FAQ

In-House and Live Training

Orders, Registration and Payments

General FAQ

General Frequently Asked Questions

Q: How can I become a vendor or training partner for Offensive Security courses?
A: Although we appreciate your interest, we do not use training partners as we keep our standards high by only using Offensive Security trainers and staff to conduct our courses, all of whom hold multiple Offensive Security certifications. Unfortunately, we also do not sell our courses via 3rd party companies. Your clients will need to start their registration process via our website and provide the required information. Once they have provided all the information and signed our legal form, they will receive an email with a payment URL. They will be able to provide you with their payment links and you will then be able to submit the course fees on their behalf.

Q: Do you have any job positions open at Offensive Security?
A: Unfortunately, we have no vacancies at the moment that you may be able to apply for. Please note that all of our new hires are selected from current/past alumni students.

Q: How do I register with Freenode to talk in the #offsec channel?
A: In order to speak in the #offsec IRC channel, you will need to register your IRC nickname with Freenode.

For more information, please refer to our IRC guide available at the following link: https://www.offensive-security.com/irc-guide.pdf

Q: Can I blog about any Offensive Security courses I’ve taken?
A: Although we appreciate your enthusiasm, we must request that you do not publish any scripts or solutions for systems within our labs. The reasoning behind this is simple: if a future, or current, student should come across your notes and scripts in the course of their research, they would likely use them rather than finding solutions on their own, thereby missing out on the educational process that you went through to come to these same findings.
We also further request that you do not publish any screenshots or images from our labs as they contain proprietary information.

Q: I have a job offering of OSCPs. Is there somewhere I can post this information?
A: We have a job offers section available in our student forums for all who have pass the OSCP certification exam. If you submit a description of the position, required/desired qualifications, contact information, and anything else you would like to add, we will review it and post up the listing on your behalf.

Q: How can I become a penetration tester?
A: While we cannot offer you specific certification or career advice, we can tell you that the realm of information security is quite vast and you therefore need to determine what you like best before committing yourself. In general, only knowledge and experience are required in order to offer your services as a pentester; however, certifications do help in building your clientele. All of our courses focus on offensive security, most specifically, the field of penetration testing.

Our Penetration Testing with Kali Linux (PWK) course focuses on modern techniques used by penetration testers all across the globe, so it would be a great start for you. Cracking the Perimeter (CTP) focuses on exploit development, web application, and WAN attacks, which are also useful for pentesters; however, PWK teaches you the core skills that are required to be a good pentester. CTP also requires advanced knowledge of different offensive techniques, so it is not recommended for beginners. If you feel you possess the required knowledge to take it, feel free to try the following CTP course registration challenge: http://www.fc4.me/

In addition to PWK and CTP, we also have a course entirely devoted to wireless penetration testing, Offensive Security Wireless Attacks (WiFu). Should you wish to learn more about all our online course offerings and start your registration process, we invite you to the following URL: http://www.offensive-security.com/online-information-security-training/

Return to Top

In-House and Live Training

In-House Training

Q: What is required at the training facility where the training will be provided?
A: In order for us to conduct the training in your facility, your group or company will be required to provide the following:
• Networked computer classroom
• Printed copy of the PDF’s (we will provide the students with a PDF to print ahead of time)
• Catering for the students

Q: What does the In-House training include?
A: All of our in-house training includes:
• Two trainers from our team; depending on the size of the group a third trainer may be required
• Five days of training with each days training running from 9:00AM to 5:00PM
• Trainers will remain after class for as long as students have questions
• An opportunity to attempt the course certification challenge exam

The PWK and CTP in-house training also includes:
• Soft copies of the course videos and manual
• 30 days in our virtual labs (course materials & lab time will start after the 5 days of live training)

Q: Does In-House training include the exam?
A: After the training is complete, each students will be able to demonstrate and test their skills in our online exam challenge. Successful students will be awarded the Offensive Security certification applicable to the particular course.

