Posted on 16 Mar 2023 by Ray Heffer
I’m constantly seeking new opportunities to enhance my expertise and broaden my understanding in the field of cyber. In 2021, I successfully completed the Certified Ethical Hacker (CEH) exam offered by EC-Council, followed by the CISSP last year—both of which showcased diverse aspects of cybersecurity. In my day-to-day work, I collaborate with both security engineering teams and CISOs, as I hop from one meeting to the next, which requires me to transition between technical and strategic discussions. This skill has proven to be incredibly valuable in my career.
As someone who has always been deeply immersed in the technical aspects of cybersecurity, I find it essential to maintain and nurture that passion, even as I continue to evolve in my career. Participating in Capture The Flag (CTF) challenges during my evenings allows me to stay up to date with my hands-on skills. This is why I find the Offensive Security Certified Professional (OSCP) exam so appealing. OffSec has revamped the PEN-200 exam to better align with the modern world of cybersecurity. They’ve introduced Learning Units, Learning Objectives, Module Exercises, and Capstone Exercises, and the course has also undergone significant restructuring, with some modules removed
The decision to remove Buffer Overflows from the PEN-200 course material and exam reflects a shift in focus towards more modern and prevalent attack vectors in today’s cybersecurity landscape. While Buffer Overflows are still relevant in certain scenarios, their importance has been diminishing as new technologies, architectures, and security measures emerge. I was actually enjoying the BoF labs, but oh well!
By removing Buffer Overflows from the course content, OffSec seems to have made room for other topics, such as Web Application Attacks, Privilege Escalation, and Active Directory exploitation. This change aims to provide students with a more well-rounded and up-to-date understanding of real-world cybersecurity challenges.
However, it’s important to note that the removal of Buffer Overflows from the course material does not mean that I should ignore this type of vulnerability altogether. I still need to maintain a solid understanding of Buffer Overflow concepts, as they can still be encountered in specific situations.
With the updated syllabus, I’ll need to adjust my study plan to account for the new content. I intend to focus on the areas that have undergone significant expansion, such as:
If you are embarking on the PEN-200 journey, make sure to download and review the free PEN-200 introductory module provided by OffSec. This will help you understand the new learning approach and set the foundation for my studies.
The updated PEN-200 exam also features a new lab architecture, which provides each student with their own environment. This setup consists of Challenge Labs, where learners can work through specific penetration testing problems at increasing levels of difficulty. I plan to tackle these labs sequentially, ensuring that I thoroughly understand each concept before moving on to the next challenge.
As for the exam itself, the most notable changes are the removal of the Buffer Overflow machine and the updated bonus points criteria. Since Buffer Overflows are no longer part of the course material, they will not be included in the exam. To qualify for bonus points, I’ll need to complete 80% of the 2023 Module exercises and submit
proof.txt for at least 30 PEN-200 (2023) Lab Machines. This requirement may include machines from both the 2022 and 2023 lab environments.
To ensure success, I’ll be adjusting my study plan to account for these changes. This means allocating more time to the areas that have seen significant updates, such as:
For those preparing to embark on the PEN-200 journey, make sure to download and review the free PEN-200 introductory module provided by Offensive Security. This resource will help you understand the new learning approach and lay the foundation for your studies.
Comments are closed for this post.