Photo by Clarene Lalata on Unsplash
Week One - Phishy Phishy
I can tell you that Offsec teaches everything you need for a real-world penetration testing engagement
I have finished the course's first module, which is so far enjoyable and engaging. Although I have only followed the instructions they taught in the videos/text modules, this course was pretty fascinating.
When I was halfway through the materials for the first module, I learned that the critical phase in real-world hacking is getting "Initial Access". I may sound like a newbie when I say I realized this now. But the thing is, we all have been practising in online learning platforms like HackTheBox and TryHackMe, where we are expected to exploit a vulnerable service and gain the shell in the target machine.
But in reality, we have to admit that no corporate services are exposed to the public; we cannot wait for them to reveal a vulnerable application to the Internet. We have to think about other ways of getting the shell, which OSEP has covered very nicely, IMHO.
TLDR;
Offsec teaches you the various methods you can use to gain a reverse shell using Microsoft Office products and Powershell in-memory attacks. For someone like me with no background in VisualBasic, it was understandable, and even I created my own payload after researching and understanding the techniques.
I cannot reveal much about the course details. You can find them in the syllabus mentioned by Offsec on their website.