Advanced macOS Control Bypasses (EXP-312) is our first macOS security course. It’s an offensive logical exploit development course for macOS, focusing on local privilege escalation and bypassing the operating system’s defenses. EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems. Learners who complete the course and pass the exam earn the OffSec macOS Researcher (OSMR) certification.

Syllabus

  • Introduction to macOS internals
  • Debugging, Tracing   Hopper
  • Shellcoding in macOS
  • Dylib Injection
  • Mach and Mach injection
  • Hooking
  • XPC exploitation
  • Sandbox escape
  • Attacking privacy (TCC)
  • Symlink attacks
  • Kernel code execution
  • macOS Pentesting

EXP-312: Advanced macOS Control Bypasses

ادامه مطلب

Windows User Mode Exploit Development (EXP-301) is a course that teaches learners the basics of modern exploit development. Despite being a fundamental course, it is at the 300 level because it relies on substantial knowledge of assembly and low level programming. It begins with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises. Learners who complete the course and pass the exam earn the OffSec Exploit Developer (OSED) certification. The OSED is one of three certifications making up the OSCE³ certification along with the OSEP for advanced penetration testing and OSWE for web application security.

Syllabus

  • WinDbg tutorial
  • Stack buffer overflows
  • Exploiting SEH overflows
  • Intro to IDA Pro
  • Overcoming space restrictions: Egghunters
  • Shellcode from scratch
  • Reverse-engineering bugs
  • Stack overflows and DEP/ASLR bypass
  • Format string specifier attacks
  • Custom ROP chains and ROP payload decoders

EXP-301: Windows User Mode Exploit Development

ادامه مطلب

Advanced Web Attacks and exploitation (WEB-300) is an advanced web application security course that teaches the skills needed to conduct white box web app penetration tests. Learners who complete the course and pass the exam earn the OffSec Web Expert (OSWE) certification and will demonstrate mastery in exploiting front-facing web apps. The OSWE is one of three certifications making up the OSCE³ certification along with the OSEP for advanced pentesting and OSED for exploit development.

Syllabus

  • JavaScript Prototype Pollution
  • Advanced Server-Side Request Forgery (SSRF)
  • Web security tools and methodologies
  • Source code analysis
  • Persistent cross-site scripting
  • Session hijacking
  • .NET deserialization
  • Remote code execution
  • Blind SQL injection
  • Data exfiltration
  • Bypassing file upload restrictions and file extension filters
  • PHP type juggling with loose comparisons
  • PostgreSQL Extension and User Defined Functions
  • Bypassing REGEX restrictions
  • Magic hashes
  • Bypassing character restrictions
  • UDF reverse shells
  • PostgreSQL large objects
  • DOM-based cross site scripting (black box)
  • Server-side template injection
  • Weak random token generation
  • XML external entity injection
  • RCE via database functions
  • OS command injection via WebSockets (black box)

WEB-300: Advanced Web Attacks and Exploitation

ادامه مطلب

Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200). Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification and will demonstrate their ability to leverage web exploitation techniques on modern applications. This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners that complete the course will obtain a wide variety of skill sets and competencies for web app assessments.

Syllabus

  • Tools for the Web Assessor
  • Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study
  • Cross-Site Request Forgery (CSRF)
  • Exploiting CORS Misconfigurations
  • Database Enumeration
  • SQL Injection (SQLi)
  • Directory Traversal
  • XML External Entity (XXE) Processing
  • Server-Side Template Injection (SSTI)
  • Server-Side Request Forgery (SSRF)
  • Command Injection
  • Insecure Direct Object Referencing
  • Assembling the Pieces: Web Application Assessment Breakdown

WEB-200: Foundational Web Application Assessments with Kali Linux

ادامه مطلب

Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. Learners who complete the course and pass the exam will earn the OffSec Experienced Pentester (OSEP) certification. This course builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching learners to perform advanced penetration tests against mature organizations with an established security function and focuses on bypassing security mechanisms that are designed to block attacks. The OSEP is one of three certifications making up the OSCE certification along with the OSWE for advanced web attacks and OSED for exploit development.

Syllabus

  • Operating System and Programming Theory
  • Client Side Code Execution With Office
  • Client Side Code Execution With Jscript
  • Process Injection and Migration
  • Introduction to Antivirus Evasion
  • Advanced Antivirus Evasion
  • Application Whitelisting
  • Bypassing Network Filters
  • Linux Post-Exploitation
  • Kiosk Breakouts
  • Windows Credentials
  • Windows Lateral Movement
  • Linux Lateral Movement
  • Microsoft SQL Attacks
  • Active Directory Exploitation
  • Combining the Pieces
  • Trying Harder: The Labs

PEN-300: Advanced Evasion Techniques and Breaching Defenses

ادامه مطلب

Wireless Attacks (PEN-210) introduces learners to the skills needed to audit and secure wireless devices and is a foundational course alongside PEN-200 and benefits those who would like to gain more skills in network security. Learners will identify vulnerabilities in 802.11 networks and execute organized techniques and those who complete the course and pass the exam will earn the OffSec Wireless Professional (OSWP) certification.

Syllabus

  • IEEE 802.11
  • Wireless Networks
  • Wi-Fi Encryption
  • Linux Wireless Tools, Drivers, and Stacks
  • Wireshark Essentials
  • Frames and Network Interaction
  • Aircrack-ng Essentials
  • Cracking Authentication Hashes
  • Attacking WPS Networks
  • Rogue Access Points
  • Attacking WPA Enterprise
  • Attacking Captive Portals
  • bettercap Essentials
  • Kismet Essentials
  • Determining Chipsets and Drivers
  • Manual Network Connections
ادامه مطلب