About Course
Advanced Evasion Techniques Breaching Defenses PEN 300 Course Training Certification
OffSec’s PEN-300 course expands on the skills learned in PEN-200, examining advanced penetration testing techniques against fortified sites. Learners receive hands-on experience in real-world settings by breaking security defences and creating bespoke exploits, expanding their knowledge of ethical hacking and vulnerability assessment.
This self-paced course ends in a tough test that leads to OffSec Experienced Penetration Tester (OSEP) certification. Obtaining the OSEP certification identifies people with extensive penetration testing abilities, making them in-demand specialists in safeguarding organisations from complex attacks.
Course Outline
- Operating System and Programming Theory
- This comprehensive module provides a deep understanding of the inner workings of operating systems and fundamental programming concepts. You’ll study memory management, process scheduling, file systems, and other essential OS components, gaining a solid foundation for understanding and exploiting vulnerabilities.
- Client-Side Code Execution with Office
- This module focuses on leveraging known vulnerabilities in Microsoft Office applications (Word, Excel, PowerPoint) to craft malicious documents that trigger code execution on a victim’s machine, gaining unauthorized access and control.
- Client-Side Code Execution with Jscript
- Learn how to exploit Jscript, a scripting language used in Windows environments, for code execution attacks, gaining unauthorized access and control on a victim’s machine
- Process Injection and Migration
- In this module, you’ll master the art of stealth and persistence by injecting your malicious code into legitimate running processes. You’ll also learn how to migrate between processes to evade detection and maintain control even if one process is terminated.
- Introduction to Antivirus Evasion
- This module introduces basic techniques to bypass or evade antivirus software, such as obfuscation and packing, allowing you to create malware that goes undetected.
- Advanced Antivirus Evasion
- Learn more sophisticated methods like signature-based and heuristic-based evasion, enabling you to create malware that goes undetected by even the most sophisticated antivirus solutions.
- Bypassing Network Filters
- Discover various techniques to bypass network filters and firewalls, gaining access to restricted resources and networks.
- Linux Post-Exploitation
- This module covers a wide range of techniques for maintaining access and escalating privileges on compromised Linux systems. You’ll learn how to navigate file systems, manipulate user accounts, extract sensitive information, and establish persistent backdoors for future access.
- Windows Post-Exploitation
- Learn various techniques for maintaining access and escalating privileges on compromised Windows systems, including navigating file systems, manipulating user accounts, extracting sensitive information, and establishing persistent backdoors.
Who is it for?
The PEN-300 course is ideal for experienced penetration testers and security professionals seeking to master advanced penetration testing methodologies, ultimately earning the OSEP certification. While completion of PEN-200 (Penetration Testing with Kali Linux) is not a formal prerequisite, it is highly recommended due to the advanced nature of PEN-300.
Exam Details
The OffSec Experienced Penetration Tester (OSEP) exam is a challenging, proctored 48-hour assessment designed to evaluate your advanced penetration testing skills in a real-world environment. You’ll demonstrate your ability to identify, exploit, and report on vulnerabilities, culminating in the development of custom exploits.
Benefits of the course
- Operating System and Programming Theory
- Client-Side Code Execution with Office
- Client-Side Code Execution with JavaScript
- Process Injection and Migration
- Introduction to Antivirus Evasion
- Advanced Antivirus Evasion
- Application Whitelisting
- Bypassing Network Filters
- Linux Post-Exploitation
- Windows Post-Exploitation
Course Content
-
This comprehensive module provides a deep understanding of the inner workings of operating systems and fundamental programming concepts. You’ll study memory management, process scheduling, file systems, and other essential OS components, gaining a solid foundation for understanding and exploiting vulnerabilities.