My OSEP journey

As of 2021-06-16, I am officialy OSEP (Offensive Security Experienced Penetration Tester) certified. The email came as a bit of a surprise, especially since it arrived about 26 hours after I submitted my exam report.

Just like with my OSCP (Offensive Security Certified Professional) results email, I kept reading and re-reading it to make sure I’m not missing something, or that I didn’t imagine receiving it. As the day went on, it finally sunk in that I had completed the course successfully.

I stand to be corrected, but as far as I am aware, I am the first person in South Africa to obtain this certification. If anyone reading this knows otherwise, please let me know.

What is OSEP

Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. It builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching students to perform advanced penetration tests against mature organizations with an established security function.

What I took away from the course

Being a developer for most of my life, I was looking forward to the software development aspects of the course. I looked through the syllabis of the course when I had signed up, so had a good idea of what type of skills I’ll learn during the exam. I was looking forward to learning more about the Antivirus Evasion sections. I had dabbled in it a little before, but never really focused on it.

I hit the course videos and notes hard from the very first day I was given access to the lab machines and the course material. This arrived at 02:00 the morning and later in the day I took my course notes to a local printing shop, and to print out the notes. I prefer having notes in hard copy while I’m going through the videos.

From there I just put down my head and worked through the course material, and enjoyed the skills it was teaching.


The course content is laid out nicely. A chapter will start out explaining the basics and theory of a subject, and by the time you are at the end of the chapter you’ve covered a significant amount of work.

There are plenty of exercises to test what is being taught, as well as extra-miles exercises. To complete these you need to go and research a bit further to be able to complete them. It’s worthwhile doing these as it forces you to research the concept of that chapter or section.

For some reason, I was able to get through the course notes very quickly. In the first three weeks of my lab time, I was able to complete everything.

The LAB and challenges

There are 6 challenges that you are given access to, each with a number of computers that you need to compromise using the skills that you are taught. I saved it until I was done with all the course material, so that I could focus on just the challenges. This was the thing I was looking forward to the most.

It took me about a week and a half to get through all six challenges. This gave me plenty of time to run through all of them again, and allow me to make better notes for the exam.

Extra learning

I didn’t do any extra learning outside of the course material and lab challenges. What I did that helped me a lot was helping others that were asking for assistance in the labs. I spent quite a bit of time giving hints and assisting people that were stuck at various stages. This helped cement the skills that I had learned even further, because I needed to give it proper some thought in order to assist someone else.


I scheduled my exam to take place, even though I would still have two weeks of lab time left. I felt I was prepared and that I didn’t want too much time to go past after doing all the challenges.

EXAM day

The day had come, and unfortunately for me our country was experiencing some of the worst load shedding (electricity sharing) in recent times. This basically means that for a few hours a day, we would have no electricity. Out of the 48 hours I had to complete my exam, about 16 hours were lost due to load shedding.

Even with that, I had a plan in my head, and I stuck to it. After gaining the initial foothold, I enumerated as much as I could to get a clear understanding of what the network had to offer in terms of domains, groups, users, etc. It took a number of hours just to do this.

As I had a good idea of what was on the network, and determined some steps of the attack in advance, the steps came easily after struggling with the second step for quite some time.

I got to the main objective within about 12 hours of the exam starting. I carried on to make sure that I also obtained enough points just to make sure I had covered the exam from both angles.

This gave me plenty of time, and I was able to write my report while still having access to the exam lab in case I had missed a screenshot, or forgot to document a step. However, as I was being quite pedantic on taking notes and screenshots right from the start, I did not need this.


You are given more than enough time in my opinion to successfully complete this.

All I can say about this is if you’re going to do all the exercises, and you do all the challenges and understand what is being taught, you will be absolutely fine in the exam. Make sure you don’t forget what you learned in OSCP, because even during the lab challenges I kept forgetting about the basics.

What’s next?

I’m already enrolled to do the Offensive Security Web Expert (OSWE) course, and thereafter Offensive Security Exploit Developer (OSED).

Written on June 22, 2021