After a long, sleepless 48-hour marathon, I received an email from OffSec congratulating me on earning the Offensive Security Experienced Penetration Tester (OSEP) certification 🥳 . honestly shocked for a moment because i passed this challenging exam on my first attempt! So, I decided to write a review for anyone thinking about taking on this beast of a certification. since i was a full time penetration tester 🥷 and studying for another ~7 to 8 hours after my 8 hour of office work and weekends around another ~16 hours, yes i saw some signitifcant changes to my health ( completly drained and dark eyes 🥹 ) was a roller coster ride for me. The learning and preparation lasted for around my 90 days of period and i enjoyed the all the part of the course material.
So, what is the OSEP certification all about, and who is it meant for?
OSEP (PEN300) is an an advance certification offered by offensive security majorly focusing on pentest conducting against a enviroment configured with security in mind specially this is a one part of the expert certification OSCE3. and those who like me who want to improve their pentesting skills and pushing the skills beyond the limits i recommend you to take this as a challenges , because this course will teach you how to bypass the exisitng mitigations in enviroment such as Antivirus Evasions, Applocker and AMSI Bypass and Phishing with MS office. MSSQL Attacks and attacking linux and devops environment. the course material is bit outdated, but offsec is continuesly introducing new topic on the material to make it updated.
The course focus heavily on C# and PowerShell including the usage of Win32 API’s some VBA , JScripts . so i suggest you to learn C# before taking the exam beofre going exam i solved this awesome defcon labs https://github.com/mvelazc0/defcon27_csharp_workshop . additionly it will be very good if you have OSCP , because some part of OSCP attacks and methodolgies are helpful in OSEP. The Active Directory attacks in the course is very nicely structured. since i already learned most of the attacks from my previous CRTP course this was not become a headache for me atleast, but i still learned a lot of tricks on in this section.
The course material contains module labs for each topics since some labs you need to write your own codes to complete it and after that their will be challenge lab (including some previously used exam machines) all though this is tougher than expected but it very worth for practicing and improving the skills. it includes multiple hosts and network simulating a hardened corp enviroment .
I suggest you do the course challenge labs twice or as much as possible to reduce the exam stress and cool down your mind. it will be very good to practice your different C2 usage skills.
During the Exam.
Personally i loved the exam it was challengeing for me though i can’t disclose the exam details or the enviroment detials over here due to the offsec strict academic policy. but it will be 72 hours of exam ( 48 hours of lab + 24 hours for report ). Your focus need to compromise the high valued target in an Active Directory Enviroment or obtain atleast 10 flags to pass the exam. the exam enviroment is stable and i took almost 15 hours for the comprmiosing and another 5 to 6 hours to create the exam report. i suggest you to take the screenshots and small notes and commands used along the way to avoid last minute complicatons. try to think like a real world attacker apart from the pentester prespective. and trust your code ( but i got sucked up due to some of my broken code — skill issue broo 🤪 , eventually i fixed it during my exam time itself 😎 )
If you feel stucked in any machine, i recommend you to take break , go for a short walk or eat your favourite food or drink to make your brain to not get over fried !!!. seriously this worked for me 😮💨 . after sending the report to offsec i was like DEADDDDDD 😵😵😵.
Tips for you
-
Consitency is the KEY to success , practice and learn everyday no exuse in this
-
DO ALL THE EXTRA MILES OF THE COURSE AND CHALLENGE LAB
-
Dont panic and never give up try harder !!!, if your code sucks or not finding the next path go to your previous step and look for another approch
-
Sometimes machine revererts are also helpful
-
Use Offsec Discord server this is a super cool community of students and mentor they are very helpful
-
Some PRO tip - Develop and Practice in your Local Home Lab Setup - I have a GOAD running in my home lab network
-
Learn Bloodhound and use it
-
Take a good note during your course period
Resources helped me to learn more.
-
Impacket scripts
-
Powerview, Rubeus and Mimikatz
-
Ligolo and bloodhound
-
https://ppn.snovvcrash.rocks/ - use wayback machine
Conclusion and what next
The course helped me to fix few of my gaps in my existing capabilites of pentesting especailly in windows api’s part . and next im planning to complete my OSWE and few hackthebox pro labs including the APT 💀
Good luck and hack it !!! ☠️
Dhinu Ramachandran 😸