Q: How can I receive a quote for In-House training in my organization?
A: If you are interested in receiving a quote, please complete the online request form found at the following URL: https://www.offensive-security.com/offensive-security-solutions/in-house-training/

Please be advised, our in-house training schedule for 2014 is almost fully booked. Should we be unable to book training, we can add you to our waiting list and contact you if any future dates become available.

Q: How can I pay for In-House training?
A: The terms for payment of In-House training is as follows:
• 10% in order to book the dates (non-refundable)
• 90% one week before the training starts
• Payments via wire transfer
• Prices are inclusive for two instructors with no additional fees for travel or accommodation
• Training to be booked and confirmed 12 weeks prior to course start date

Return to Top

Live Training

Q: What materials will we receive during the Blackhat live courses?
A: The live training at Black Hat only includes a hard copy of the course materials. It does not include an exam attempt, soft copy of the course materials, or lab time. You will be able to purchase those items after attending the course via our website.

Q: What standing do I have with Offensive Security after I attend a Blackhat Live course?
A: You are considered to be an Offensive Security alumni student and are entitled to discounted rates on purchases of a soft copy of the course materials, lab access, or an exam attempt. You will be able to view the alumni pricing information via your personalized purchase link that you will receive following the course.

Q: Will you be offering live training outside of Blackhat?
A: Unfortunately, we have no plans to offer additional live training in the future, with the exception of Black Hat USA. Our next live training sessions will be held in Las Vegas, Nevada during the Black Hat USA 2014 event. Since the training is organized by Black Hat, you will need to register via their website directly: https://www.blackhat.com/us-14/training/index.html.
We do provide in-house training for interested groups and organizations. We offer Penetration Testing with Kali Linux (PWK), Cracking the Perimeter (CTP), Advanced Windows Exploitation (AWE), and Advanced Web Attacks and Exploitation (AWAE) as live courses. Note that we require a minimum of 18 students in order to make it feasible to facilitate in-house training.

If you are interested in receiving a quote, please complete the online request form found at the following URL: https://www.offensive-security.com/offensive-security-solutions/in-house-training/

Please be advised, our in-house training schedule for 2014 is almost fully booked. Should we be unable to book training, we can add you to our waiting list and contact you if any future dates become available.

Return to Top

Orders, Registration and Payments

Orders and Registration

Q: Why do you require a non-free email address?
A: A non-free e-mail address (i.e., corporate) is used in our registration processes to verify the identity of our students. This is required as, given the nature of our training, we are bound by strict legal guidelines which we must adhere to.

Q: What is considered a non-free email address?
A: We require an email address from a domain that is owned by you or your employer, such as a company, university, or personal domain. Email addresses from Internet Service Providers (ISP) or free email providers such as Hotmail or Gmail (including paid versions), are not accepted. Your name or part thereof needs to be visible in the email address and must be from a domain over 2 years of age in order for us to establish a reasonable amount of credibility.

Q: What if I do not have a non-free email address?
A: If you do not have a non free e-mail address, we are legally obligated to obtain a scanned ID as proof of identity. ID numbers and barcodes may be blurred out of the image. We need to be able to see your name, address, year of birth and expiration date of the ID.

Q: How can I change the email address I have associated with Offensive Security?
A: In order for us to change your email address in our system, we require a non-free email address that we can retain on file. If you do not have a non-free email address, please provide us with a scanned identification (in colour) such as a driver’s license or a passport.

Should you choose to send a scanned ID, you may blur the ID number and send it to registrar[at]offensive-security.com. The provided identification is used for identity verification purposes only and is destroyed once your registration is complete. After providing the requested information, we will assign your free address as your primary email in our system.

Q: What can I do if I didn’t receive any registration emails?
A: If you didn’t receive our registration email, your email domain may be rejecting emails from our system. If this is the case, please provide us with a different email address or whitelist the offensive-security.com and offsec.com domains. We also recommend checking that our emails are not ending up in your junk mail folder.

Q: Why is the registration process limited in time (24-72 hours)?
A: Each student receives a dedicated machine in our labs. Once you start your registration, we allocate a machine to your account. If your registration isn’t completed in the allocated time, the lab machine assigned to you gets assigned elsewhere.

