Course Estimated time:
185 hours*
PEN-200
Penetration
Testing with
Kali Linux
Course Includes
the Following:
• Course Materials
• Active Student Forums
• Access to Home Lab Setup
Learn One
• One course
• 365 days of lab access
• Two exam attempts
• Plus exclusive content
Learn Unlimited
• All courses
• 365 days of lab access
• Unlimited exam attempts
• Plus exclusive content
Additional Formats:
• Live in Person Training
(Inquire for pricing and booking)
• OffSec Academy
Virtual Instructor lead training
PEN-200, Penetration Testing with Kali Linux, is a unique
penetration course course that combines traditional course
materials with hands-on simulations, using a virtual lab
environment. View the full syllabus for more details.
Topics Covered:
• Penetration Testing:
What You Should Know
• Getting Comfortable with
Kali Linux
• Command Line Fun
• Practical Tools
• Bash Scripting
• Passive Information Gathering
• Active Information Gathering
• Vulnerability Scanning
• Web Application Attacks
• Introduction to
Buffer Overflows
• Windows Buffer Overflows
• Linux Buffer Overflows
• Client-Side Attacks
• Locating Public Exports
• Fixing Exploits
• File Transfers
• Antivirus Evasion
• Privilege Escalation
• Password Attacks
• Port Redirection and Tunneling
• Active Directory Attacks
• The Metasploit Framework
• PowerShell Empire
• Assembling The Pieces:
Penetration Test Breakdown
• Trying Harder: The Lab
*Time estimates are based on OffSec averages and could vary by individual skill
and experience.
Course Prerequisites:
All students are required to have:
• Solid understanding of TCP/IP
networking
• Reasonable Windows and Linux
administration experience
• Familiarity of Bash scripting
with basic Python or Pearl a plus
Competencies Gained:
• Using information gathering
techniques to identify and
enumerate targets running
various operating systems.
• Writing basic scripts and tools
to aid in the penetration testing
process
• Analyzing, correcting, modifying,
cross-compiling and porting
public exploit code
• Conducting remote, local
privilege escalation and client-
side attacks
• Identifying and exploiting XSS,
SQL injection and file inclusion
vulnerabilities in web
applications
• Leveraging tunneling
techniques to pivot between
networks
• Creative problem solving and
lateral thinking skills
 Course Estimated time:
100 hours*

Like other Offensive Security courses, WiFu combines

traditional course materials with hands-on practice within a
virtual lab environment. The course covers the topics listed
below in detail. Course topics can also be found in the syllabus.

Topics Covered: Course Prerequisites:

• IEEE 802.11 All students must have:

• Wireless Networks • Solid understanding of TCP/

PEN-210 • Packets and Network
IP and the OSI model as well as
familiarity with Linux.
Interaction
Offensive • Linux Wireless Stack
• A modern laptop or desktop
that can boot and run
Security and Drivers
BackTrack
• Aircrack-ng Essentials
Wireless • Cracking WEP and
• Specific Hardware is required
to complete course exercises
Attacks Connected Clients
• Cracking WEP via a Client Recommended Wireless
• Cracking Clientless Network Routers
Course Includes
WEP Networks • D-Link DIR-601
the Following:
• Bypassing WEP Shared • Netgear WNR1000v2
• Course Materials
Key Authentication
• Active Student Forums
• Cracking WPA/WPA2 PSK Recommended
• Access to Home Lab Setup
with Aircrack-ng Wireless Cards
• Cracking WPA with JTR • Netgear WN111v2 USB
Learn One
and Aircrack-ng
• ALFA Networks AWUD036H
• One course
• Cracking WPA with coWPAtty USB 500mW
• 365 days of lab access
• Cracking WPA with Pyritt Competencies Gained:
• Two exam attempts
• Additional Aircrack-ng Tools • Greater insight into wireless
• Plus exclusive content
• Wireless Reconnaissance Tools offensive security and
expanded awareness of the
Learn Unlimited • Understanding of how to need for real-world security
• All courses implement different rouge solutions
access point attacks
• 365 days of lab access • Implementing attacks against
• Familiarity with the BackTrack WEP and WPA encrypted
• Unlimited exam attempts
wireless tools network
• Plus exclusive content

*Time estimates are based on OffSec averages and could vary by individual skill
and experience.
 Course Estimated time:
300 hours*

PEN-300, Evasion Techniques and Breaching Defenses, is an

advanced course designed for OSCP-level penetration testers
who want to develop their skills against hardened systems.
Topics are covered below, or in the course syllabus.

