OffSec PEN-200 (OSCP)

Provided by

Enquire about this course

Overview

PEN-200: Penetration Testing with Kali Linux OSCP Certification

The industry-leading Penetration Testing with Kali Linux (PWK/PEN-200) v3 course introduces penetration testing methodologies, tools, and techniques in a hands-on, self-paced environment. Access PEN-200;s first Learning Module for an overview of course structure, learning approach, and what the course covers.

Learners will be given a 12 month OffSec LearnOne (PEN-200) subscription (worth £1,800) to support them pre and post class. Learners who complete the course and pass the exam will earn the OffSec Certified Professional (OSCP) certification which requires holders to successfully attack and penetrate various live machines in a safe lab environment. The OSCP is considered to be more technical than other ethical hacking certifications and is one of the few that requires evidence of practical penetration testing skills.

Benefits
  • Increase OSCP preparedness with OffSec Academy, expert instructor-led streaming sessions
  • Access to recently retired OSCP exam machines
  • Introduction to the latest hacking tools and techniques
  • Training from the experts behind Kali Linux
  • Learn the "Try Harder" method and mindset
About the Exam
  • The PEN-200 course exam (x2 attempts) is included in your course, and the online lab prepares you for the OSCP penetration testing certification
  • 24-hour exam
  • Proctored
  • Learn more about the exam
Prerequisites

All learners are required to have:
  • Solid understanding of TCP/IP networking
  • Reasonable Windows and Linux administration experience
  • Familiarity with basic Bash and/or Python scripting
Who is this course for.
  • Infosec professionals transitioning into penetration testing
  • Pen testers seeking one of the best pentesting certifications
  • Those interested in pursuing a penetration tester career path
  • Security professionals
  • Network administrators
  • Other technology professionals
New to Penetration Testing? Set yourself up for success by subscribing to Learn Fundamentals . Adopt basic cybersecurity-adjacent concepts, cultivate the mindset necessary for a successful cybersecurity career, and provide the prerequisites for OffSec;s advanced courses. Subscribe today!
Bring Your Own Device

Learners must bring their own laptop to take part in this class.

Minimum hardware specification:
  • CPU: 64-bit Dual Core (2.2 GHz per core)
  • RAM: 8 GB (Recommended)
  • Display resolution: 1024×768
  • HDD: Minimum 20GB available space
Minimum software requirements:
  • Operating system: Windows 8.1 x64 / OSX Yosemite / MacOS/Kali 2017.x/ Debian 9.3/Ubuntu 17.10*
  • Virtualization Software: VMware Player (Latest version), VMware Workstation 8.0, VMware Fusion 7.0
Outline

Module 1 - Penetration Testing with Kali Linux : General Course Introduction

Welcome to PWK
  • Take inventory over what;s included in the course
  • Set up an Attacking Kali VM
  • Connect to and interact over the PWK VPN
  • Understand how to complete Module Exercises
Module 2 - Introduction to Cybersecurity

The Practice of Cybersecurity
  • Recognize the challenges unique to information security
  • Understand how 'offensive' and 'defensive' security reflect each other
  • Begin to build a mental model of useful mindsets applicable to information security
Threats and Threat Actors
  • Understand how attackers and defenders learn from each other
  • Understand the differences between risks, threats, vulnerabilities, and exploits
  • List and describe different classes of threat actor
  • Recognize some recent cybersecurity attacks
The CIA Triad
  • Understand why it's important to protect the confidentiality of information
  • Learn why it's important to protect the integrity of information
  • Explore why it's important to protect the availability of information
Security Principles, Controls, and Strategies
  • Understand the importance of multiple layers of defense in a security strategy
  • Describe threat intelligence and its applications in an organization
  • Learn why access and user privileges should be restricted as much as possible
  • Understand why security should not depend on secrecy
  • Identify policies that can mitigate threats to an organization
  • Determine which controls an organization can use to mitigate cybersecurity threats
Cybersecurity Laws, Regulations, Standards, and Frameworks
  • Gain a broad understanding of various legal and regulatory issues surrounding cybersecurity
  • Understand different frameworks and standards that help organizations orient their cybersecurity activities
Career Opportunities in Cybersecurity
  • Identify career opportunities in cybersecurity
Module 3 - Effective Learning Strategies

