Train to become OSEP certified
PEN-300: Evasion Techniques and Breaching Defenses
Starting at $1,749
Level
300615h of content
- Develop advanced ethical hacking skills, including executing client-side attacks, bypassing application whitelisting, and performing advanced Active Directory attacks
- Earn OffSec's Experienced Penetration Tester (OSEP) certification upon passing the exam
Overview
PEN-300 is OffSec’s advanced penetration testing course, focused on evading defenses, developing custom techniques, and preparing for the OSEP exam. Learners engage with hands-on, live machines to perform a realistic penetration test using customized tools and countermeasures, building advanced skills in ethical hacking
PEN-300 is an advanced penetration testing course for experienced offensive security practitioners. Building on the skills taught in PEN-200, PEN-300 focuses on real-world techniques for breaching and operating within hardened targets and mature organizations with established security programs. The course emphasizes hands-on development of techniques and tooling, encouraging learners to move beyond off-the-shelf solutions and craft custom approaches that work against modern defenses and evolving cyber threats.
Learners will practice advanced offensive techniques covering client-side exploitation, social engineering, credential theft, lateral movement, privilege escalation, and persistence. The curriculum teaches how to evade detection from EDR and AV solutions, live off the land, and exploit application and operating system weaknesses across Windows and Linux environments.
What You’ll Learn
Advanced offensive techniques and tool development
Learn when to use common frameworks such as Metasploit and when to build custom toolchains or exploits tailored to the target environment.
Client-side attacks and social engineering
Design and execute convincing client-side vectors that compromise users and applications, including advanced phishing methods.
EDR and AV evasion
Master advanced antivirus evasion tactics, detection avoidance strategies, process migration, and in-memory payload delivery techniques.
Privilege escalation and lateral movement
Chain exploits to escalate privileges on Windows and Linux hosts, leverage Active Directory weaknesses, and reduce exposure created by a single misconfiguration or vulnerability.
Advanced Windows offensive tradecraft
Cover Windows-specific techniques such as credential harvesting, exploitation of administrative groups, persistence mechanisms, reflection-based stealth techniques, and executing staged payloads directly in memory.
Application exploitation
Find and exploit weaknesses in modern application stacks, including Java and JavaScript components, and craft reliable attack vectors against web and enterprise applications.
Maintaining access and post-exploitation
Implement advanced methods for persistence, data exfiltration, and long-term control while minimizing detection risk and protecting sensitive data.
Course Structure and Hands-on Work
PEN-300 is organized into 20-plus modules. Each module begins with theory and then moves into practical application through hands-on exercises and code examples. Many modules include video walk-throughs for visual learners. After completing the modules, learners apply what they learned in seven Challenge Labs that simulate complex, realistic engagements and prepare them for the OSEP exam. The exam requires demonstration of the ability to identify, exploit, and report on vulnerabilities, including the development of custom exploits, reflecting professional pen test reporting standards.
Prerequisites
This course is intended for those with a strong foundation in offensive security. We expect students to have completed PEN-200 and passed OSCP+ or to possess equivalent knowledge and experience. Learners should be comfortable with operating systems, TCP/IP networking, scripting (for example Python or Bash), and basic exploit development. Without that base, students may find the material challenging.
Certification
Upon successful completion of the proctored exam, learners earn OffSec’s Experienced Penetration Tester certification, OSEP, validating practical pen testing capability in advanced offensive security engagements.
Becoming OSEP certified
-
48-hour proctored exam
All exams are proctored by an OffSec employee in a private VPN
-
Hands-on labs
Identify, exploit, and report real-world vulnerabilities in live lab systems
-
Corporate network simulation
Compromise multiple machines on one large network
-
Multiple attack paths
Some machines require multiple exploitation steps, while others will be fully exploitable remotely
OSEP Certification
About the OSEP exam
The OffSec Experience Penetration Tester certification demonstrates advanced penetration skills making them highly sought-after experts in security organizations from sophisticated threats. It validates real-world offensive tradecraft in hardened environments and the responsible handling of sensitive information under exam conditions
Offensive Security Mastery
About the OSCE³ certification
Achieving the OSCE³ certification showcases your dedication to the offensive security field and your ability to tackle complex security challenges after you earn your OSWE, OSED, and OSEP certifications.
Start learning with OffSec
$2,749/year*
Best value
Learn One
Includes one year of access to one 200 or 300-level course, the associated labs, and two exam attempts
$1,749/once
Most popular
Course + Cert Bundle
Includes 90 days of access to one 200 or 300-level course, hands-on labs, and a single exam attempt
OffSec is trusted by
Flexible pricing for teams of any size
Scalable options to fit your team's training needs
Validate your expertise.
Amplify your impact.
-
Mindset & work ethic
Instill a relentless problem-solving mindset that employers value highly in security professionals
-
Globally recognized certification
OffSec certs build elite, hands-on skills trusted by the world's top companies
-
Organization value & trust
Trusted to train skilled, consistent, and reliable security teams
-
Certified candidates win
91% of respondents prefer to hire candidates with certifications (Fortinet, 2024 Cybersecurity Skills Gap Report)
Realistic lab environments
Built to sharpen your team's skills through practical learning
Request a demo -
On-demand lab access
Train anytime in up-to-date, practical, cutting-edge labs
-
Structured learning modules
Progress through clear, goal-driven topics
-
Challenge-based learning
Build skills through real-world, hands-on challenges
-
AI-powered learning assistant
Get instant, guided help with complex topics
Success stories from the field
3 months of material, lots of material! And within them are the labs that I sat for weeks, but there is no doubt that the knowledge I gained during the training will accompany me later in my career.
PEN-300 was awesome. It's packed with tons of great content and labs that really help reinforce what's taught in the course.
I can take the skills taught in this course and immediately apply it to my day job.This course does a very impressive and consistent job of starting with theory and then diving into practical application of that theory.
I have already been able to apply the fundamentals learned in PEN-300 in my day-to-day work and have increased my skillset in a meaningful way.
I’ve been able to utilize what I learned in the course to develop innovative approaches, especially in dealing with the most advanced EDR/XDR/MDR solutions available today.
This achievement stands as a testament to sustained effort and perseverance. The long hours, the challenges, and the relentless pursuit of excellence have sharpened my skills and expanded my ability to innovate and solve problems.
ShadowGlyph
The most cunning twist security, slipping through barriers and leaving chaos behind.
Level
OSEP Certification
PEN-300
Origin
Emerging from the shadows of the digital abyss, ShadowGlyph harnesses the arcane power of the web to manipulate firewalls and weave intricate exploits. With ancient knowledge and ethereal precision, ShadowGlyph crafts illusions that leave no trace, slipping unnoticed through defenses to control the flow of cyberspace.
Strengths
Master of network manipulation; excels at leveraging vulnerabilities with dark, unseen magic, creating sophisticated attacks that remain undetected until it’s too late.
Traits
Tactics of choice
Arcane exploitation through invisible code rituals, bending defenses to his will with quiet, calculated mastery.