Topics Covered: Course Prerequisites:

• Operating System and We strongly suggest that
Programming Theory students taking PEN-300 have

PEN-300 • Client Side Code Execution

either taken PWK and passed the
OSCP certification or have
with Office
Evasion • Client Side Code Execution
equivalent knowledge and skills
in the following areas:
Techniques with Jscript
• Working familiarity with Kali
• Process Injection and Migration Linux command line
and Breaching • Introduction to • Solid ability run enumerating
Defenses Antivirus Evasion targets to identify vulnerabilities
• Advanced Antivirus Evasion • Basic scripting abilities in Bash,
• Application Whitelisting Python and PowerShell

• Bypassing Network Filters • Identifying and exploiting

Course Includes
vulnerabilities like SQL injection,
the Following: • Linux Post-Exploitation file inclusion and local privilege
• Course Materials • Kiosk Breakouts escalation
• Active Student Forums • Windows Credentials • Foundational understanding of
• Access to Home Lab Setup Active Directory and knowledge
• Windows Lateral Movement
of basic AD attacks
• Linux Lateral Movement
Learn One • Familiarity with C#
• Microsoft SQL Attacks programming is a plus
• One course
• 365 days of lab access • Active Directory Exploitation

• Two exam attempts • Combining the Pieces Competencies Gained:

• Plus exclusive content • Trying Harder: The Labs • Preparation for more advanced
field work
Learn Unlimited • Knowledge of breaching
• All courses network perimeter defenses
through clientside attacks,
• 365 days of lab access
evading antivirus and allow
• Unlimited exam attempts
listing technologies
• Plus exclusive content
• How to customize advanced
attacks and chain them
together web vulnerabilities
*Time estimates are based on OffSec
averages and could vary by individual
skill and experience.
 Course Estimated time:
150 hours*

WEB-200 (Web Attacks with Kali Linux) is Offensive Security’s

foundational web application assessment course. The course
covers the topics below in detail.

Topics Covered: Course Prerequisites:

• Tools for the Web Assessor • All prerequisites for WEB-200
WEB-200 • Cross Site Scripting (XSS) can be found within the Offsec
Fundamentals Program,
Introduction and Discovery
Web Attacks • Cross Site Scripting (XSS) •
included with a Learn One or
Learn Unlimited subscription
with Kali Exploitation and Case Study
• Prerequisite Topics include:
• Cross Origin Attacks
Linux • Introduction to SQL
> PEN-100: Web Application
Basics
• SQL Injection (SQLi) and > PEN-100: Linux 1 & 2
Case Study
Course Includes > PEN-100: Networking Basics
the Following: • Directory Traversal

• Course Materials • XML External Entity (XXE)

Processing Competencies Gained:
• Active Student Forums
• Server Side Template • Students will obtain a
• Access to Home Lab Setup
Injection (SSTI) wide variety of skill sets and
competencies for Web App
Learn One • More Topics added monthly* Assessments
• One course *
The OffSec Training Library will be updated • Students will learn foundational
continuously with new Topics on an
• 365 days of lab access Black Box enumeration and
approximately monthly cadence. Not every
• Two exam attempts course or content area will receive an update exploitation techniques
every month, but some course or content
• Plus exclusive content • Students will leverage modern
area will receive an update approximately
monthly. web exploitation techniques on
modern applications
Learn Unlimited
• All courses
• 365 days of lab access
• Unlimited exam attempts
• Plus exclusive content

*Time estimates are based on OffSec averages and could vary by individual skill
and experience.
 Course Estimated time:
185 hours*

In WEB-300, you will learn white box web app pentesting

methods. The bulk of your time will be spent analyzing
source code, decompiling Java, debugging DLLs, manipulating
requests and more, using tools like Burp Suite, dnSpy, JD-GUI,
Visual Studio and the trusty text editor. For a more complete
breakdown of the course topics view the full syllabus.

Topics Covered: Course Prerequisites:

• Web security tools All students are required to have:

WEB-300 and methodologies • Comfort reading and writing at

• Source code analysis
Advanced • Persistent cross-site scripting
Web • Session hijacking
• .NET deserialization
Attacks and • Remote code execution
least one coding language (Java,
.NET, JavaScript, Python, etc)
• Familiarity with Linux: file
permissions, navigation, editing
and running scripts
• Ability to write simple Python /