Q: Is an exam included in the lab extension fee?
A: The fee for the lab extension does not include an exam attempt. When a lab extension is purchased while a student still has a valid lab account, the exam expiration date is moved forward to 90 days after the lab extension expires. If a lab extension is purchased after after a student’s lab time expires or after failing the certification attempt, we provide a complimentary exam attempt with the lab extension purchase.

Q: How can I receive an invoice for my order?
A: Once you have begun the registration process via our website, you will receive your student number (OSID). Once you have received your OSID, please send us your request with your company information after completing the registration process. Once your registration is complete, you will receive a post registration email containing your personalized purchase link. Payment is submitted via this unique link and we accept payments via credit cards, debit cards, and e-Wallets only.

You can view more details regarding our courses including the course fees and start your registration process via our website at the following URL: https://www.offensive-security.com/online-information-security-training/

Q: How can I register for a future course date?
A: In order to begin your course on a future date, you must first register for one of the available starting dates via our website. After completing your registration process and submitting the course fees, you may provide us with a future date (any Sunday) within 12 months. Also, if you wish to receive an invoice prior to payment, please send us your request with your company information after receiving your student ID number from our system.

Once you have provided the required information your registration will be complete. At this time you will receive a post registration email containing your Offensive Security ID number and your personal purchase link. Payment is submitted via this unique link and we accept payments via credit cards, debit cards, and e-Wallets only.

Q: Can my company register for the courses on behalf of the students who will be attending?
A: All of our courses are non-transferrable and are sold for personal use only even if the student’s organization is making the purchase on his or her behalf. As all students are required to read and agree to our legal terms, you cannot register on behalf of a person who is going to attend the course.
Individual students are required to start their registration process via our website at the following URL: https://www.offensive-security.com/information-security-training/

Once the student has submitted a registration request, accepted our legal form and provided the required information they will receive a post registration email. This email will contain their Offensive Security ID number and a unique purchase link which you can use to submit payment on the student’s behalf. Note that we accept payments via credit cards, debit cards, and e-Wallets only.

Students receive a certification after successfully completing the exam but are not provided with a separate course certification of completion. The exam certification, once achieved, will be mailed to the student and not to the company/organization.

Q: Why is the legal form only valid with a home address?
A: We do not sign legal training agreements with companies as the course materials belong solely to the individual attending the course, which is why students are required to sign our legal agreement and submit their home address as part of the registration process.

Q: Do you offer personal discounts on your courses?
A: Offensive Security is able to offer discounts to people in need but we require a scanned identification (in colour) such as a driver’s license or passport and salary information in order to properly evaluate a request for a discount. Please note that we do not provide discounts to students. For more information, send email to orders[at]offensive-security.com

Q: Do you offer corporate discounts on your courses?
A: We have the following coporate discounts available for our courses:
* 10 – 19 students: 3% discount
* 20 – 29 students: 5% discount
* 30 or more students: 7% discount

If you wish to take advantage of our corporate discount, all of the courses must be paid for in advance. Each student will then be able to start his/her course at a time of their choosing within 12 months of the purchase. The students will each need to complete the registration process via our website and provide the required information.

Return to Top

Course Payments

Q: Are there any additional fees for international transactions?
A: We do not charge any additional fees for international transactions. You may incur additional charges applied by your bank or credit card provider. We recommend you to contact them in order to receive additional information. The charge could be made due to an international transaction, as we are a non US company and our merchant account provider is located in Europe.

Q: What is the fee for canceling a credit card charge?
A: The fee for canceling credit card transactions is $30.00 USD. Should you wish to receive a refund, the fee will be deducted from the total.

Q: What types of payments do you accept?
A: We accept payments via credit cards, debit cards, and e-Wallets only.

Q: Do you accept wire transfers?
A: Unfortunately, we do not accept payments via wire transfers. We accept payments via credit cards, debit cards and e-Wallets only.

