Course - OSEP Pen-300 Videos

The Advanced Evasion Techniques and Breaching Defenses course (PEN-300) dives deep into advanced offensive security techniques designed to bypass the toughest defensive mechanisms. The course provides you with the knowledge and tools to circumvent high-end security measures, antivirus software, whitelisting, and more. This is perfect for those looking to enhance their penetration testing and red team skills by learning advanced tactics for bypassing defenses and exploiting systems.

Course Topics Covered:

1. Operating System and Programming Theory

• Dive into operating system internals and programming fundamentals to understand how security systems interact with the underlying OS, equipping you to craft more effective evasion strategies.

2. Client-Side Code Execution with Office

• Learn to exploit vulnerabilities in Microsoft Office applications, such as macros and scripting vulnerabilities, to gain initial access through client-side code execution.

3. Client-Side Code Execution with Jscript

• Explore the JScript environment and how to leverage client-side scripting vulnerabilities in browsers or other applications to gain unauthorized access.

4. Process Injection and Migration

• Understand the intricacies of process injection and how to migrate your attack payload to different processes in order to evade detection by security mechanisms.

5. Introduction to Antivirus Evasion

• Get an overview of the antivirus detection mechanisms, and learn the foundational principles behind avoiding detection by antivirus systems when carrying out an attack.

6. Advanced Antivirus Evasion

• Master more sophisticated techniques for evading antivirus software, including polymorphic techniques, code obfuscation, and using undetectable payloads to avoid signature-based detection.

7. Application Whitelisting

• Learn how to bypass application whitelisting solutions, which only allow trusted applications to run on a system, by identifying weaknesses in the whitelist and exploiting them.

8. Bypassing Network Filters

• Study advanced techniques to bypass network security filters, such as firewalls and IDS/IPS systems, ensuring your attack traffic remains undetected and successfully reaches your target.

9. Linux Post-Exploitation

• Learn how to move laterally and escalate privileges within Linux environments after initial access, covering advanced techniques for maintaining access and avoiding detection.

10. Windows Post-Exploitation

• Similar to Linux post-exploitation but focused on Windows systems, where you'll learn techniques to establish persistence, escalate privileges, and bypass security controls.

Key Takeaways:

• Gain a thorough understanding of advanced evasion tactics and breaching defenses.
• Master the use of client-side code execution, antivirus evasion, and network filtering bypassing.
• Understand Linux and Windows post-exploitation techniques to maintain access after successfully exploiting a system.
• Learn how to deal with application whitelisting and how to evade modern security solutions while performing your penetration testing or red teaming operations.

This course is designed for advanced penetration testers and red teamers looking to elevate their skills to the highest level of offensive security.