Exploitation • Blind SQL Injections Perl / PHP / Bash scripts

• Data exfiltration • Experience with web proxies

• Bypassing file upload
Course Includes restrictions and file
the Following: extension filters
• Course Materials • PHP type juggling with
• Active Student Forums loose comparisons
• Access to Home Lab Setup • PostgreSQL Extension and
User Defined Functions
Learn One • Bypassing REGEX restrictions
• One course • Magic hashes
• 365 days of lab access • Bling SQL injection
• Two exam attempts
• Bypassing character restrictions
• Plus exclusive content
• UDF reverse shells
• PostgreSQL large Objects
Learn Unlimited
• DOM-based cross site
• All courses
scripting (black box)
• 365 days of lab access
• Server side template injection
• Unlimited exam attempts
• Weak random token generation
• Plus exclusive content
• XML external entity injection
• RCE via database functions
• OS command injection via
WebSockets (black box)
such as Burp Suite and similar
tools
• General understanding of web
app attack vectors, theory and
practice
Competencies Gained:
• Performing advanced web app
source code auditing
• Analyzing code, writing scripts
and exploiting web
vulnerabilities
• Implementing multi-step
chained attacks using multiple
vulnerabilities
• Using creative and lateral
thinking to determine
innovative ways of exploiting
web vulnerabilities
*Time estimates are based on OffSec
averages and could vary by individual
skill and experience.
 Course Estimated time:
350 hours*

EXP-301 is an intermediate course that teaches the skills

necessary to bypass DEP and ASLR security mitigations,
create advanced custom ROP chains, reverse-engineer a
network protocol and even create read and write primitives by
exploiting format string specifiers. View the full syllabus.

Topics Covered: Course Prerequisites:

• Operating System All students should have the following
and Programming prerequisite skills before starting

EXP-301 Theory the course:

• WinDbg tutorial • Familiarity with debuggers

Windows User • Stack buffer overflows
(ImmunityDBG, OllyDBG)

Mode Exploit • Exploiting SEH overflows

• Familiarity with basic exploitation
concepts on 32-bit

Development • Intro to IDA Pro

• Familiarity with writing
• Overcoming space Python 3 code
restrictions: Egghunters
• The following optional skills
• Shellcode from scratch are recommended:
Course Includes
the Following: • Reverse-engineering bugs - Ability to read and understand
• Stack overflows and C code at a basic level
• Course Materials
DEP/ASLR bypass - Ability to read and understand
• Active Student Forums
• Format string 32-bit Assembly code at
• Access to Home Lab Setup
specifier attacks a basic level

• Custom ROP chains and • The prerequisite skills can be

Learn One obtained by taking our Penetration
ROP payload decoders
• One course Testing with Kali Linux course.
• 365 days of lab access
• Two exam attempts Competencies Gained:
• Plus exclusive content
• Using WinDbg
• Writing your own shellcode
Learn Unlimited
• Bypassing basic security mitigations,
• All courses
including DEP and ASLR
• 365 days of lab access
• Exploiting format string specifiers
• Unlimited exam attempts
• The necessary foundations for
• Plus exclusive content
finding bugs in binary applications
to create custom exploits

*Time estimates are based on OffSec averages and could vary by individual skill
and experience.
 Course Estimated time:
150 hours*

EXP-312 (macOS Control Bypasses) is an offensive logical

exploit development course for macOS, focusing on local
privilege escalation and bypassing the operating system’s
defenses. It’s an intermediate course that teaches the skills
necessary to bypass security controls implemented by macOS,
and exploit logic vulnerabilities to perform privilege escalation
on macOS systems.

Topics Covered: Competencies Gained:

EXP-312 • Introduction to macOS • Obtain a strong understanding
internals of macOS internals
macOS • Debugging, Tracing Hopper • Learn the basics of
Mach messaging
Control • Shellcoding in macOS
• Learn how to bypass
• Dylib Injection
Bypasses • Mach and Mach injection
Transparency, Content and
Control (TCC) protections
• Hooking • Learn how to escape
• XPC exploitation the Sandbox
Course Includes
the Following: • Sandbox escape • Perform symbolic link attacks
• Course Materials • Attacking privacy (TCC) • Leverage process injection
• Active Student Forums techniques
• Symlink attacks
• Access to Home Lab Setup • Exploit XPC for
• Kernel code execution
privilege escalation
• macOS Pentesting
Learn One • Perform hooking based attacks
• One course • Write Shellcode for macOS
Course Prerequisites:
• 365 days of lab access • Bypass kernel code-signing
• C programming knowledge protection
• Two exam attempts
• Plus exclusive content • Normal user experience
with macOS

Learn Unlimited • Basic familiarity with 64-bit

assembly and debugging
• All courses
• Understanding of basic
• 365 days of lab access
exploitation concepts
• Unlimited exam attempts
• Plus exclusive content

*Time estimates are based on OffSec averages and could vary by individual skill
and experience.
 Course Estimated time:
150 hours*

SOC-200 (Security Operations and Defensive Analysis) is

Offensive Security’s foundational security operations course.