Q: Am I able to pay for Offensive Security courses with a GI Bill?
A: Offensive Security is a non-US company, therefore, our training and certifications are not approved under the GI Bill. Should you wish to learn more about our online course offerings and start your registration process, we invite you to visit the following URL: https://www.offensive-security.com/online-information-security-training/

Q: Do you accept net term payments?
A: Offensive Security Limited is a non-US company and does not use a US financial institution to conduct its transactions. We do not use Net terms for payment; payment is completed via an online credit card transaction.

Q: Do you require confirmation of payment if I am not the credit card holder?
A: In order to accept payment we require a confirmation email directly from the credit card holder, acknowledging that the payment has been authorized. Your registration process will be completed within 24 hours after we receive the confirmation email from the purchaser.

Q: What happens if I am late to make payment for a course?
A: You will be able to use your original payment link in order to complete the transaction the following week. Online course seats are determined by our system after payment based on the seats that are available for the starting date closest to the one selected in your initial registration request. If you submit the fees before Thursday of the week you should be able to keep your seat, although we cannot guarantee it.

Be advised, if payment is not submitted within the allotted time frame our system will automatically move your course start date one week ahead and send you an email notification. However, if there are available seats for your original start date after you have submitted the fees we will move your seat back to that date.

Q: Do you have a DUNS number?
A: Offensive Security Limited is a not a US company and does not conduct its business through a US financial institution, therefore we do not have a DUNS number.

Return to Top

Offensive Security Courses

General Course Frequently Asked Questions

Q: Can I pause my lab time?
A: Even when lab time is paused, it still occupies a system in our labs that remains idle. For this reason, only when valid, written justification and supporting documentation is provided, will we consider pausing a lab account.

Q: When does my lab time start and how is that lab time measured?
A: The lab time will begin on your course starting date at the same time that you receive your course materials. The lab time is consecutive and is measured by the number of days you have purchased.

Q: I haven’t used any of my lab time. Can I get free lab time since it was not being used?
A: Lab time is not refundable whether the lab is accessed or not. Our courses are designed for working people and time management is one of the most important aspects of penetration testing and it is assumed that prospective students have planned their time accordingly to devote to the course.

Q: How can I purchase a lab extension?
A: You can purchase a lab extension using your personal purchase link whenever you wish. However, if you make the purchase after your current lab account ends, you may be assigned to a different lab subnet. All of our labs are identical and the only difference will be the network subnet, therefore, you will not be required to modify your existing reports other than via a find and replace operation. You will be able to schedule your challenge within 90 days from your lab extension ending date. Please use your unique purchase link in order to make your desired purchase. You will receive your lab account details within a few hours after your payment has been submitted.

Q: What languages are your courses available in?
A: All of our services and courses are offered in English only.

Q: How are the course start dates determined?
A: Your seat in the course will be determined automatically by our system once you submit the course fees. The seat assignment is based on the seats that are available for the starting date closest to the one you requested in your initial registration request. If you are taking our WiFu course, there are no specific starting dates as you will be running all of the exercises on your own hardware. For all other online courses, the course starting date is every Sunday.

Q: What is your academic policy?
A: Offensive Security has a simple policy regarding cheating. Any students caught cheating on their certification exam will be barred from making future Offensive Security purchases and will have their certification(s) revoked. Students caught providing assistance to others taking the exam such as providing notes, hints, etc. are also subject to the same rule without exception.

Q: How many CPEs can I obtain by taking an Offensive Security course?
A: Our Penetration Testing with Kali Linux (PWK) and Cracking the Perimeter (CTP) courses qualify students for 40 ISC2 CPE credits after they submit exercise documentation at the end of the course or pass the certification challenge. Also, our Offensive Security Wireless Attacks (WiFu) course qualifies students for 10 ISC2CPE credits after they pass the certification challenge.

Q: What happens when a course gets updated? Do past students need to repurchase the course materials or should I wait until a new course version comes out?
A: As Offensive Security courses get updated, they go through price revisions. Past Offensive Security Students will always be able to upgrade their course materials with new versions for the difference in the price between their revision, and the new one. For this reason, there is no reason to wait for a new course revision.

