 How's it going everybody? My name is John Hammond, and just a moment ago I saw a new email in my inbox that said test your skills in the all-new PWK or penetration testing with Cali Linux course that offensive security offers So I was like whoa, this is awesome. This is what everyone had been asking for for always and forever So I want to check it out. I want to look through it I want to show you what I think etc in case people are interested in that So here's their email. It's all new for 2020 penetration testing with Cali Linux. Keep your skills sharp So they have pushed a significant update to PWK on today, February 11th, 2020 Complete overhaul and now has more than double the content plus 33% more labs That's awesome because there were already a ton of lab machines to begin with and now there's even more I like that a lot. I would I would be interested in taking a look at that um OSCP holders looking for new challenges. Okay, so if you already have OSCP You can find them in this course Again, like we buy the course so you can head over the website to see the trailer. That's a slick Let's check that out find out what changed and now they have active directory attacks. Okay So like LLM and R and stuff We're responder and some things that might be used for internal penetration testing I need to get smarter on that. So I think that is super duper cool and power shell empire The thing is when I read this I immediately think Well, they're just doing what e-learn security did for Uh ptp or the like professional penetration testing certification They have their ec ppt course a certified professional penetration tester and that covers Active directory attacks and power shell empire. And so when I when I see offset do that. I'm like, well What is going on because that's already very similar to what the other course did It's a different certification body, right different certifying body, but It's it makes me think maybe extensive updates to privilege escalation. That should be awesome I'm curious to see really what more they added in that buffer overflows win 32 buffer overflows So they already cover that heavily with immunity debugger and actually just doing a simple like jump esp shell code With nx and depth off so you can Get a shell and they do that with msf venom to generate that shell code, etc, etc Port e-direction and tunneling modules though, that should be really cool web app attacks It probably I think already has a good few there and new dedicated student virtual machines. Oh, that's nice I don't think we ever had that to begin with We had uh We had they were given they would give you a callie linux virtual machine But you could They didn't have a active directory domain controller to use nor a windows 10 client So I kind of wonder what they're doing with their buffer overflows now because if they're in windows 10, that's interesting Maybe that's just for the web stuff Oh, we hope you really try harder Sorry Okay FAQ entry, but what happens in our course update? Let's go check that out um We can get it from a purchase link It's okay. So we would need to upgrade lab if if you already have it in my case. What is the offset flex program? Oh, oh, that's forgetting it for a bunch of people review the syllabus. So let's look at that Let's get all the details All right, so that opened in a new web browser totally on my other computer monitor So let me drag that down for you guys Okay Wow Wow What is happening? This is the FAQ. This is the frequently asked question. So I haven't actually looked at this yet So let's see. Where did it bring me? It literally I had a link in that update Exam, there it is. What happens when a course gets updated? Seriously, you just moved me away from that again What happens when a course gets updated do past students need to repurchase the course materials So this is selfish because I'm looking at this in my Lens where I have already taken oscp and I'm sure a lot of you as audience members already have too so As offensive security courses get updated they go through price revisions. Hmm. Is it going to cost more now? Past offensive security students will always be able to upgrade their course which fills with new versions For the difference in price between the revision and the new one for this reason There's no reason to wait for a new course revision. Okay. So if I look at the new course This tab here Ooh, this is their trailer Let's see it Just click it out Why doesn't that work? Oh We had a white screen. No, that's just it's still loading Okay Let's go to Vimeo See if that link will work any better for us Much better Penetration testing with Kali Linux is a foundational course for any information security professional All new for 2020. This is our most comprehensive update ever You'll get access to all new content examples and step by step. Oh, oh, oh, this is the guy This is the guy that is doing the voiceovers for the aw e. Um, excuse me, uh away Uh aw e the advanced web attacks and exploitation course So for oswe because it's one of their most newer courses that they released Um This guy is the guy doing the voice audio and commentary for the videos that they showcase Uh, I think maddie the original guy that like put together offensive I don't i'm not too smart on this. So I might be saying things that are incorrect But maddie did the original videos for offensive security Cp oscp the original and osce for the certified expert But this new guy his voice is what is used for um aw e Or oswe Access to our updated live training labs loaded with even more real world targets This year we've added all new content including penetration testing active directory environments Discovering and developing windows and linux based buffer overflows client side attacks web application attacks av evasion and privilege escalations exploitation frameworks like metasploit and power shell empire and much more Whether you're new to penetration testing or simply want to sharpen your skills and put them to the test We'll arm you with