šŸ›”ļø My OSEP Journey: Course, Exam Experience & Learning Resources

      mr4nk

      As an offensive security enthusiast constantly seeking to level up my red teaming skills, I took the plunge into the OSEP (Offsec Experienced Penetration Tester) certification. Offered through OffSec’s PEN-300: Evasion Techniques and Breaching Defenses, OSEP is part of the prestigious OSCE3 certification track and is designed for those who want to go beyond standard pentesting into more advanced adversary simulation techniques.

      šŸ“š Course Structure & What to Expect

      The OSEP course is hands-on, lab-heavy, and focuses on advanced exploitation and evasion techniques. Here’s a quick breakdown of what you can expect:

      • Client-Side Attacks: VBA macros, HTA payloads, and phishing techniques.
      • Antivirus Evasion: Payload obfuscation, shellcode encryption, and bypassing modern defenses.
      • Credential Harvesting & Token Manipulation: Mimikatz, Rubeus, and abusing Windows security features.
      • Lateral Movement & Pivoting: Pass-the-Hash, Kerberoasting, and multiple lateral movement techniques.
      • Linux Post-Exploitation: Less common but valuable for full coverage.
      • Active Directory Attacks: Includes enumeration, escalation, and both traditional and advanced attacks.

      The labs simulate real-world corporate networks. They’re tough but immensely rewarding. Documenting each step is critical, as it will help during the exam.

      šŸ’£ My OSEP Exam Experience

      The OSEP exam is a 48-hour hands-on challenge, followed by a 24-hour reporting window. The objective is to gain access to various systems within a realistic Active Directory environment and score at least 100 points (10 flags).

      I had initially planned to complete the exam by March 31, 2025, and booked my slot accordingly. On the day of the exam, I successfully completed the verification process and began the assessment. Unfortunately, I was unable to complete the challenges in time. Although I was disappointed, something incredible happened that same day – my wife was admitted to the hospital for delivery, and we were blessed with a baby boy. In hindsight, even if I had managed to finish the exam, I wouldnā€™t have been able to submit the report in time due to everything going on. So, fortunately – or unfortunately – I failed that attempt.

      I rebooked the exam, this time scheduling the slot for 6:30 AM IST. On the exam day, I encountered technical issues – I couldnā€™t share my screen or camera through the exam portal. I immediately reached out to OffSecā€™s live chat support, who were very helpful. Despite their assistance, the issue persisted, so I traveled to my uncleā€™s home to try a different setup, but still had no luck. Eventually, I switched to a different device. Initially, it didnā€™t work either, but after some troubleshooting, I finally got everything working and completed the verification process by 9:30 AM, after which I started the exam. Due to these issues, the OffSec team extended my exam time by two additional hours.

      This time, I successfully completed the exam by meeting the passing criteria. I then prepared and submitted my exam report by 3:00 AM on April 14. On April 18 at 4:24 AM, I received the resultsā€”I had passed the OSEP exam!

      Key tips:

      • Donā€™t panic. Take breaks.
      • Time management is crucial.
      • Screenshot everything.
      • Use the report template provided by OffSecā€”itā€™s gold.
      • Always have a backup for your device and internet connection.

      āš™ļø Tools and Resources That Helped Me

      šŸ““ Tips to Ace the Exam

      • Practice building and evading payloads manually.
      • Practice AV bypass and process injection techniques outside the lab too.
      • Set up your own Active Directory lab.
      • Get comfortable with lateral movement and pivoting.
      • Donā€™t rely only on toolsā€”understand the techniques.
      • Learn to write a professional report.

      šŸ Final Thoughts

      OSEP was a game-changer for me. It bridged the gap between traditional pentesting and real-world red teaming. If youā€™re ready to challenge yourself and step into adversary simulation, this is the course to take.

      Whether you’re targeting OSCE3 or just want to deepen your evasion and post-exploitation skills, OSEP is worth every hour you put into it.

      If you’re prepping for OSEP or have questions about the course, feel free to reach out or drop a comment below. Hack the planet šŸŒšŸš€!

      Related Posts

      Leave a Reply

      Your email address will not be published. Required fields are marked *