Q: How do I register for one of your online courses?
A: You can view more details regarding our courses and begin the registration process via our website at the following URL:
https://www.offensive-security.com/online-information-security-training/

Q: How long before I want to take a course should I start the registration process?
A: We recommend submitting your online registration request 10 to 14 days prior to your desired course start date.

Q: Can I receive my course materials early?
A: It is not possible to receive the course materials prior to your course start date as our courses have been designed to be worked through in the labs as you progress through the materials.

Q: Is there a minimum age requirement for taking a course with Offensive Security?
A: The minimum age at which a student can take any of our courses is 16 years old and those who are under the age of 18 will need to provide a confirmation letter from their parent(s) or legal guardian acknowledging that they are aware of the course topics and that they have granted permission to take the course. You will be able to continue with your registration process after we have received this letter.

Q: What are the training fees for the online courses?
A: You can view the training fees for our online course offerings at the following URLs:

Penetration Testing with Kali Linux (PWK): https://www.offensive-security.com/information-security-training/penetration-testing-with-kali-linux/
Cracking the Perimeter (CTP): https://www.offensive-security.com/information-security-training/cracking-the-perimeter/
Offensive Security Wireless Attack (WiFu): https://www.offensive-security.com/information-security-training/offensive-security-wireless-attacks/

Q: Which course should I take?
A: All of our courses focus on offensive security, most specifically, the field of penetration testing. Due to the large number of specializations from the information security domain the most suitable course for you depends on what you are interested in.

Our Penetration Testing with Kali Linux (PWK) course focuses on modern techniques used by penetration testers all across the globe, so it would be a great start for you. Cracking the Perimeter (CTP) focuses on exploit development, web application, and WAN attacks, which are also useful for pentesters; however, PWK teaches you the core skills that are required to be a good pentester. CTP also requires advanced knowledge of different offensive techniques, so it is not recommended for beginners. If you feel you possess the required knowledge to take it, feel free to try the following CTP course registration challenge: http://www.fc4.me/

In addition to PWK and CTP, we also have a course entirely devoted to wireless penetration testing, Offensive Security Wireless Attacks (WiFu).

Before registering for a course we advise you to look through each course syllabus and decide which one covers what you are interested in. Each of our courses has a syllabus available online to see what topics are covered. You can view them at the following URLs:

Penetration Testing with Kali Linux (PWK): https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf
Cracking the Perimeter (CTP): http://www.offensive-security.com/documentation/cracking-the-perimiter-syllabus.pdf
Offensive Security Wireless Attacks (WiFu): http://www.offensive-security.com/documentation/wifu-syllabus.pdf
Advanced Windows Exploitation (AWE): http://www.offensive-security.com/documentation/advanced-windows-exploitation.pdf
Advanced Web Attacks and Exploitation (AWAE): http://www.offensive-security.com/documentation/awae-syllabus.pdf

Q: Do you offer bulk voucher purchases?
A: Vouchers for the Penetration Testing with Kali Linux (PWK) course can be purchased in two ways. We can provide you with a unique purchase link via email and you can submit the voucher fee using credit cards or e-Wallets. If the purchase is over 10,000 USD we can provide you with our banking information in order to pay via wire transfer.

Please note that we are a non US company and our merchant account provider is located in Europe. Within 24 hours of payment you will receive the voucher codes and usage instructions for the students.

Q: Where can I find the syllabus for each of the courses provided by Offensive Security?
A: Each of our courses has a syllabus available online to see what topics are covered. You can view them at the following URLs:

Penetration Testing with Kali Linux (PWK): https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf
Cracking the Perimeter (CTP): http://www.offensive-security.com/documentation/cracking-the-perimiter-syllabus.pdf
Offensive Security Wireless Attacks (WiFu): http://www.offensive-security.com/documentation/wifu-syllabus.pdf
Advanced Windows Exploitation (AWE): http://www.offensive-security.com/documentation/advanced-windows-exploitation.pdf
Advanced Web Attacks and Exploitation (AWAE): http://www.offensive-security.com/documentation/awae-syllabus.pdf

