1. Training
  2. Education & Training Catalog
  3. Offensive Security
  4. Evasion Techniques and Breaching Defences

Evasion Techniques and Breaching Defences

Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. It builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching students to perform advanced penetration tests against mature organizations with an established security function. As a general rule, it will not specifically deal with the act of evading a blue team but rather focus on bypassing security mechanisms that are designed to block attacks. This course is one of the replacements for the Cracking the Perimeter (CTP) course, which was retired October 15, 2020. Students will learn how to: Bypass defenses Perform advanced attacks while avoiding detection Compromise systems configured with security in mind Those who complete the course and pass the 48-hour exam earn the Offensive Security Experienced Penetration Tester (OSEP) certification. The OSEP is one of three certifications making up the new OSCE³ certification, along with the OSWE for web application security and the OSED for exploit development.

Course Overview

Overall Proficiency Level
3 - Advanced
Course Catalog Number
PEN-300
Course Prerequisites

We strongly suggest that students taking PEN-300 have either taken PWK and passed the OSCP certification, or have equivalent knowledge and skills in the following areas: Working familiarity with Kali Linux and Linux command line Solid ability in enumerating targets to identify vulnerabilities Basic scripting abilities in Bash, Python, and PowerShell Identifying and exploiting vulnerabilities like SQL injection, file inclusion, and local privilege escalation Foundational understanding of Active Directory and knowledge of basic AD attacks Familiarity with C# programming is a plus

Training Purpose
Functional Development
Skill Development
Specific Audience
All
Delivery Method
Online, Self-Paced
  • Online, Self-Paced

Learning Objectives

Preparation for more advanced field work Knowledge of breaching network perimeter defenses through client-side attacks, evading antivirus and allow-listing technologies How to customize advanced attacks and chain them together

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Exploitation Analysis
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: