Advanced Evasion Techniques and Breaching Defenses (PEN-300)

 

Course Overview

PEN-300 builds on the knowledge and techniques taught in PEN-200, teaching learners to perform advanced penetration tests against mature organizations with an established security function and bypassing security mechanisms that are designed to block attacks.

This is an advanced-level course designed for OSCP-level penetration testers who want to develop their skills against hardened systems and for job roles such as senior penetration tester, security researcher, application penetration tester, and any software developer working on security products.

Learners who complete the course and pass the exam earn the OffSec Experienced Penetration Tester (OSEP) certification and are prepared for more advanced penetration testing fieldwork.

Who should attend

  • PEN-300 is an advanced course designed for OSCP-level penetration testers who want to develop their skills against hardened systems
  • Job roles like senior penetration tester, security researcher, application penetration tester, and any software developer working on security products could benefit from the course

Prerequisites

We strongly suggest that students taking PEN-300 have either taken PWK and passed the OSCP certification or have equivalent knowledge and skills in the following areas:

  • Working familiarity with Kali Linux command line
  • Solid ability run enumerating targets to identify vulnerabilities
  • Basic scripting abilities in Bash, Python and PowerShell
  • Identifying and exploiting vulnerabilities like SQL injection, file inclusion and local privilege escalation
  • Foundational understanding of Active Directory and knowledge of basic AD attacks
  • Familiarity with C# programming is a plus

Course Objectives

  • Evasion techniques and Breaching Defenses: General Course Information
  • Operating System and Programming Theory
  • Phishing with Microsoft Office
  • Phishing with Calendars
  • Phishing with Jscript
  • Reflective PowerShell
  • Reflective Code Execution in Client Side Attacks
  • Process Injection and Migration
  • Introduction to Antivirus Evasion
  • Advanced Antivirus Evasion
  • Application Whitelisting
  • Bypassing Network Filters
  • Linux Post-Exploitation
  • Kiosk Breakouts
  • Windows Credentials
  • Windows Lateral Movement
  • Linus Lateral Movement
  • Microsoft SQL Attacks
  • Active Directory Exploitation
  • Attacking Active Directory
  • Combining the Pieces
  • Trying Harder: The Labs

Outline: Advanced Evasion Techniques and Breaching Defenses (PEN-300)

  • Lesson 1: Evasion Techniques and Breaching Defenses: General Course Information
  • Lesson 2: Operating System and Programming Theory
  • Lesson 3: Phishing with Microsoft Office
  • Lesson 4: Phishing with Calendars
  • Lesson 5: Phishing with Jscript
  • Lesson 6: Reflective PowerShell
  • Lesson 7: Reflective Code Execution in Client Side Attacks
  • Lesson 8: Process Injection and Migration
  • Lesson 9: Introduction to Antivirus Evasion
  • Lesson 10: Advanced Antivirus Evasion
  • Lesson 11: Application Whitelisting
  • Lesson 12: Bypassing Network Filters
  • Lesson 13: Linux Post-Exploitation
  • Lesson 14: Kiosk Breakouts
  • Lesson 15: Windows Credentials
  • Lesson 16: Windows Lateral Movement
  • Lesson 17: Linux Lateral Movement
  • Lesson 18: Microsoft SQL Attacks
  • Lesson 19: Active Directory Exploitation
  • Lesson: 20: Attacking Active Directory
  • Lesson 21: Combining the Pieces
  • Lesson 22: Trying Harder: The Labs

Prices & Delivery methods

Online Training

Duration
5 days

Price
  • US $ 8,495
Enroll now
Request a date

Schedule

Currently there are no training dates scheduled for this course.