In this article, you will find relevant information and answers to questions related to PEN-300 Course Exam.
- Exam tour
- Where can I find the exam guide?
- How do I know if I'm ready to take the exam?
- How do I schedule my certification exam?
- What is the exam retake policy?
- How do I get points on the exam?
- How many points do I need to pass the exam?
- Can I submit a lab report for bonus points?
- What is secret.txt?
- How do I know what the goals of the exam are?
- Do I need to include code and screenshots in the exam report?
- What is required as documentation for flags?
- Is a web shell enough?
- How many machines are in the exam?
- Do I need to compromise all machines in the exam to pass?
- Are there machine dependencies in the exam?
- Can I revert machines during the exam?
- If I get stuck on one machine can I still complete the exam?
- Will attacks like zerologon work in the exam?
- Do exam machines have antivirus installed?
- Does the exam contain old OS versions like Windows XP?
- Are there only Windows machines in the exam?
- My company has a license to cobalt strike, why can't I use that in the exam?
- Do I need a local VM for development during the exam?
- Can I use Discord during the exam?
- How does the challenge labs compare to the exam?
- If I fail and retake the exam will I get the same exam machines?
- How Can I Find Out My Exam Score?
- Will I be provided with the feedback for my exam ?
- Can I appeal my exam result ?
- What information is available about exam proctoring?
Watch this video for a quick overview on the exam process, from scheduling to submitting your exam report.
This video was current as of October 2022. As we continue to improve the Learning Library, slight modifications in the interface or functionality may appear.
Have more questions? Check the frequently asked questions below.
The certification exam simulates a live corporate network in a private VPN. You will have 47 hours and 45 minutes hours to complete the challenge itself and a further 24 hours to submit your documentation.
The OSEP exam guide is available at the following link: OSEP Exam Guide
This is, of course, a very difficult question to answer. At a minimum, we recommend that you understand the majority of the concepts taught in the course and complete the challenge labs.
To learn how to schedule an exam, how to see the amount of time you have left before your exam attempt expires or understand how rescheduling an exam works, please visit our Important information about exam scheduling or Important information about exam scheduling in the Learning Library article, depending on the environment you are studying in.
All exams have a cooling off period in between attempts. You can view additional details on the cooling off period here.
Points are awarded from finding flags in the form of local.txt or proof.txt files; each flag is worth 10 points.
The exam can be passed in one of two ways. Either you achieve the objective provided on the control panel, or obtain at least 100 points.
It is not possible to obtain any bonus points on the OSEP exam from completing the course labs.
The exam objective will be provided on the control panel when the exam starts. Completion of that objective is proven by obtaining the secret.txt flag.
Once your exam starts, you will get access to the control panel. On the control panel, you will find an explanation of the simulated penetration test and the associated goals.
You should include enough information in the exam report so our graders can replicate your steps.
In the exam report, you must include a screenshot of the flag in its original location by using the type or cat command. Additionally you must include the output of the ipconfig/ifconfig/ip a command.
The shell from which the flag is documented must be a fully interactive remote shell. This means a web shell or RDP session is not sufficient.
The exam simulates a black box penetration test and as such, the total number of machines in the exam is not provided to learners. It should be considered an exam secret that must be enumerated during the exam.
It is not required to compromise all machines in order to pass the exam. In fact, some machines are not possible to be compromised.
Just like in a penetration test of a real corporate network, many machines will have dependencies.
You can revert the exam machines through the control panel. Due to dependencies, it's not possible to revert individual machines; instead, they are listed in groups.
There are multiple avenues of attack that can be found through enumeration, so no single machine is required to pass.
We regularly patch the exam machines in order to prevent unintended attack vectors. Do not expect a new vulnerability to provide an easy way to pass the exam.
Exam machines will have various security solutions configured as taught in the course material. Note that bypasses taught in the course and practiced in the labs will also work in the exam.
The exam only contains modern and fully patched operating systems.
Just like in the PEN-300 course and challenge labs, the majority of topics and machines use Windows as the operating system. However, there will be Linux machines in the exam as well.
The exam is designed to test and verify skills and knowledge as covered in the syllabus. Allowing the use of commercial tools in the exam may provide an unfair advantage to some learners.
As part of the exam, the learner will be provided with a development VM in the VPN. This VM will contain tools such as Visual Studio and Microsoft Office among others.
While you may use Discord as a resource for searching for information during the exam, under no circumstances are you permitted to seek or receive assistance from others on the platform. This includes but is not limited to, asking for help, sharing exam-related information, or discussing any aspect of the exam with others.
The challenges in the PEN-300 labs train most of the concepts that are tested in the exam. The last challenge in the PEN-300 labs has a comparable complexity to the exam.
The OSEP exam consists of a pool of exam sets. The exam sets are assigned at random, so there is no guarantee you will receive the same exam set on a retake.
Your exam score will be provided in the exam certification results email should you submit your exam report and have insufficient points to pass the exam. Additionally, you can use the point assignment outlined in the exam control panel to approximate your score.
You will be provided with the exam feedback after you received your exam result. Note that only learners who submit the exam report and have insufficient points to pass the exam are going to receive the feedback from us.
Learners who wish to address any concerns or seek clarification regarding their results can initiate an appeal through our Challenges Department. To initiate an appeal, please contact us via email at "challenges AT offsec DOT com"
Upon receiving your appeal, our team will conduct a diligent review of your results. We understand the significance of a timely response, and we commit to providing you with an update promptly after we have reached a final decision on the matter. Please note that we strive to complete the review process within a maximum of ten (10) business days.
All OSEP exams are proctored. Please make sure to read our online FAQ.