Return to Top

Support Frequently Asked Questions

Q: What are your support hours?
A: The typical administrative hours for the Orders department are 1400 – 2200 GMT and IRC/Jabber are 0800 – 0200 GMT. If you would like to know what time it is currently in GMT you can do so at: http://wwp.greenwichmeantime.com/ If you would like to know the GMT times converted to your local time you can do so at: http://www.timezoneconverter.com/cgi-bin/tzc.tzc

Q: Can I get my revert counter reset?
A: You can contact an admin on IRC, Jabber or email help[at]offensive-security.com to obtain more reverts. Please note that the revert counter is reset every day at midnight GMT and virtual machine reverts should be used wisely.

Q: I’m having issues connecting to the VPN. What can I do before contacting support?
A: First, please ensure that you have Internet connectivity within your Kali Linux virtual machine. For basic network configuration on Kali, you can refer to the Kali documentation site at: http://docs.kali.org

If you do have Internet connectivity and are still unable to connect to the labs, ensure you are not behind any firewalls that are preventing you from establishing an outbound connection to the labs on UDP port 1194.

If you are still experiencing issues with VPN connectivity, please send us the output of the failed VPN connection attempt along with the output of the “ifconfig -a” and “route -n” commands.

Q: I’m having problems with the stability of my Windows 7 machine. How can I help fix this?
A: In order to help stabilize your connection, please try lowering the MTU on your VPN virtual interface, which you can accomplish by issuing the following command (where tap0 is your VPN interface that is connected to the labs):

ifconfig tap0 mtu 1200

Continue lowering the MTU value in increments of 50 until you find that your rdesktop session is working properly. You can also add the -P and -z flags to your rdesktop command to enable local disk caching and compression respectively.

Q: How can I contact you for support on Jabber?
A: Our Jabber support account is: offensive-security@jabber.org You will need to configure your instant messaging client with the following settings:

Server: jabber.org
Port: 5223
Use SSL: selected

OR

Server: jabber.org
Port: 5222
Require SSL/TLS: selected

If you do not have a client that supports Jabber, you can find a large list of available clients at the following URL: http://xmpp.org/xmpp-software/clients/ If you also do not have a Jabber account, you can register for one at the following link: https://register.jabber.org/ When adding our support account to your Buddies list, please ensure you provide your OSID with your request.

Return to Top

Offensive Security Wireless Attacks (WiFu)

Q: What are the prerequisites of the Offensive Security Wireless Attacks course?
A: Offensive Security Wireless Attacks is completed at home by the student, so the prerequisites necessary for this course are different from the other courses provided by Offensive Security. If not already owned, the student will need to purchase a dedicated wireless Access Point and a wireless card that supports traffic injection. More information can be found in the respective course description and course documentation.

Q: What happens once I pay?
A: Once payment is made and verified, within three business days you will receive an email containing a download link to the training videos. You will be able to watch the videos in the comfort of your home, and discuss the classes and exercises with other students, using Internet Relay Chat and private messaging.

Q: How long is the course?
A: The Offensive Security Wireless Attacks course videos are 2 and 1/2 hours long. Our students report an average of 20 hours of lab exercises.

Q: Why should I opt for the OSWP certification?
A: Once obtained, the OSWP certification provides testament of your Wireless Penetration Testing skills in a real life environment.

Q: What is the recommended hardware?
A: The only hardware that we have tested and verified as working for the course are those that are listed on the course page at the following link: https://www.offensive-security.com/information-security-training/offensive-security-wireless-attacks/

Most major routers should be compatible with the course but we cannot guarantee it.

Return to Top

Pentesting With Kali (PWK)

Q: When will I be able to purchase the PWK upgrade? When will I receive the new course materials?
A: You are able to purchase the upgrade starting 1st of January 2014. You will receive your materials within a maximum amount of 3 (three) business days.

Q: What does the upgrade fee include? Does it come with any lab time?
A: The upgrade fee only includes the latest version of the course materials (student handbook & video). It does not include any additional lab time or certification attempts. These can be purchased separately using your unique purchase link.

