Training Hub

Training

in partnership with Applied technology academy

OffSec PEN-300: Advanced Evasion Techniques and Breaching Defenses (OSEP) 

NOW 20% OFF YOUR FIRST COURSE

USE CODE : WELCOME-20 at checkout to redeem!

Flexible Scheduling

Courses around your availability

Instructor-Led Course

LIVE Sessions with Expert Guidance

Learn from Anywhere

Our Courses are Virtual

Proven Success

Participants say classes provide the tools and confidence to earn certification

Course Overview

We are a premier provider of PEN-300 OffSec OSEP Training. PEN-300 teaches the skills necessary to bypass many different types of defenses while performing advanced attacks that avoid detection. Students who complete the course and pass the exam earn the OffSec Experienced Penetration Tester (OSEP) certification, demonstrating their ability to perform advanced penetration tests against mature organizations.

Exclusive instructor-led topics include:

  • EDR architecture with different telemetry sources and EDR components
  • Overview of a user-land attacks
  • Overview of kernel-mode telemetry sources
  • Overview of kernel-level attacks
  • Coverage of specialized tools used by our instructor team in their real-world engagements

Building on the skills acquired in PEN-200, OffSec’s PEN-300 course explores advanced penetration testing techniques against hardened targets. Learners gain hands-on experience bypassing security defenses and crafting custom exploits in real-world scenarios, enhancing their expertise in ethical hacking and vulnerability assessment. 

This course culminates in a challenging exam, leading to the OffSec Experienced Penetration Tester (OSEP) certification. Achieving the OSEP certification distinguishes professionals with advanced penetration testing skills, making them highly sought-after experts in securing organizations from sophisticated threats. 

PEN-300 builds on the knowledge and techniques taught in PEN-200, teaching learners to perform advanced penetration tests against mature organizations with an established security function and bypassing security mechanisms that are designed to block attacks.

This is an advanced-level course designed for OSCP-level penetration testers who want to develop their skills against hardened systems and for job roles such as senior penetration tester, security researcher, application penetration tester, and any software developer working on security products.

Learners who complete the course and pass the exam earn the OffSec Experienced Penetration Tester (OSEP) certification and are prepared for more advanced penetration testing fieldwork.

  • Operating System and Programming Theory
  • Client Side Code Execution with Office
  • Client Side Code Execution with Jscript
  • Process Injection and Migration
  • Introduction to Antivirus Evasion
  • Advanced Antivirus Evasion
  • Application Whitelisting
  • Bypassing Network Filters
  • Linux Post-Exploitation
  • Kiosk Breakouts
  • Windows Credentials
  • Windows Lateral Movement
  • Linux Lateral Movement
  • Microsoft SQL Attacks
  • Active Directory Exploitation
  • Combining the Pieces
  • Trying Harder: The Labs

Target Audience

  • PEN-300 is an advanced course designed for OSCP-level penetration testers who want to develop their skills against hardened systems
  • Job roles like senior penetration tester, security researcher, application penetration tester, and any software developer working on security products could benefit from the course
  • Web Penetration Testers 
  • Pentesters 
  • Web Application Developers 
  • Application Security Analysts 
  • Application Security Architects 
  • SOC Analysts 
  • Blue team members

Course Objectives

Upon completing PEN-300 and successfully passing the OSEP exam, you’ll have mastered advanced penetration testing skills, including: 

  • In-depth vulnerability analysis and exploitation 
  • Custom exploit development 
  • Bypassing modern security defenses 
  • Exploiting authentication and authorization flaws 
  • Attacking Active Directory and cloud environments 
  • Post-exploitation techniques for maintaining access and escalating privileges 

Prerequisites

 While there are no formal certification prerequisites, a strong understanding of operating systems, networking, and scripting (e.g., Python, Bash) is highly recommended. Additionally, familiarity with the concepts and techniques covered in PEN-200 (Penetration Testing with Kali Linux) is highly recommended for success in this course. 

