OSEP — Evasion Techniques & Breaching Defenses (PEN-300)

Section 01

01. At a Glance

About the course

OSEP is the natural step after OSCP for aspiring red-team operators. Process injection, custom shellcode, EDR bypass, advanced AD exploitation — Macksofy's bootcamp uses real CrowdStrike, SentinelOne and Defender environments.

Section 02

02. Who Is This Course For

• OSCP holders moving into red team
• Senior penetration testers
• Adversary emulation engineers

Prerequisites

• OSCP or equivalent practical experience
• C# / PowerShell scripting comfort

Section 03

03. What You Will Be Able To Do

• Build custom payloads that bypass commercial EDRs
• Execute process injection, hollowing and reflective DLL loading
• Run advanced Active Directory attack chains (RBCD, Shadow Credentials)
• Pass the 48-hour OSEP exam

Section 04

04. Curriculum — 18 Modules

Module structure and topic coverage authored by Macksofy Technologies based on the publicly-published vendor syllabus, current as of the issue date of this brochure. Vendor reserves the right to revise content; Macksofy keeps cohort material aligned to the latest release.

1. Module 01

   Module 01 · Operating System and Programming Theory

   3 topics
   • Windows API & PE format internals
   • x64 calling conventions
   • Writing tooling in C# and PowerShell
2. Module 02

   Module 02 · Client-Side Code Execution with Office

   3 topics
   • VBA macro payloads
   • DDE attacks
   • Excel 4.0 macros (XLM)
3. Module 03

   Module 03 · Client-Side Code Execution with Windows Script Host

   3 topics
   • JScript / VBScript payloads
   • HTA & WSF payload delivery
   • ScriptControl abuse
4. Module 04

   Module 04 · Process Injection and Migration

   4 topics
   • CreateRemoteThread + LoadLibrary
   • Reflective DLL loading
   • Process hollowing
   • Thread-local-storage callbacks
5. Module 05

   Module 05 · Introduction to Antivirus Evasion

   3 topics
   • Static signature analysis
   • PE structure modification
   • Custom packers
6. Module 06

   Module 06 · Advanced Antivirus Evasion

   3 topics
   • Dynamic / behavioural evasion
   • AMSI bypass techniques
   • ETW patching
7. Module 07

   Module 07 · Application Whitelisting Bypass

   3 topics
   • AppLocker bypass paths
   • WDAC bypass
   • Living-off-the-land binaries (LOLBINs)
8. Module 08

   Module 08 · Bypassing Network Filters

   3 topics
   • Domain fronting concepts
   • Proxy / outbound NTLM authentication
   • DNS tunneling
9. Module 09

   Module 09 · Linux Post-Exploitation

   3 topics
   • Persistence on Linux endpoints
   • Loadable kernel module abuse (concept)
   • Pivoting from Linux
10. Module 10

    Module 10 · Kiosk Breakouts

    3 topics
    • Restricted desktop escapes
    • Citrix / RDP breakouts
    • Group-Policy enforcement bypass
11. Module 11

    Module 11 · Windows Credentials

    4 topics
    • LSASS dumping techniques
    • DPAPI secrets
    • Credential Guard considerations
    • Mimikatz advanced workflows
12. Module 12

    Module 12 · Windows Lateral Movement

    4 topics
    • Pass-the-hash / pass-the-ticket
    • Overpass-the-hash
    • Token impersonation
    • WMI, WinRM, PsExec, DCOM
13. Module 13

    Module 13 · Linux Lateral Movement

    3 topics
    • SSH agent forwarding abuse
    • Trust relationships on Linux
    • Pivoting via misconfigured services
14. Module 14

    Module 14 · Microsoft SQL Attacks

    4 topics
    • xp_cmdshell exploitation
    • Linked-server attacks
    • Trustworthy database abuse
    • MSSQL Kerberos attacks
15. Module 15

    Module 15 · Active Directory Exploitation

    4 topics
    • Kerberos delegation — unconstrained, constrained, RBCD
    • Shadow Credentials (msDS-KeyCredentialLink)
    • ADCS attacks (ESC1-ESC11)
    • Forest & domain trust attacks
16. Module 16

    Module 16 · Combining the Pieces (capstone)

    3 topics
    • End-to-end goal-based engagement
    • EDR-bypass case studies
    • MITRE ATT&CK mapping of TTPs
17. Module 17

    Macksofy bootcamp · EDR-bypass lab (CrowdStrike + SentinelOne + Defender)

    3 topics
    • Live bypass walkthroughs
    • Custom payloads in real EDR environments
    • Detection-engineering handoff
18. Module 18

    Macksofy bootcamp · 48-hour mock exam + report rubric

    3 topics
    • Two mock exams with mentor review
    • Time-allocation playbook
    • Professional report deliverable

Section 05

05. Tools You Will Operate

Section 06

06. Career Outcomes

Section 07

07. Placement Support

Macksofy's placement desk works directly with 80+ hiring partners across India and the UAE. Resume coaching, mock interviews and direct intros included.

• 1:1 resume + LinkedIn rewrite with our hiring desk
• Mock interviews with active practitioners
• Direct intros to BFSI, fintech and Big-4 partners
• UAE placement support (Dubai, Abu Dhabi)

Section 08

08. Why Macksofy

• Vendor-true delivery — Macksofy is a hands-on cybersecurity training provider delivering practitioner-led bootcamps with exam-prep support.
• Practitioner-led delivery — every Macksofy instructor is a working OSCP / OSWE / OSEP / CISA-certified consultant on real client engagements during the week.
• Mentor support until you pass — extended access to mentor office hours and exam-day prep at no additional cost.
• Placement desk — Macksofy works with 80+ hiring partners across India and the UAE; your post-course resume, portfolio review and mock interviews are included.
• Indian classroom + online cohorts — onsite delivery in Mumbai BKC and Hyderabad HITEC City; live virtual cohorts pan-India with recordings.

Section 09

09. How to Enrol

1. Submit the enquiry form at macksofy.com/contact or call +91 99308 24239.
2. A Macksofy advisor will respond within 4 business hours with the next batch dates, payment terms and invoice.
3. Confirm enrolment via NEFT / RTGS / corporate card. EMI options available for select courses.
4. Receive welcome kit, lab credentials and the cohort calendar within 24 hours of confirmation.