Karol Mazurek
4 min readJul 30, 2022

Article about — how to prepare for the PEN-300 course and OSEP exam.

Source: https://www.offensive-security.com/pen300-osep/


This article is a short guide on preparation for the PEN-300 course and the OSEP exam. There are links to blogs, tools, other courses, exercises, and all kinds of sources I used for my preparations.


Before starting the PEN-300 course, I encourage you to take the PEN-200.

Source: https://www.offensive-security.com/pwk-oscp/

On the PEN-200, the machines were unrelated to each other. The study and exam were based on exploiting a single host, while on PEN-300, everything is connected. The course teaches how to control the corporate environment, not just a single host.

Therefore you need to know what the whole environment penetration test looks like. It is also worth adding that during the OSEP exam, you can use Metasploit at will. The article below describes how to perform a full enterprise infrastructure penetration test based on the Metasploit tool.

The course is about attacking the Active Directory, but it assumes that you know the basics. The HTB Academy release a great module to learn the basics of Active Directory:

Source: https://academy.hackthebox.com/module/details/74

Conda releases an outstanding but, unfortunately, short playlist about Active Directory. It is worth watching it:

There will be a lot of tunneling during the course, so it is worth getting familiarized with the topic. In my opinion, my article and…