Learning Theory
  • Understand the general state of our understanding about education and education theory
  • Understand the basics of memory mechanisms and dual encoding
  • Recognize some of the problems faced by learners, including 'The Curve of Forgetting' and cognitive load
Unique Challenges to Learning Technical Skills
  • Recognize the differences and advantages of digital learning materials
  • Understand the challenge of preparing for unknown scenarios
  • Understand the potential challenges of remote or asynchronous learning
OffSec Methodology
  • Understand what is meant by a Demonstrative Methodology
  • Understand the challenge of preparing for unknown scenarios
  • Understand the potential challenges of remote or asynchronous learning
Case Study: chmod -x chmod
  • Review a sample of learning material about the executable permission, expand beyond the initial information set, and work through a problem
  • Understand how OffSec's approach to teaching is reflected in the sample material
Tactics and Common Methods
  • Learn about Retrieval Practice
  • Understand Spaced Practice
  • Explore the SQ3R and PQ4R Method
  • Examine the Feynman Technique
  • Understand the Leitner System
Advice and Suggestions on Exams
  • Develop strategies for dealing with exam-related stress
  • Recognize when you might be ready to take the exam
  • Understand a practical approach to exams
Practical Steps
  • Create a long term strategy
  • Understand how to use a time allotment strategy
  • Learn how and when to narrow your focus
  • Understand the importance of a group of co-learners and finding a community
  • Explore how best to pay attention and capitalize on our own successful learning strategies
Module 4 - Report Writing for Penetration Testers

Understanding Note-Taking
  • Review the deliverables for penetration testing engagements
  • Understand the importance of note portability
  • Identify the general structure of pentesting documentation
  • Choose the right note-taking tool
  • Understand the importance of taking screenshots
  • Use tools to take screenshots
Writing Effective Technical Penetration Testing Reports
  • Identify the purpose of a technical report
  • Understand how to specifically tailor content
  • Construct an Executive Summary
  • Account for specific test environment considerations
  • Create a technical summary
  • Describe technical findings and recommendations
  • Recognize when to use appendices, resources, and references
Module 5 - Information Gathering

The Penetration Testing Lifecycle
  • Understand the stages of a Penetration Test
  • Learn the role of Information Gathering inside each stage
  • Understand the differences between Active and Passive Information Gathering
Passive Information Gathering
  • Understand the two different Passive Information Gathering approaches
  • Learn about Open Source Intelligence (OSINT)
  • Understand Web Server and DNS passive information gathering
Active Information Gathering
  • Learn to perform Netcat and Nmap port Scanning
  • Conduct DNS, SMB, SMTP, and SNMP Enumeration
  • Understand Living off the Land Techniques
Module 6 - Vulnerability Scanning

Vulnerability Scanning Theory
  • Gain a basic understanding of the Vulnerability Scanning process
  • Learn about the different types of Vulnerability Scans
  • Understand the considerations of a Vulnerability Scan
Vulnerability Scanning with Nessus
  • Install Nessus
  • Understand the different Nessus Components
  • Configure and perform a vulnerability scan
  • Understand and work with the results of a vulnerability scan with Nessus
  • Provide credentials to perform an authenticated vulnerability scan
  • Gain a basic understanding of Nessus Plugins
Vulnerability Scanning with Nmap
  • Understand the basics of the Nmap Scripting Engine (NSE)
  • Perform a lightweight Vulnerability Scan with Nmap
  • Work with custom NSE scripts
Module 7 - Introduction to Web Applications

Web Application Assessment Methodology
  • Understand web application security testing requirements
  • Learn different types of methodologies of web application testing
  • Learn about the OWASP Top10 and most common web vulnerabilities
Web Application Assessment Tools
  • Perform common enumeration techniques on web applications
  • Understand Web Proxies theory
  • Learn how Burp Suite proxy works for web application testing
Web Application Enumeration
  • Learn how to debug Web Application source code
  • Understand how to enumerate and inspect Headers, Cookies, and Source Code
  • Learn how to conduct API testing methodologies
Cross-Site Scripting (XSS)
  • Understand Cross-Site Scripting vulnerability types
  • Exploit basic Cross-Site Scripting
  • Perform Privilege Escalation via Cross-Site Scripting
Module 8 - Common Web Application Attacks

Directory Traversal
  • Understand absolute and relative paths
  • Learn how to exploit directory traversal vulnerabilities
  • Use encoding for special characters
File Inclusion Vulnerabilities
  • Learn the difference between File Inclusion and Directory Traversal vulnerabilities
  • Gain an understanding of File Inclusion vulnerabilities
  • Understand how to leverage Local File Inclusion (LFI to obtain code execution
  • Explore PHP Wrapper usage
  • Learn how to perform Remote File Inclusion (RFI) attacks
  • Understand File Upload Vulnerabilities
  • Learn how to identify File Upload vulnerabilities
File Upload Vulnerabilities
  • Explore different vectors to exploit File Upload vulnerabilities
Command Injection
  • Learn about command injection in web applications
  • Use operating system commands for OS command injection
  • U

Enquire

Start date Location / delivery
No fixed date QA London International House Centre E1W, 1st Floor, International House, E1W 1UN Book now
01132207150 01132207150

Related article

The Cyber Pulse is QA's new portal to free Cyber content, including on-demand webinars, articles written by leading experts,