year of lab access alongside a single course plus two exam attempts.

All
access

Learn <br/>Unlimited Learn <br/>Unlimited

Learn
Unlimited

$5,799/year

Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.

Large teams

Learn <br/>Enterprise Learn <br/>Enterprise

Learn
Enterprise

Get a quote

Flexible terms and volume discounts available.

learn-one

Learn One is an annual subscription for individuals and organizations who want to enroll in a single course and ultimately earn an OffSec certification. Learn One includes one course of your choice, two cert exam attempts, hands-on lab access, and all Learn Fundamentals content.

What’s included

1 year of access to the course of your choice

2 exam attempts during your subscription

365 days of lab access

1 year of unlimited access to all fundamental content and OffSec curated Learning Paths

PEN-103 + 1 KLCP exam attempt

PEN-210 + 1 OSWP exam attempt

1 download of course material

Financing for Learn Fundamentals and Learn One now available through Climb Credit with as little as 0% APR and up to 36 monthly payments.

State exclusions may apply. Learn more.

Graduation cap icon colored in with a gradient fading from purple to teal

New to cybersecurity want to get educated on fundamental content before signing up?

Check out Cyberversity - our free resource library covering essential cybersecurity topics.

Learn more