9 days ago
![[Image: Course-PEN-300.png]](https://static.offsec.com/media/lms/content_tags/Course-PEN-300.png)
PEN-300 is an advanced course for penetration testers, building on the skills and techniques learned within PEN-200. This course explores advanced penetration testing techniques against hardened targets in mature organizations with an established security function. Within this course, you will go beyond the use of existing tools and skills and be encouraged to develop new techniques and tools. By taking on this course, learners will be proving their advanced phishing skills, advanced antivirus evasion tactics, and establish attack vectors that leverage or disclose Windows credentials.
PEN-300 includes a wide array of current techniques and skills, including:
- migrating between processes to evade detection and maintain control even if one process is terminated
- modifying attack vectors from Word macros within an executable to deliver a staged Meterpreter payload directly in memory
- discussing the drawbacks of PowerShell code that invokes Win32 APIs through the .NET framework and examine a more advanced and stealthy technique known as reflection
- executing "living off the land" techniques to gain ever-increasing access to the system and its back-end networks
- adding advanced techniques for maintaining access and escalating privileges on compromised Windows systems, including navigating file systems, manipulating user accounts, extracting sensitive information, and establishing persistent backdoors
Since the goal of this course is to teach offensive techniques that work against client organizations with hardened systems, we expect students to have taken the PEN-200 course and passed the OSCP exam or have equivalent knowledge and skills. While this is not a requirement, learners without this formal base of knowledge, as well as a strong understanding of operating systems, networking, and scripting (e.g., Python, Bash), could face difficulties.
Learning Objectives
After completion of this course, learners will be able to:
- Develop client-side attack techniques using Microsoft Office and other common applications.
- Master antivirus evasion methods and tools.
- Bypass application whitelisting mechanisms like AppLocker.
- Implement advanced lateral movement strategies in Windows and Linux environments.
- Conduct sophisticated Active Directory exploitation and attacks.
- Evade network detection systems, including IDS and IPS.
- Perform advanced exploitation of Microsoft SQL and Active Directory.
- Use advanced programming concepts and Win32 APIs for attack development.
SPOILER