 Duration 

5 days : Instructor Led Training Cohort from 9:00 am – 5:00 pm ET | Online Live

Cost 

$8,495

Level

Advanced

Certifications 

OSEP

Register For This Course By Filling Out The Form Below:

Course Outline

Evasion Techniques and Breaching Defenses: General Course Information

About the PEN-300 Course

Provided Material

Overall Strategies for Approaching theCourse

About the PEN-300 VPN Labs

About the OSEP Exam

Operating System and Programming Theory 

Programming Theory

Operating System and ProgrammingTheory

Client-Side Code Execution withOffice

Client-Side Code Execution with Office 

Will You Be My Dropper

Phishing with Microsoft Office

Keeping Up Appearances

Executing Shellcode in Word Memory

PowerShell Shellcode Runner

Keep That PowerShell in Memory

Talking to the Proxy

Client-Side Code Execution with Windows Script Host 

Creating a Basic Dropper in JScript

JScript and C#

In-memory PowerShell Revisited

Process Injection and Migration 

Finding a Home for Our Shellcode

DLL Injection

Reflective DLL Injection

Process Hollowing

Introduction to Antivirus Evasion 

Antivirus Software Overview

Simulating the Target Environment

Locating Signatures in Files

Bypassing Antivirus with Metasploit

Bypassing Antivirus with C#

Messing with Our Behavior

Office Please Bypass Antivirus

Hiding PowerShell Inside VBA

Advanced Antivirus Evasion 

Intel Architecture and Windows 10

Antimalware Scan Interface

Bypassing AMSI With Reflection inPowerShell

Wrecking AMSI in PowerShell

UAC Bypass vs Microsoft Defender

Bypassing AMSI in JScript

Application Whitelisting 

Application Whitelisting Theory andSetup

Basic Bypasses

Bypassing AppLocker with PowerShell

Bypassing AppLocker with C#

Bypassing AppLocker with JScript

Bypassing Network Filters 

DNS Filters

Web Proxies

IDS and IPS Sensors

Full Packet Capture Devices

HTTPS Inspection

Domain Fronting

DNS Tunneling

Linux Post-Exploitation 

User Configuration Files

Bypassing AV

Shared Libraries

Kiosk Breakouts 

Kiosk Enumeration

Command Execution

Post-Exploitation

Privilege Escalation

Windows Kiosk Breakout Techniques

Windows Credentials

Local Windows Credentials

Access Tokens

3 Kerberos and DomainCredentials

Processing Credentials Offline

Windows Lateral Movement 

Remote Desktop Protocol

Fileless Lateral Movement

Linux Lateral Movement

Lateral Movement with SSH

DevOps

Kerberos on Linux

Microsoft SQL Attacks

MS SQL in Active Directory

MS SQL Escalation

Linked SQL Servers

Active Directory Exploitation 

AD Object Security Permissions

Kerberos Delegation

Active Directory Forest Theory

Burning Down the Forest

Going Beyond the Forest

Compromising an AdditionalForest

Combining the Pieces 

Enumeration and Shell

Attacking Delegation

Owning the Domain

Trying Harder: The Labs 

Real Life Simulations

Wrapping Up

Benefits of Training with us

  • Support a Mission – As a nonprofit, your purchase funds cyber community programs and STEM initiatives.
  • Strengthen National Security – Help combat cyber threats alongside the DoD and critical industries.
  • Access Our Network – Gain exposure to 1,000+ partners for internships, careers, and mentorship.

Boost Certification Success

Higher Pass Rate
60 %

Students who take our comprehensive bootcamp or guided training have an 80-90% higher chance of passing their certification exams compared to those who study alone.

Improve Your Job Performance and Skill Mastery
72% of IT professionals believe that certifications have a positive impact on their job performance
Increase Your Earning Potential
The average salary for certified professionals is often higher, with certified IT workers earning $12,000 to $20,000 more per year than their non-certified counterparts
Meet Industry Demands for Certifications
According to a Global Knowledge survey, 91% of organizations say certifications are either “important” or “very important” for their cybersecurity and IT teams, as certifications indicate a certain level of expertise and competence.

Student Feedback

Jessica B
Excellent professional team and the class was great. ​
MDP
Great classes for IT advancement with outstanding instructors. ​
Brett F
Experts in the field that tailor the delivery of the overwhelming abundance of material and somehow make it digestible!​
View All Upcoming Training Courses
View All

We use cookies to ensure the best browsing experience possible

Accept