This new course teaches students the mindset required to

assess and respond to security incidents. Topics covered are
below.

Topics Covered: Course Prerequisites:

SOC-200 • Attacker Methodology • All prerequisites for SOC-200

Security • Introduction can be found within the Offsec

• Windows Endpoint Introduction
Operations • Windows Server Side Attacks
and Defensive • Windows Client Side Attacks
Fundamentals Program,
included with a Learn One or
Learn Unlimited subscription
• Prerequisite Topics include:

Analysis • Windows Privilege Escalation > PEN-100: Linux Basics 1 & 2

• Linux Endpoint Introduction > PEN-100: Windows
Basics 1 & 2
• Linux Server Side Attacks
Course Includes • Linux Privilege Escalation
> PEN-100: Networking Basics
the Following:
• More Topics added monthly*
• Course Materials
Competencies Gained:
*
The OffSec Training Library will be updated
• Active Student Forums
continuously with new Topics on an • Students will get hands
• Access to Home Lab Setup approximately monthly cadence. Not every on experience investigating
course or content area will receive an update
malicious activity
every month, but some course or content
Learn One area will receive an update approximately • Students will learn about attack
monthly.
• One course surfaces and how they can be
• 365 days of lab access reduced

• Two exam attempts • Students will develop a working

• Plus exclusive content knowledge of security
operations and best practices

Learn Unlimited
• All courses
• 365 days of lab access
• Unlimited exam attempts
• Plus exclusive content

*Time estimates are based on OffSec averages and could vary by individual skill
and experience.
 Learn Fundamentals

NEW Subscription WORKFLOW for

for 100-Level Content Learn Fundamentals
Introducing Learn Fundamentals OffSec’s
entry-level, or beginner, training plan. Get annual LEARN
access to all 100-level content (PEN-100, WEB-100, Choose from a growing library of 100-level
and SOC-100) with new learning tracks and tracks and Topics to develop your skills for
reporting features coming soon! a variety of job roles

Fundamentals not only provides access to all

100-level courses, but will also offer Assessments
APPLY
and Badges upon successful completion.
Use hands-on exercises with lab machines
to reinforce what you learn and track
Additionally, Learn Fundamentals includes access
progress toward your goals
to PEN-103 (Kali Linux Revealed) and PEN-210
(Wireless Attacks).

TOPICS Included in
Fundamentals
New Topics are continuously added to
Fundamentals. These are just a sample few of
what is available for students. Core Topics apply
to each Fundamentals course, while the courses
also have specific Topics that pertain to the
subject at hand.
ASSESS
Test yourself with hands-on Assessments
to check your progress towards gaining
critical prerequisites for 200-level Courses
PROVE
Earn OffSec Badges to demonstrate your
learnings and show-off your knowledge,
skills, and abilities

Example Topics:

• Linux Basics I & II • Web Attacker Methodology

• Networking Fundamentals • Introduction to Secure Coding
• Troubleshooting 101 • Input Validation
• More coming soon! • More coming soon!
ALL WEB-100

• Introduction to Cryptography • Enterprise Network Architecture

• Web Application Basics • SOC Management Processes
• Working with Shells • Windows Logging
• More coming soon! • More coming soon!
PEN-100 SOC-100
 Level 100 Level 200 Level 300 Level 400
(Beginner) (Foundational) (Advanced) (Expert)
OFFENSE

New

PEN-100 PEN-200 | OSCP PEN-300 | OSEP

Evasion Techniques
Pentesting Penetration Testing
Network Fundamentals with Kali Linux
& Breaching
Defenses
Penetration
Testing

PEN-200 | OSWP
Wireless Attacks

New New

Web App
Sec WEB-100 WEB-200 | OSWA WEB-300 | OSWE
Web Application Web Attacks Advanced Web
Fundamentals with Kali Linux Attacks & Exploitation

EXP-301 | OSED EXP-401 | OSEE

Window User Mode Advanced Windows
Exploit Development Exploitation
Exploit
Dev
New

EXP-312 | OSMR
macOS Control
Bypass

DEFENSE

New New

Security
Operations SOC-100 SOC-200 | OSDA
Security Operations Security Operations
Fundamentals and Defensive Analysis

OSEP + OSWE + OSED = OSCE3 (New Cert)

Course Syntax
Track Course Level Operating System
PENtesting 100 - Beginner 0 - Multiple OS
WEB App Security 200 - Foundational 1 - Windows
EXPloit Dev 300 - Advanced 2 - macOS
DEFensive 400 - Expert 3 - Linux