OffSec 2020-year-in-review

OffSec 2020 Recap

2020 has been quite a year, hasn’t it? It’s been challenging in so many ways, but it was also exciting for us at OffSec. We thrive on bringing new training and ideas to the community, and we were able to do just that by releasing new courses, updating content, and adding better functionality. Join us as we take a look back at what we did in 2020, and get a sneak peek at what comes next in 2021.


As part of our commitment to always provide best-in-class information security training, we were busy at work overhauling content, adding new modules and labs, and launching brand new training courses.

  • Our flagship course, Penetration Testing with Kali Linux (PEN-200), received a complete overhaul in February. All existing content was updated, and we added four new modules, three labs, and a few exercises.
  • In July, we were excited to announce that VulnHub was now part of OffSec’s roster of free, high-quality training resources. VulnHub offers offline virtual machines, allowing users to practice without competing with other learners.
  • Also in July, Advanced Web Attacks and Exploitation (WEB-300) was refreshed with 50% more content, new private machines, and practical walkthroughs on topics such as source code auditing, CSRF attacks, and deserialization. We also diversified our white box web app pentesting material by adding a black box module.
  • Advancements in technology made it necessary to cover more ground, so we split Cracking The Perimeter (CTP) into three different courses – WEB-300PEN-300, and the soon-to-be-launched EXP-301.
  • For those looking to take their pentesting knowledge to the next level, we launched Evasion Techniques and Breaching Defenses (PEN-300) in October. It builds on the foundational skills taught in Penetration Testing with Kali Linux, and teaches students to perform advanced penetration tests by learning skills such as how to execute client-side code execution attacks, and write advanced scripts and applications to create custom tools.
  • With the retirement of CTP we wanted to honor the legacy Offensive Security Certified Expert (OSCE) certification, while looking ahead to the future. With that in mind, we created the new OSCE3 certification. Students who take WEB-300, PEN-300, and EXP-301 and pass all three associated certification exams will earn the OSCE3.

New and updated courses weren’t the only things we had going on in 2020. We listened to your feedback and launched several new features and concepts.

  • We took our existing Proving Grounds solution and added two new ways to learn – and have fun while doing so. With the additions of Proving Grounds Play and Practice, students can practice their pentesting skills in a standalone, private lab environment for free, or get more features and unlimited time for a small monthly subscription.
  • Have you joined the Offensive Security Community yet? It’s an opportunity to connect, chat, and collaborate with infosec professionals as well as OffSec experts. Sign up here!
  • For groups, teams, or individuals who want a personalized 1:1 training experience, we now have the OffSec Academy option for Penetration Testing with Kali Linux. This is the most interactive way to work through PEN-200, offering virtual training and weekly mentoring sessions.
  • Did you know that with our User-Generated Content program you can submit a virtual machine and get cash rewards if it meets our requirements? Successful creators will not only be compensated, they’ll also see their submissions in places like Proving Grounds Play and Practice, or other OffSec lab offerings.
  • Your feedback on certificates was heard and understood, and we have officially launched digital certificates with Acclaim. These digital certificates make it easier than ever to claim, share, and verify your credentials with your peers and employers. They can be requested at the same time as your Acclaim badge.
  • We made it easier than ever to craft your learning journey paths and understand the difficulty levels of our courses with the new course classification system.
  • Did you attend any of our webinars hosted by OffSec experts? If not, the first AMA webinar with Jim O’Gorman, and the deep-dive on PEN-300 with Iggy Frankovic, Matteo Memelli and Morten Schenk are available on-demand. Stay tuned for more webinars in 2021 as we expand this program.

The Offensive Security blog is a great place to learn about courses, get expert insights, and hear from fellow students about their journeys. Below, we’ve rounded up our Top 5 most popular posts from 2020 for you to revisit:


Now the part you’ve probably been waiting for: what’s coming up for OffSec in the new year?

  • The third component of the new OSCE3 certification, Windows User Mode Exploit Development (EXP-301), will join our catalogue of courses in early 2021. It’s OffSec’s first major introduction to exploit development and reverse engineering techniques. EXP-301 promises to be a challenging and interesting course which will help prepare you to take Advanced Windows Exploitation (EXP-401) later.
  • We’ll add functionality to allow users to access Proving Grounds VMs through a Kali Linux instance delivered in the browser. Although you will still be able to access Proving Grounds VMs via VPN, this will no longer be required with the new browser-based access function.
  • We can’t spoil all the surprises yet, but we will say that there will be exciting new courses, updated material, new options for enterprise, and more coming your way in 2021. We’ll be sure to share details as soon as we can.

As always, your feedback is invaluable so please let us know on social media or in the OffSec Community what you’re hoping is next for or from Offensive Security. We hope you enjoyed this trip down memory lane, and we can’t wait to see you in the courses in 2021.

Interested in learning more about Web Application Security best practices? Download our free guide.

Download the Web Application Security Guide!

Free Download: Web Application Security guide