Limited time · 90% off Premium Membership - claim $199 deal →
For Teams For Libraries Sign in
EN
Start unlimited
Catalog Courses Books Assets Newsletter Merch About Contact Blogs
Cart Sign in Start unlimited
Catalog / All levels / OffSec Experienced Pentester Certification (OSEP) with 10 Practice Exams
Mammoth Club All levels 27 sections 84 lectures

OffSec Experienced Pentester Certification (OSEP) with 10 Practice Exams

Finding vulnerabilities is one thing. But what happens when you face a hardened network with modern defenses, custom applications, and vigilant defenders? That's where true tradecraft begins.

Created by Alex Kropf
01
Skill level
All levels
02
Sections
27
03
Lectures
84
04
Instructor
Alex Kropf
What's inside

This course includes.

27
Sections
84
Lectures
10
Quizzes
Certificate of completion
Included
Mobile and desktop access
Included
AI learning assistance
Included
Unlock all courses with our Subscription Bundle! Get unlimited access to entire course library, books and assets. Learn more and subscribe today!
Course content

Curriculum & lectures.

17 sections · 74 lectures
+ Welcome 3 lectures
What is the OffSec Experienced Pentester Certification (OSEP)? Locked
Using Exam VPNs Locked
Windows Fundamentals Locked
+ Execute Client Side Code with Microsoft Office 7 lectures
Build Droppers Locked
Phishing with VBA and PowerShell Locked
Phishing PreTexting Locked
Execute Shellcode in Microsoft Word Locked
Port Shellcode Runner to PowerShell Locked
Reflection Shellcode Runner Locked
Proxy-Aware Communication Locked
+ Execute Client Side Code with Jscript 3 lectures
Build a Jscript Dropper Locked
Shellcode Runner in C# Locked
Reflective Load Locked
+ Process Injection and Hollowing 4 lectures
Process Injection with C# Locked
DLL Injection with C# Locked
Reflective DLL Injection with PowerShell Locked
Process Hollowing with C# Locked
+ Bypass Antivirus 8 lectures
Antivirus Software Locked
Simulate Target Environment Locked
Locate File Signatures Locked
Bypass Antivirus with Metasploit Locked
Bypass Antivirus with C# Locked
Combine Sleep Timers with Non-Emulated APIs Locked
Bypass Antivirus in Microsoft Office Locked
Obfuscate VBA Locked
+ Bypass Windows Antimalware Scan Interface (AMSI) 6 lectures
Intel Architecture Fundamentals Locked
Antimalware Scan Interface (AMSI) Locked
Bypass AMSI Locked
Evade AMSI with PowerShell Locked
Microsoft Defender Locked
AMSI Bypass with JScript Locked
+ Bypass AppLocker 5 lectures
Application Whitelisting Locked
Bypass AppLocker Locked
AppLocker Bypass in PowerShell Locked
AppLocker Bypass in C# Locked
AppLocker Bypass in JScript Locked
+ Network Filter Bypass 7 lectures
Bypass DNS Filters Locked
Bypass Web Proxies Locked
Bypass Intrusion Detection and Prevention Systems Locked
Full Packet Capture Locked
Inspect HTTPS Locked
Domain Fronting Locked
DNS Tunneling with dnscat2 Locked
+ Post-Exploitation on Linux 3 lectures
Exploit Config Files Locked
Linux Antivirus Bypass Locked
Exploit Linux Shared Libraries Locked
+ Exploit Kiosk 5 lectures
Enumerate Kiosk Browser Locked
Command Execution Locked
Post-Exploitation Locked
Gain Root Terminal Access Locked
Breakout Locked
+ Exploit Windows Credentials 4 lectures
Local Credentials Locked
Access Tokens Locked
Kerberos Authentication Locked
Offline Processing Locked
+ Move Laterally in Windows 2 lectures
Remote Desktop Protocol Locked
Fileless Lateral Movement with C# Locked
+ Move Laterally in Linux 4 lectures
Hijack Secure Shell (SSH) Locked
Ansible Locked
Artifactory Locked
Kerberos on Linux Locked
+ Exploit Microsoft SQL 3 lectures
Exploit SQL in Active Directory Locked
SQL Privilege Escalation Locked
Linked SQL Servers Locked
+ Exploit Active Directory 6 lectures
Exploit Active Directory Object Security Locked
Unconstrained vs Constrained Kerberos Delegation Locked
Active Directory Forest Enumeration Locked
Own Active Directory Forest Locked
Enumerate Between and Beyond Locked
Linked SQL Servers in Active Directory Locked
+ Attack Workflow: From Enumeration to Domain 3 lectures
Start Enumeration and Post Exploitation Locked
Privilege Escalation Locked
Access the Domain Locked
+ Challenge Your 10 FREE Practice Exams 1 lecture
Where to Find Your Exams Locked
Description

About this course.

This advanced course teaches you to think like a persistent adversary by mastering the art of defense evasion, custom payload creation, and lateral movement in highly secured corporate environments.


✅ Master techniques to bypass antivirus (AV) and application whitelisting solutions like AppLocker.

✅ Learn advanced lateral movement and credential abuse techniques to navigate fully patched networks.

✅ Develop custom tooling and modify public exploits to succeed where off-the-shelf tools fail.

✅ Explore sophisticated client-side attacks, process injection methods, and stealthy command-and-control tactics.


If you're ready to move beyond the "Try Harder" mindset into the realm of "Think Smarter," this course bridges the gap between traditional pentesting and advanced adversary simulation.


🎁 Includes 10 free exams. Refine your tradecraft. Execute with stealth.


If you're ready to stop being stopped by modern defenses and think like a true adversary—this is your operator's manual.

Instructors

Taught by people who ship.

Alex Kropf

Alex Kropf

Mammoth Club's CLO, public speaker, consultant, IT author and Senior Software Developer. Alex has produced best-selling courses, books and workshops for Mammoth Club, Course Pro and our clients since 2016.

Ready to start building?

Finding vulnerabilities is one thing. But what happens when you face a hardened network with modern defenses, custom applications, and vigilant defenders? That's where true tradecraft begins.

Buy lifetime access →