PWK: All New for 2020

We’ll get to the point: Penetration Testing with Kali Linux (PWK) has been overhauled for 2020. It’s bigger and better than ever before.

PWK is the foundational penetration testing course here at Offensive Security, and the only official training for the industry-leading OSCP exam. The original version of the course has enabled thousands of information security professionals to build their careers.

Updating PWK to integrate the latest technology, tools and processes is critical to continuing to support our students. Our teams have worked hard to not only develop new additions to the content, but also to completely revise all the modules for a better experience.

The 2020 PWK overhaul more than doubles the amount of course content and adds 33% more lab machines to provide you with even more practice and experience. PWK is still a foundational course, intended to push infosec professionals to the next level.

For those who just want a quick summary of some of what’s new and what’s been updated, check out the list below. For the details, read on – keeping in mind that the course as a whole has had a significant upgrade that goes well beyond the items listed here.

New for PWK

  • Modules
    • Bash Scripting
    • Introduction to Buffer Overflows
    • Active Directory Attacks
    • PowerShell Empire
  • Dedicated lab machines
  • Targets in the labs including Active Directory targets
  • Hands-on walk-through
  • Extra exercises

Updated for PWK

  • Modules: All modules have been updated. The below received the most extensive updates.
    • Practical Tools
    • Passive Information Gathering
    • Privilege Escalation
    • Client Side Attacks
    • Web Application Attacks
    • Port Redirection and Tunneling
    • Metasploit
  • Lab machines have been updated

Now, let’s dive into the details. We also answer questions for those students who have already purchased PWK at the end.

What’s new in PWK for 2020


Bash Scripting: While we still recommend having some experience prior to starting the course, we’ve expanded and separated the Bash scripting portion of the Getting Comfortable with Kali Linux module to ensure students get even more time with Bash.

Introduction to Buffer Overflows: This module contains detailed explanation of the principles behind buffer overflow attacks and introduces the student to the x86 architecture, program memory, and CPU registers.

Active Directory Attacks: Learn Kerberos and NTLM attacks, and lateral movements.

PowerShell Empire: This module introduces students to PowerShell Empire and the use of its modules to assist with local privilege escalation and lateral movements.


Dedicated lab machines: You’ll be provided with three dedicated lab machines for the exercises (Windows 10 client, Windows 2016 Active Directory, Debian client).

Labs: New machines are available, increasing the total number to over 70. Moreover, almost all the previous targets have been updated with new operating systems and exploitation vectors. The shared networks now also contain Active Directory with different configurations.

Walkthrough: The previous version of PWK has a theoretical network to demonstrate a full penetration testing scenario. In the update, we’ve developed a hands-on mini-network in which the student will be able to reproduce the steps provided with a book and video walk-through.

Extra exercises: Get more practice with the new exercises under Extra Miles.

What’s updated for 2020

As noted above, the entire course has been updated. The most notable updates are included below.


Practical Tools: Added PowerShell and PowerCat.

Passive Information Gathering: We cover more OSINT, as well as using Shodan and Pastebin.

Privilege Escalation: We added content on local information gathering techniques, enumerating firewall rules, as well as bypassing UAC and several privilege escalation examples on Windows and Linux.

Client Side Attacks: Learn more about HTA attacks, Microsoft Word macros, object linking and DDE embedding.

Web Application Attacks: A deeper dive on traditional web attack vectors, including exploiting admin consoles, XSS, directory traversal vulnerabilities, SQL injections and more.

Password Attacks: Expanded material for online, offline and in-memory based password attacks.

Port Redirection and Tunneling: New and expanded exercises on tunneling, pivoting, and port redirection. Students will now be able to practice these techniques using their three dedicated virtual machines, before applying their new-found knowledge in the shared labs.

Metasploit: Increased coverage on the Metasploit framework. Covering auxiliary modules, exploits, payloads, scanners, meterpreter, post-exploitation, automation, and more!


Labs: Targets have been updated, so if you need more practice on fresh exercises, we recommend giving these a try.

Download the Syllabus

What does this mean for the OSCP exam and certification?

At this time, the OSCP exam, proctoring, and certification procedures will remain the same. The PWK refresh provides more material and machines for preparation. Please note, lab extension purchases no longer include an exam attempt. An exam attempt is included in the initial PWK purchase, and can be purchased individually afterwards. The window for scheduling an exam retake has been increased from 90 days to 120.

Existing OSCP holders

OSCP holders may choose to retake the exam if it has been more than three years from when they were last certified. There is no requirement from OffSec to update your certification – once an OSCP, always an OSCP.

That being said, we welcome you to upgrade to the new version of PWK. Upgrading your course costs less than buying a new one, and you’ll gain access to all of the new and updated modules, content, labs, and machines to test your skills and keep them sharp.

Rather than starting a new registration, please remember to use the purchase link you received via email after your last OffSec purchase. If you were certified more than three years ago, please contact us to update your information and receive a new purchase link. Always be sure to include your OSID when contacting OffSec.

What about students who purchased prior to the update?

Both versions of the PWK course prepare you for the exam. The change in course material will not make the exam any harder than it already was, so you will have just as much of a chance to pass as you did before the update.

Students who want to access the new course material have two choices:

  1. Purchase an upgrade to receive the new PWK materials and lab access (paying the upgrade price, not the full course price).
  2. Continue with the previous version of the course materials and labs.

If you choose to upgrade, you can do so at any time. Please visit our FAQ page for more details.

Vouchers: Students who redeem a voucher after the update is live will receive access to the updated PWK course material and the new lab environment.

Extensions: As noted above, lab extensions no longer come with an exam attempt. If you have already purchased the course and 30, 60, or 90 days of lab time, you will have one exam attempt. Further attempts will require you to purchase a retake.

Please note that this applies to all courses, not just PWK.

Other questions?

If you have any questions or concerns about the update, please contact us. Current students should always be sure to include their OSID.

If you have questions about information security training for your team or organization, the OffSec Flex program offers additional benefits, including bonus Flex Funds (so your budget goes further!) as well as training on your own schedule.

Download Now: Selecting the Best Information Security Training for Your Organization
Free download: Selecting the Best Information Security Training for Your Organization