working knowledge of the most current pen testing tools and methodologies We'll also help you develop the mindset necessary for a successful career in information security Once you've tackled the course material, you'll be ready to take on the certification exam And earn the title of offensive security certified professional The proctored hands-on exam is tough, but fair Tough but fair proves you under Yeah, stand the pen testing tools and methodologies and can leverage them along with the try harder Discipline that will set you apart in the field. Okay Employers around the world as a mark of excellence and distinction. Yeah, that's true. I guess so honestly You you probably can tell I'm not the biggest fan of the whole try harder mantra um It's a meme but Okay That was a good video. I think and the new guy that's talking is just does a really good job. So That's a cool video I guess I like offensive security because they're trying to make Right now anyway, they did like the whole overhaul of their website the whole style and theme now They're making things a little bit more flashy and bold. That's cool So what is new So, yeah active directory attacks. I saw they said power shell empire. Isn't there like isn't power shell empire like dead or dying Or do they release a new version? I don't I guess I don't know I thought This is something that I just genuinely don't know but I there was I know there was a lot of conversation like man power shell empire is kind of like old it's kind of kicking the can Because power shell I guess has a lot more visibility now for being actually discovered and caught I think c-sharp and uh covenants specter ops, uh c2 framework is a little bit more in the scene now for the cool kids Um buffer overflows. Okay. That's always there. They mentioned windows 32 and linux in that though. So i'm curious what they do for actual linux buffer overflows because I don't think they they covered that whatsoever in the last pwk bash scripting I mean I've just like that that just kind of comes with the territory But yeah, I guess it's not it was never particularly taught in the original course So new dedicated student machines and more shared lab machines. That's got to be pretty cool I wonder what those new machines are. So I only when I was taking oscp Uh when I was going through the labs, I wanted to do the lab report So I did it and I went through to get the lab report done You need to compromise 10 machines and I went through and I compromised 13 I think I just had the extra three like randomly even though I had passed 10 Um and that was fine, but I know there's like 51 or something and it was like 55 So if they're adding a third of that How many than that's that'd be cool. I wish I wish I had constant access to the lab environment Um, so I could practice and kind of take notes and know, okay, this is a known vulnerability I've seen this before in my pwk labs because there are so many of them that are so many vulnerable machines I think it's awesome exposure to things that are out there in the real world that are broken and totally totally vulnerable. So Maybe I don't know how much I would pay. Let's we should see the price. We should see how much this is now extra mile exercises They had that in oswe. So it looks like they're really trying to revamp stuff. Um Passive information gathering. I don't know what you would do to update that. I don't know what they put in there Maybe some cool social media things Buffer overflows good privilege escalation that probably has some cool stuff. I wonder if they actually mention Lynn peas or the one of the new linux privilege escalation awesome scripts. You go check that out Google lin peas lin peas You'll see it in one of ipsx videos too client-side attacks I don't know what that means because that is very vague client-side as in cross-site scripting. I mean web application attacks Meh port redirection and tunneling Did they they had that before but like super duper barely like at the end? I wonder what they do for that now because if they showcase some like ssh port forwarding and using like a socks proxy within metasploit and like What else is there auto route in metasploit? Yeah And existing machines operating system and attack vectors. Wow. Okay, so looks like there's a lot Download the syllabus. Yeah, we should check that out. We should check that out. We already have uh Oh, this is their blog post. Yeah, let's check out the blog post before we move into the syllabus overhauled Completely revised all the modules. I wonder if This might just be me being devil's advocate, but I wonder if you really did revise all of the modules probably I mean, I'm sure they're saying that with with some wood behind the arrow, but But More than doubles the amount of course content. What the course is already huge Holy cow Still a foundational course except now it's just a behemoth Okay, and that's Oh, they headed the practical tools in here. That wasn't on the other page What are you hiding offensive security? Okay bash scripting Yep Okay, I'm glad they they talk about a little bit more They say like yeah, you supposed to have some experience prior to start a course and obviously people do I think I think this uh has so much Mystique behind it. It's a very ominous certification when someone says like, oh, I have my oscp to a person that doesn't and they're like, wow whoo but um If they're like new in cyber security, then they see that oscp has one holy grail thing And there's a lot of uh ominous aura around that so You should know bash scripting before you should know how to use a linux command line before you take oscp or most people I think probably would Okay, you did buffer overflows already that I think is going to be really cool active directory attacks kerberos and anti-limit attacks but again, I don't know as much of that as I need to so I would be interested in learning that and I think of elearn security though when they do that another certifying body that already did this Even with power shell. They