In this article, you can find answers to the following questions:
- What is an overview of the PEN-300 course?
- What are the prerequisites for Evasion Techniques and Breaching Defenses?
- What are the reporting requirements for PEN-300?
- What is the OSEP certification?
Advanced Evasion Techniques and Breaching Defenses covers more advanced topics of breaching network internal defenses through client-side attacks as well as evading antivirus and defeating application allow-listing technologies.
Specifically, we focus on how to customize those attacks and chain them together; for example, in an advanced Active Directory exploitation such as the compromise of an Active Directory Forest. PEN-300 does even more to prepare you for what happens in the field than PEN-200.
As a general rule, it will not specifically deal with the act of evading a blue team but rather focus on bypassing security mechanisms that are designed to block attacks.
All learners are recommended to have either taken Penetration Testing with Kali Linux (PEN-200) and passed the OSCP certification or have equivalent knowledge and skills. These skills include:
- Working familiarity with Kali Linux and the Linux command line
- Solid ability in enumeration of targets to identify vulnerabilities
- Basic scripting abilities in Bash, Python, and PowerShell
- Ability to identify and exploit vulnerabilities like SQL injection, file inclusion, and local privilege escalation
- Foundational understanding of Active Directory and knowledge of basic AD attacks
Familiarity of C# programming is a plus for this course. The full syllabus may be viewed here.
The only report that is required for the PEN-300 course is the exam report, should you choose to attempt the OSEP certification exam.
OSEP is the certification obtained from going through the PEN-300 course and passing the exam. The acronym stands for OffSec Experienced Penetration Tester.
For more information, please visit the course page and read our blog posts:
STILL HAVE QUESTIONS?