The OffSec Discord server is an environment where OffSec learners, staff, and members of the info-sec community can connect, communicate, and collaborate with one another. The main purpose of this server is to foster a sense of community between our staff, learners, and fellow info-sec professionals.
- How to join the OffSec Discord server
- Installation
- How to ask for help
- OffSec Hints Bot Commands
- OffSec Course channels
- How to join OffSec Course channels
- Public Channels
- Channel Behavior
- Student Mentors (SM's)
- OffSec Ninja & OffSec Support Bot Commands
How to join the OffSec Discord Server
If you already have a Proving Grounds account, you can follow the instructions described here to join our Discord community.
To join our Discord server without a PG account, click on one of the two invitation links presented below:
Create a Discord account and join our server - you can use this option if you are new to Discord and never created an account with them in the past. Once you access the link and complete the registration steps, you will automatically join our server.
Join our server with your existing Discord account - this option is recommended for users already registered with Discord. Once you access the link and log in with your Discord account, you will automatically join our server.
Installation
You can log in to the OffSec Discord server via a web browser or the Discord app. To download the app, you can visit Discord's download page and install the version applicable to your operating system.
How to ask for help
As a cybersecurity professional, the ability to conduct independent research and problem-solving is a sought after skill to have. Having said that, it's important to remember that there are also resources available to you to assist you if needed. For example, the pen-200-hints bot is available to provide guidance with specific exercise questions, and Discord offers a search feature that can help you find answers and in-depth conversations to most exercise questions. By utilizing these resources, you can further improve your problem-solving abilities while also developing self-sufficiency in your work. Remember to keep an open mind and don't hesitate to seek assistance when necessary.
When asking for help, please include as much detail as possible. Provide the steps, commands, codes, and any other relevant information to https://paste.offsec.com/ . This way, the learners and SM's will have a good understanding of what’s going on so they can better assist you. Please do not copy & paste your sample codes to the channels, as it will be difficult to read and to be mindful of other users also discussing in the channel.
|
Avoid: Hi I need help! Avoid: I need help with x.x.x.x machine Propose: I’ve been working on getting low-level access to x.x.x.x machine. I found credentials from another machine, but they do not seem to be working. Can someone help me? |
|
Avoid: I’m stuck on exercise 123 Propose:I’m trying to get the exploit for exercise 123 to work, however I get an error when launching it. Here are the commands and outputs: https://paste.offsec.com/SdDfLvsw |
Note: We encourage community engagement! Anyone is free to help assist learners if they know an answer to a question. For this reason, if you have not received a reply from a Student Mentor within 15 minutes, don't worry! If a learner has not received help within 15 minutes, the Student Mentors will gladly assist.
OffSec Hints Bot Commands
It is now possible to receive hints for certain PEN-200 exercises and SOC-200 challenges through our new discord bot, OffSec Hints.
We will continue to assess, add more functionality, and improve the bot.
To prevent abuse of the bot, each learner is allowed one (1) hint every 30 mins.
Below you can find the bot command available to you and a description of their functionality.
|
Bot Command |
Function |
| /pen-200-2022-hints | Displays hint to PEN-200 2022 course exercises. The command can only be executed in the #pen-200-2022-exercises course private channel. |
| /pen-200-2023-hints | Displays hint to PEN-200 2023 course exercises. The command can only be executed in the #pen-200-2023-exercises course private channel. |
| /soc-200-hints | Displays hint to SOC-200 challenges. The command can only be executed in the #soc-200-labs course private channel. |
OffSec Course channels
OffSec learners have an avenue where they can discuss the courses and exercises.
To avoid spoiling the fun and challenge of the exercises, there are rules that must be followed:
- Learners are not allowed to share complete solutions or walkthroughs of any exercise as we still want learners to complete them on their own.
- Learners are not allowed to share complete source codes, scripts, or commands that are required for the exercises. Sharing sample code snippets are allowed as long as they don’t give the answers away.
Learners can also ask for hints on the lab machines if they have exhausted all their options and have put enough effort into enumerating the target. However, lab machine questions will be stricter in moderation as we do not want the machine’s solutions to be spoiled to everyone. The following are examples of spoilers that should be avoided in the channels:
- Providing a detailed walkthrough or steps needed to exploit a lab machine.
