Week One - Phishy Phishy

I can tell you that Offsec teaches everything you need for a real-world penetration testing engagement

I have finished the course's first module, which is so far enjoyable and engaging. Although I have only followed the instructions they taught in the videos/text modules, this course was pretty fascinating.

When I was halfway through the materials for the first module, I learned that the critical phase in real-world hacking is getting "Initial Access". I may sound like a newbie when I say I realized this now. But the thing is, we all have been practising in online learning platforms like HackTheBox and TryHackMe, where we are expected to exploit a vulnerable service and gain the shell in the target machine.

But in reality, we have to admit that no corporate services are exposed to the public; we cannot wait for them to reveal a vulnerable application to the Internet. We have to think about other ways of getting the shell, which OSEP has covered very nicely, IMHO.


Offsec teaches you the various methods you can use to gain a reverse shell using Microsoft Office products and Powershell in-memory attacks. For someone like me with no background in VisualBasic, it was understandable, and even I created my own payload after researching and understanding the techniques.

I cannot reveal much about the course details. You can find them in the syllabus mentioned by Offsec on their website.