Introduction
The Offensive Security Experienced Penetration Tester (OSEP) certification, formerly known as Evasion Techniques and Breaching Defenses (PEN-300), is an advanced penetration testing course offered by Offensive Security. The course focuses on developing advanced skills and techniques in penetration testing, with a particular emphasis on bypassing security mechanisms. Some of the topics covered in the course include phishing techniques, lateral movement within a network, privilege escalation, and attacking Active Directory environments. If you’ve already obtained your OSCP certification, I highly recommend taking the OSEP course as the next step in your career journey.
You can get the full syllabus for OSEP (PEN-300) in here.
Once you buy the course, you’ll receive access to course materials such as PDFs, videos, and labs. In my opinion, I think you should have enough time with the 90-day period to go through all the course materials and complete the labs.
For more details, Offsec already provide more explanation in here
Labs
What I love most about the Offsec courses, including OSEP, is the good lab experience they provide. Just like my time with OSCP, I had a great time working on the labs in OSEP. The hands-on of the labs really enhances the learning process and lets you put your skills into action. It’s something that I genuinely enjoy and find extremely valuable in the course.
The labs in OSEP are divided into six challenges. Some of these labs concentrate on specific topics, giving you practice in those areas. Meanwhile, there are labs that simulate smaller internal networks, where your goal is to compromise them. These internal networks you can expect to have security mechanisms, Active Directory environments, and lateral movement.
During the first month, my main focus is to finish reading the course materials (PDFs and videos). In the second and third months, I dedicate my time to repeatedly solving all six challenges, using different payloads, tools, or techniques. I highly recommend taking notes of all commands or payloads in your notebook, as they can be useful references during the exam.
If you are asking me about note taking apps, I really love using CherryTree now 😁
Exam
Initially, I had scheduled my exam for June 6th, but I decided to reschedule it to June 5th, one day earlier. The main reason for this change is that I have a lot of free time during the weekend, and Monday happens to be a public holiday in Malaysia. Waiting for the exam day can make the days feel longer, and I wanted to make the most of my available time.
Before the exam, you need to ensure that you have checked all the necessary requirements before beginning your exam. As usual, all the information can be found on the Offsec website in here.
The exam will last for 48 hours, as mentioned on the Offsec website. However, according to the website, the actual duration is 47 hours and 45 minutes. So mine started at 2 PM (June 5th) and end around 2 PM (June 7th). As stated in one of the FAQs in Offsec website, there are 2 ways you can pass the exam, either you achieve the objective provided on the control panel (secret.txt) or obtain at least 100 points.
1 Flag = 10 Points. So 10 Flags = 100 Points. Can read the FAQs in here
I utilize all of the 48 hours to get enough points to pass the exam. The most important thing is to ensure all of the evidence, commands, payloads already in your notes. I put all the steps and evidence in a Microsoft Word and use the report template provided by Offsec as my final report. The reason why I prefer Microsoft Word because it give you flexibility to customize your report and I love to add page break on every sub headers just to make your report looks nice. I also did refer to this OSEP Exam Report Templatee Markdown owned by noraj and I highly recommend to check it out.
Tips and Recommendation
There are several platforms you can use to find answers to any of your questions before the actual exam. I will list all the platforms I used to gather information prior to the exam.
Thanks to the community, there are a lot of cheatsheets that you can refer to prepare for the OSEP.
- OSEP Code Snippets
- OSEP Notes #1
- OSEP Notes #2
- OSEP Notes #3
- Mayfly - Game Of Active Directory v2
- MindMap - Pentesting Active Directory
- CheatSheets - Active Directory
- HackTricks - Linux Active Directory
- HackTricks - Active Directory Methodology
- Windows & Active Directory Exploitation Cheat Sheet
Also, I would like to promote a tool that might be helpful in Active Directory called PowerView.py. The project mainly created by my friend @aniqfakhrul and I am one of the contributor. This tool might be helpful in some ways during your Active Directory Enumeration or Exploitation. For some documentation on how to use the tool, you can check the Wiki in here
Please make sure to get enough sleep and do not skip your breakfast, lunch, or dinner. Getting proper rest and sleep will help reduce stress and may provide you with more ideas if you encounter any challenges. As stated in the OffSec Exam Guide:
You are expected to take rest breaks, eat, drink, and sleep
Lastly, if you enjoy listening to music or songs, you can always have them playing during the exam. However, it is important to ask for permission from your proctor beforehand. Personally, I find that listening to Lofi helps me relax while taking the exam.
What’s next?
After sending the report on the same day of my last day (June 7th), I keep refreshing my email since then.
On the night of June 8th, I finally received the email saying that I passed the exam. This certification has always been something I wanted, and I never thought I would actually get it. I know I still have a lot to learn and I’m not an expert, but I enjoy learning and that’s what matters. Now that I have OSEP, I’m thinking of going for the OSCE3 certification next. The OSWE will be the next certification I want to pursue!