- Providing the exact exploit, command, CVE, or URL of the exploit to use on a specific lab machine
- Providing detailed information on how to leverage the vulnerability of an exploit is not allowed. Although discussing the general concept such as RFI is acceptable.
- Discussing hidden information that should be enumerated, such as a hidden port number, hidden URL, or hidden files is not allowed. Giving details on such information defeats the purpose of having them hidden in the first place.
Student Mentors (SM's) are there to help learners who may have questions or concerns as well as moderate the groups to ensure the rules and guidelines are followed.
How to join OffSec Course channels
To join an OffSec course channel please post a message in the #role-requests channel with the course channel you want to be in. One of the OffSec members will review and once approved. You will be added if you have registered for the courses.
Note, receiving access to the OffSec course channels can take up to 24 hours from the moment you've joined our server.
Below are some of the OffSec Course channels:
- pen-exercises: A channel where learners can discuss the PEN-100 course modules and exercises
- pen-200-labs: A channel where learners can discuss the PEN-200 course lab machines
- web-300-exercises: A channel where learners can discuss the AWAE course modules and exercises
- exp-301-exercises: A channel where learners can discuss the EXP-301 course modules and exercises
- pen-300-labs: A channel where learners can discuss the PEN-300 course challenges
- osmr-masters: A channel for learners who have passed the OSMR exam.
Note: PG Practice Subscribers get access to an exclusive PG Practice channel.
Public Channels
The chat platform offers public and OffSec Course channels. Below is a list of the public channels you should check for important announcements and information:
- #welcome: This is a general channel where all users are welcomed.
- #guidelines: This channel defines the purpose of the community server as well as how learners should legally abide by it under our Academic Policies.
- #announcements: This channel contains general announcements such as any updates to courses and labs, raffles and giveaways, and any other OffSec related news.
- #general: Is a channel for open discussion and an offtopic area where learners can get to know each other
- #engagement-stories: This channel is where you can share interesting stories from an engagement or assessment, please let us all hear about it! (NB - Keep your NDA's in mind!)
- #knowledge-sharing: This is a channel where you can talk about your experiences and expertise within the field.
- #off-topic: A channel to discuss anything non-infosec related
The channels are updated on a regular basis. Please check the platform for the most up-to-date channels.
Channel Behavior
Please be polite and courteous within the chat platform as we do not tolerate unmannerly behavior of any kind. Below are the list of unacceptable topics within any of our channels:
- We do not allow discussing information on the course exams outside of what is publicly available in the course Exam Guides.
- We do not allow discussing illegal activities such as hacking private individuals or corporations.
- Please see #guidelines in Discord for more restrictions.
We also request learners to keep discussions related to the channel topic. If you are not sure please check the #off-topic and #main channels.
Student Mentors (SM's)
Our SM's are OffSec alumni that have joined the company to mentor learners since they have gone through the courses. The SM's will be available to mentor, support and monitor the channels/groups.
To identify an SM, please check if the OffSec Student Mentor tag is present in the Roles section under their username:
If a learner wishes to speak directly to an SM, the SM may not be available immediately as he/she may be assisting other learners or working on other assignments. If the SM is not available, another SM will get back to the learner as soon as one is available. If the learner would like a faster response, please message the relevant OffSec channels where the community can assist or until another SM might be able to assist.
Note: Extra Mile exercises require independent research and are meant to be completed by the learner on their own. Therefore, SM's will not be able to help or provide assistance for it.
OffSec Ninja & OffSec Support Bot Commands
Below you can find a list of bot commands available to you and a description of their functionality.
|
Bot Command |
Function |
| /help | Displays this menu |
| /members | Displays the total number of users on the server |
| /stats | Displays stats for each learner role and certified users |
| /joined | Displays when you joined the server. |
| /support | Global command. Provides official OffSec support channels. |
| /tryharder | Global command. Try Harder |
| /oscpexam | Spits out the URL to OSCP Exam guide. Global command - works anywhere in server. |
| /osweexam | Spits out the URL to OSWE Exam guide. Global command - works anywhere in server. |
| /osceexam | Spits out the URL to OSCE Exam guide. Global command - works anywhere in server. |
| /oswpexam | Spits out the URL to OSWP Exam guide. Global command - works anywhere in server. |
| /osepexam | Spits out the URL to OSEP Exam guide. Global command - works anywhere in server. |
| /oseeexam | Spits out the URL to OSEE Exam guide. Global command - works anywhere in server. |