PEN-300 / OSEP review

This year I decided to start a new study, the PEN-300 course of Offensive Security. In 2012 I did the OSCP course and in 2013 OSCE. In 2016 I took the OSEE class in Vegas, unfortunately never took the exam (one of my biggest mistakes ever🥴). I liked all the courses very much at that time, because it’s very practical and due to the “try harder” mentality. If you don’t try harder, you won’t pass the exam.

In 2022 I decided to take the PEN-300 course, because I felt like I really wanted to start learning stuff again by following a course. PEN-300 is the sequal of PEN-200 (OSCP). Its more about breaking systems that are hardened / secured. It was a little bit tricky, because my little one was just born. So I wasn’t sure I could spend enough time which is a really important factor in the offensive security courses. Anyway I just decided to try it. Then I can’t regret I never tried.

Are you in doubt whether to take the course or not? Hopefully this blogs help you decide by sharing my experience.

Theory

In my experience OSEP is a little bit different then a course like OSCP. In my OSCP course I dived into the labs pretty quickly to hack all the machines. I felt like I knew most of the theory in the books. In OSEP this is different. It’s important to go through the books and video’s that Offensive Security offers you. There are a total of 18 chapters. The Syllabus is available here.

Going through all the theory is quite a challenge. Its just a lot material to work through. Next to reading the book and viewing the video’s, you will also need to perform exercises to get practical experience with the stuff you learn. Like mentioned, its a lot material and takes time – but that doesn’t matter because you are learning cool new stuff – which motivates to continue.

Challenges

This was one of my happy moments. Finally, starting the challenges. I just wanted to hack stuff with the new things I learned. There are in total six challenges available. The difficulty of the challenges vary. During the challenges you will need to collect flags that are spread over the machines in the challenges.

The cool thing about the challenges in OSEP is that the labs are complete realistic networks. Everything is chained together and usually there is an active directory service within it. It requires you to exploit the systems / network step-by-step to reach all the proofs.

The first challenge were pretty easy. However, 4, 5 and 6 were more complex (also more machines) and took me quite some time. I kept on going with the challenges because I wanted to complete them 100% before attempting a exam.

Exam

The exam was so cool. I seriously loved it. At the start of the exam your objective is revealed. You will have to reach the objective in order to pass the exam. Another option is to compromise enough machines to get the required amount of points.

There are two different paths available that lead to your end goal. You can decide which path you will take. You will have to go through the paths step-by-step. Sometimes you will compromise a machine and obtain limited access. In that case you still have to do a privilege escalation to get higher privileges. In other cases, its possible to completely compromise a system remotely.

I needed two attempts to pass the exam. The first attempt I got 6 flags. My biggest challenge was ‘finding the right path to go’. Sometimes I though this is the way to go: however, my exploitation attempts were failing all the time. That’s when I started to doubt whether I was going to right direction. Which was costing me a lot of time. I learned that usually the answer is yes, you are on the right direction. Take a break every now and then, get enough sleep and try to think different (which is hard when your tired). And try harder..

Conclusion

Is it worth it? YES! I’ve been a penetration tester for about 10 years now but there were still so many things to learn. There is always stuff you don’t know or can improve on. Also important: I just really enjoyed learning this way again. My goal is to do the OSWE course as my next course, next year at the latest. Now I’m going to enjoy my spare time for a while ;-).

Tip: use the learn one subscription of offsec. Its a little bit more expensive but you get more time on finishing your course. At least thats working for me.