CISOOnline

13 in-demand IT security certifications for higher pay

OffSec Experienced Penetration Tester (OSEP)

The OffSec Experienced Penetration Tester is ideal for penetration testers and ethical hackers who need more advanced techniques to sharpen offensive skills against modern enterprise defenses. Across more than 20 modules, the certification introduces these professionals to advanced offensive techniques, EDR and AV evasion, advanced Windows offensive security and more. During the two-day proctored exam, professionals must connect to a lab environment via a VPN and compromise multiple machines within a network through several possible attack paths. To pass, professionals must achieve the objective stated within the control panel or score at least 100 points — 10 points are awarded for every flag found in a local.txt or proof.txt file. Professionals who earn their OSEP can also obtain their OSCE³ Certification to demonstrate their mastery of offensive security. They would also need to pass the exams for WEB-300: Advanced Web Attacks and Exploitation and EXP-301: Windows User Mode Exploit Development, after which the OSCE³ is automatically awarded.

While there are no formal prerequisites for OSEP, OffSec recommends candidates take the PEN-200: Penetration Testing with Kali Linux or have a strong foundation in operating systems, networking, and scripting. 

Training and exam fees: OffSec bundles the course and exam for $1,749, and as a yearly subscription that includes access to one 200 or 300-level course, the associated labs, and two exam attempts for $2,749 annually.

OffSec Exploitation Expert (OSEE)

OffSec’s Offensive Security Exploitation Expert is a vendor-specific certification, focusing on advanced Windows exploitation, with OffSec deeming it its most challenging certification. As a penetration testing course, the material dives deep into topics such as advanced heap manipulations and disarming WDEG mitigations. Certificate holders can identify problematic code in Windows operating systems and develop exploits. For the practical exam, candidates must complete a comprehensive penetration test of software and create an exploit within a lab environment — all within 72 hours. To qualify, you must have experience debugging, developing Windows exploits, and using the following technologies: WinDBG, x86_64, IDA Pro, and basic C/C++ programming. OffSec recommends completing its 300-level certifications before OSEE.

Training and exam fees: OffSec offers only instructor-led, in-person training. Enterprises should inquire for more information.



Source link