had a power shell section in their other certification ec ppt so I don't know. It just makes me raise an eyebrow. I mentioned that already. It's interesting gotta keep up with the times Keep up with the jones's Does it have a walkthrough? Oh, no, no, no. Oh, they do have a walk through. Okay An extra exercise is extra miles Oh power shell and power cat. I don't know what power cat is. I'm not smart. I need Oh, they cover showed in That's kind of cool I don't that's neat paste bin. I've seen before Bypassing uac. I wonder how they do that. I'd be curious if it's not just like, okay run get system and meterpreter Um, hta attacks those of the client side attacks. I talked about DDE embedding. I did that from the sans hall to hack challenge a few years ago 2017 Word macros. That's kind of cool That actually I would like that. I would like to learn a lot about that increased coverage on metasploit slick, okay Oh, really? This is interesting. What does this mean for the exam? The exam is going to stay the same Obviously the proctoring is still in place. I don't think offset is ever going to go away from that anymore The certification procedures will remain the same The pwk refresh provides more materials and machines for preparation but It doesn't change what the exam material is and they have they have a lot of different exams that can be in rotation Right, some virtual machine sets and some vulnerable networks could be manipulated and changed for whoever many students um Please note lab extension purchases no longer include an exam attempt Hmm oscp holders may choose to retake the exam. It's been more than three years from when they were last certified I don't know why you would do that though. Just like they said, there's no requirement from offset to update your certification Once you're an oscp. That's these are lifelong certifications. That's one of the benefits of offensive security Okay, just use your purchase link if you want to do that but I mean the the update would be kind of cool, but it's literally just to get those Videos in that content. Let's see the syllabus because I've been saying we should check that out for the longest time Now it's nice and fresh with a new logo That's red Blah blah blah Oh This is 16 pages of a table of contents Oh my goodness How many modules are in this now 17 18 19 This course is huge Nothing wrong with that. That's great But wow the domain controller I I really really like that They're putting an active directory because I that's something that I want to get smarter on and like Kerberos etc etc, but I still again think if you learn secure and I can't get over that I can't get over that in my head Okay, there was a This is it. This is the link we were on originally. Let me 24 hour exam still The exam is proctored that hasn't changed This was a heck of a journey. That's that's an understatement Okay Same requisites they mentioned. Yeah, so they try to tell you Hey, make sure you know how to script in bash Or python or pearl especially python because you're going to end up doing that for your buffer overflow And that's absolutely necessary Especially in later courses 17 plus hours of video My god Aren't the others like osce. I think has like four hours of video like not much 850 page pdf course guide That's longer than a harry potter book 75 Lab machines the student forums are there Access to a virtual lab environments Wow, they're teaching in maryland That's probably back at my old school house. That's kind of cool. Okay course pricing. This is what I'm interested in so now the course Is a little bit more money A little bit more money depending on how much lab access you get so the difference in the upgrade is 200 dollars So it used to be like 800 dollars. I think right now. They're that 100. I'm sorry a thousand I don't know why I said 800 200 so that that update is difference. Wow Would I pay 200 dollars to learn more about powershell empire? active directory attacks Well, etc, etc I don't know Because I already have the certifications That oscp. I don't think that would benefit me much Without going straight to elern security for their e cpbt because then I would get another certification and not this one again quote-unquote so Huh Anyway, I think that's cool I think it's awesome more power to them for actually updating this because this everyone had said like dude oscp is outdated etc Oh a ce now the offensive security certified expert that one is friggin a dinosaur that is eons old I think But like they still ship that with backtrack like when you when you purchase that course They'll give you a backtrack virtual machine rather than a cali linux virtual machine so Yeah, and that's kind of some older stuff. This is good. It's really good that they did this. Um, I don't know Is it worth a thousand dollars right now? Yes, absolutely the same reason. I mean osce and oswe are just about that price if not more um depending on what you get because The depth of what's in the course and now this is ginormous now. This is huge 75 lab machines Almost a thousand pages for an actual book and almost a day's worth of video content Yeah There's tons in this and that's great. I think if you haven't got offensive securities, uh, certified professional or oscp certification now Uh, now would be a great time to do it Especially if they have overhauled this course and this upgrade is kind of cool. That's a little bit of hype That's a little bit of good stuff. So All right, I hope this video was kind of interesting kind of cool to watch how kind of fun. Um, It's just me looking at the web pages raw Uh, some that I had seen before some I haven't seen before giving you a review checking out that video And um, maybe you learned something maybe hopefully I don't know I don't think you probably learned anything, but it was cool to hang out with you guys. Thanks for watching Thanks for listening. Uh, like comment and subscribe. I'll see you on the facebook's twitter's internets social medias LinkedIn youtube I'm gonna end the video