• Online, Self-Paced
Course Description

Students who complete the course and pass the exam earn the Offensive Security Experienced Penetration Tester (OSEP) certification, demonstrating their ability to perform advanced penetration tests against mature organizations.

Learning Objectives

Topics covered include:

  • Operating System and Programming Theory
  • Client Side Code Execution With Office
  • Client Side Code Execution With Jscript
  • Process Injection and Migration
  • Introduction to Antivirus Evasion
  • Advanced Antivirus Evasion
  • Application Whitelisting
  • Bypassing Network Filters
  • Linux Post-Exploitation
  • Kiosk Breakouts
  • Windows Credentials
  • Windows Lateral Movement
  • Linux Lateral Movement
  • Microsoft SQL Attacks
  • Active Directory Exploitation
  • Combining the Pieces
  • Trying Harder: The Labs


We strongly suggest that students taking PEN-300 have either taken PWK and passed the OSCP certification, or have equivalent knowledge and skills in the following areas:

  • Working familiarity with Kali Linux and Linux command line
  • Solid ability in enumerating targets to identify vulnerabilities
  • Basic scripting abilities in Bash, Python, and PowerShell
  • Identifying and exploiting vulnerabilities like SQL injection, file inclusion, and local privilege escalation
  • Foundational understanding of Active Directory and knowledge of basic AD attacks
  • Familiarity with C# programming is a plus



  • Preparation for more advanced field work
  • Knowledge of breaching network perimeter defenses through client-side attacks, evading antivirus and allow-listing technologies
  • How to customize advanced attacks and chain them together



  • 19+ hours of video
  • 700-page PDF course guide
  • Active student forums
  • Access to virtual lab environment

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Investigation
  • Cyber Operations
  • Exploitation Analysis
  • Incident Response
  • Vulnerability Assessment and Management