OSEP Review

Offensive Security Expert Penetration Tester Certification / Evasion Techniques and Breaching Defenses (PEN-300)

Summary

Overall, the course Evasion Techniques and Breaching Defenses from Offensive Security is an excellent course. I have started the course in November 2020 and did the exam in February 2021. I have taken the 90 days labs package with the exam. I had enough time to do most of the exercises (at least most important one) and all the labs. I would say that it requires some time and if you are working full time I would recommend going for the 90 days. During the course, you will learn a lot of things from evading anti-virus to building your own payload. I will not go into too much detail since the syllabus of the course is much more detailed here.

For those that are wondering if they have the background or the skills to do the course, this might help you. Before the OSEP I have done the OSCP back in 2017, SLAE in early 2020 and the CRTO certification in late 2020. I would say that the CRTO course from Rasta Mouse helps me a lot to follow the OSEP course. However, I found that the exercise in CRTO was easier than the exercise in OSEP and the CRTO exam was harder than the OSEP exam. This is my opinion and someone else could definitely say the opposite.

I see two negative points from the OSEP course. The first one is that you can't use the framework like Cobalt Strike. So, you will have to use an open source C2. In my case I have been working with Metasploit which finally was not that bad. The second negative point is obviously the proctored exam. It was the first time for me because last time I did OSCP it wasn't proctored. It's a bit more stressful but after some hours you don't even think about it and you can take breaks whenever you want. You just tell them on the chat that you take a break and that's about it. You don't even need to wait for their confirmation.

Exercises and Labs

Take notes as much as you can

The exercises are really worth it. Doing the exercises will definitely help you to do the lab and the exam. And one thing that you should absolutely do is to take notes. There is so much thing to remember and manipulation to do. Again, in my opinion, if you don't take note you will find a hard moment. And over the year, I have found that I should take more notes during my engagement and it helps me a lot. I always tell me that I should take more notes and too much notes it's not enough ! Here is a preview of my notes in Notion:

Notion notes

I didn't do all the exercises. I did the exercises from the chapters 1 to 8 because the other chapters was something more familiar to me since I have done CRTO a few weeks before.

The labs are really fun. Even if I have struggled on some of them, I had a lot of fun doing them and I learned. Doing the labs will again really help you during the exam. Each lab has multiple computers in a domain that you have to compromise. And each lab has their particularity. There are a total of 6 labs. From the most difficult labs to the easier, I would class it like this : 3 > 6 > 5 > 1 > 4 > 2.

Exam

The exam is 48 hours straight and you have 24 hours after the exam to complete the report. It did take me less than 48 hours and I had taken plenty of breaks. In the exam, the goal is to reach a specific goal and/or reach the number of points required to pass the exam. As I said in the summary, I didn't find the exam very hard and I have found that OSCP was harder. However, the labs are not that easy. After the exam, I did my report by using the Offensive Security template and received my result after about ~2 days, it was quite fast. The exam is proctored and you will be asked to comply with their rules before starting your exam. Otherwise, you won't be allowed to do the exam and your vpn connection will not be enabled.

Make sure you don't have any devices near you except your working computer for the exam.

The reporting part took me some hours since I had noted everything during my exam. When I was successfully reaching a goal or making a step, I added it in my note. So, on the reporting part it was a lot easier since I had everything noted. It is still a long task and it has to be done well because if you miss something important you can fail the exam.

The only accepted way to provide the contents of the proof files is in a remote interactive shell on the target machine with the type or cat command from their original location.

Finally, when you take screenshot of your proof, make sure to take the screenshot in an interactive shell. Otherwise, the points won't be awarded unfortunately. For example, if you take a screenshot in a remote desktop showing the value of the proof and a command prompt with the ipconfig, this is not valid. For more information, you can access the exam guide here.