PEN-300: Evasion Techniques and Breaching Defenses

PEN-300 is an advanced penetration testing course for experienced offensive security practitioners. Building on the skills taught in PEN-200, PEN-300 focuses on real-world techniques for breaching and operating within hardened targets and mature organizations with established security programs. The course emphasizes hands-on development of techniques and tooling, encouraging learners to move beyond off-the-shelf solutions and craft custom approaches that work against modern defenses and evolving cyber threats.

Learners will practice advanced offensive techniques covering client-side exploitation, social engineering, credential theft, lateral movement, privilege escalation, and persistence. The curriculum teaches how to evade detection from EDR and AV solutions, live off the land, and exploit application and operating system weaknesses across Windows and Linux environments.

What You’ll Learn

Advanced offensive techniques and tool development
Learn when to use common frameworks such as Metasploit and when to build custom toolchains or exploits tailored to the target environment.

Client-side attacks and social engineering
Design and execute convincing client-side vectors that compromise users and applications, including advanced phishing methods.

EDR and AV evasion
Master advanced antivirus evasion tactics, detection avoidance strategies, process migration, and in-memory payload delivery techniques.

Privilege escalation and lateral movement
Chain exploits to escalate privileges on Windows and Linux hosts, leverage Active Directory weaknesses, and reduce exposure created by a single misconfiguration or vulnerability.

Advanced Windows offensive tradecraft
Cover Windows-specific techniques such as credential harvesting, exploitation of administrative groups, persistence mechanisms, reflection-based stealth techniques, and executing staged payloads directly in memory.

Application exploitation
Find and exploit weaknesses in modern application stacks, including Java and JavaScript components, and craft reliable attack vectors against web and enterprise applications.

Maintaining access and post-exploitation
Implement advanced methods for persistence, data exfiltration, and long-term control while minimizing detection risk and protecting sensitive data.

Course Structure and Hands-on Work

PEN-300 is organized into 20-plus modules. Each module begins with theory and then moves into practical application through hands-on exercises and code examples. Many modules include video walk-throughs for visual learners. After completing the modules, learners apply what they learned in seven Challenge Labs that simulate complex, realistic engagements and prepare them for the OSEP exam. The exam requires demonstration of the ability to identify, exploit, and report on vulnerabilities, including the development of custom exploits, reflecting professional pen test reporting standards.

Prerequisites

This course is intended for those with a strong foundation in offensive security. We expect students to have completed PEN-200 and passed OSCP+ or to possess equivalent knowledge and experience. Learners should be comfortable with operating systems, TCP/IP networking, scripting (for example Python or Bash), and basic exploit development. Without that base, students may find the material challenging.

Certification

Upon successful completion of the proctored exam, learners earn OffSec’s Experienced Penetration Tester certification, OSEP, validating practical pen testing capability in advanced offensive security engagements.

The PEN-300 course is ideal for:

• Experience penetration testers and security professionals
• Those seeking to master advanced penetration testing methodologies
• Existing OSCP+ certification holders

While the completion of PEN-200 (Penetration Testing with Kali Linux) is not a formal prerequisite, it is highly recommended due to the advanced nature of PEN-300.

All learners are recommended to have either taken Penetration Testing with Kali Linux (PEN-200) and passed the OSCP+ certification or have equivalent knowledge and skills.

These skills include:

• Working familiarity with Kali Linux and the Linux command line
• Solid ability in the enumeration of targets to identify vulnerabilities
• Basic scripting abilities in Bash, Python, and PowerShell
• Ability to identify and exploit vulnerabilities like SQL injection, file inclusion, and local privilege escalation
• Foundational understanding of Active Directory and knowledge of basic AD attacks
• Familiarity of C# programming is a plus for this course

Up to 40 (ISC)² CPE credits