Q: Can I still purchase lab time & take the exam without upgrading my course material?
A: Yes you can purchase additional lab time and certification attempts without purchasing the updated course material. Please note that if you choose to purchase a lab extension after the end of March 2014 you will be given a Windows 7 client instead of an XP client.

Q: How much do I have to pay if I want upgrade & labs?
A: You can find the price list here: http://www.offensive-security.com/information-security-training/penetration-testing-with-kali-linux/ The lab extension fee has not change.

Q: What happens if I have an active lab time, can I switch to the new environment?
A: If you have an active Offensive Security PWB lab account you will be able to switch from the current PWB labs to the new PWK lab environment with ease from your student control panel. Note that once the switch has been made from the current PWB labs to the new PWK labs, it is not possible to return to the old lab environment. The big difference in the labs will be the change to a Windows 7 client and few new machines. Most of the lab environment will stay the same.

Q: How will this affect my current progress? Do I need to start a new report?
A: You will not be required to start a new lab report, most of the lab servers will remain the same so a simple find/replace in your notes will bring them up to date with the new environment. In addition to these if you happen to notice the minor changes you can simply highlight them in your report. While not mandatory if you wish you can re-do the exercises related to your XP client and replace them with the exercises for your Windows 7 client in the report.

Q: Do I need to re-take the OSCP exam with the new PWK?
A: All Offensive Security certifications do not expire, you will not need to re-take the certification exam for every new course version.

Q: I did not receive an email regarding this, what do I do?
A: If you did not receive the upgrade e-mail for our new Pentesting With Kali course, check your inbox and spam folder. If you still can’t locate it, please send an e-mail to orders[at]offensive-security.com with your full name and OS-ID number.

Q: I am planning on taking the OSCP challenge in the near future, will the new version affects the exam?
A: The OSCP certification is not going to change due to the course update at this stage.

Q: I have unused voucher for the PWK labs. Will it stay valid?
A: All unused vouchers for the labs will remain valid and can be used until their expiration date.

Q: Is documentation required for PWK?
A: In addition to meeting the certification exam objectives, you must submit an exam penetration test report in order to be awarded your OSCP designation.

Q: Where is the course syllabus?
A: The course syllabus can be found here: http://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf

Q: Where can I download the VM for PWK?
A: The Penetration Testing with Kali Linux VMware virtual machine image can be downloaded at the following URL: http://downloads.kali.org/kali-486-vm.rar

Q: What is the difference between PWB and PWK?
A: The new Penetration Testing with Kali Linux (PWK) syllabus is available to help you compare the differences from PWB and is available on our site at the following URL: https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf

In addition, we have created a FAQ section in our student forums regarding the course upgrade. It can be found at the following link: https://forums.offensive-security.com/showthread.php?t=2168

Q: I’m a returning student and I would like more lab time. Do I have to submit the full course fees?
A: As an alumni student you do not need to submit the full course fees. You have the option of purchasing 15, 30, 60, or 90 consecutive lab days. Should you wish to upgrade your course materials to the newest version, you can purchase a set of the Penetration Testing with Kali Linux materials (video & PDF) via your purchase link. We provide a complimentary exam attempt with the purchase of a lab extension and you will be able to schedule your exam challenge within 90 days of your lab extension end date.

Q: What is the average time for PWK?
A: Although it varies by each student, the average reported time to go through the Penetration Testing with Kali Linux (PWK) course materials and complete the exercises is approximately 80 hours.
Do note however, that the labs are very large and exploiting every machine in the labs and finding all of the interesting attack vectors takes more than 80 hours to complete.

The time you will need to spend on the course exercises also depends on your technical background and the time you are able to invest in the training.

Q: Why can I not ping my Windows 7 client machine?
A: Your Windows 7 client has a firewall enabled and as a result, it will block all ICMP requests.

Please remote desktop into it using the credentials provided in your welcome pack. Note that you will need to revert the machine each time you connect to the VPN.

Q: Why is my Windows 7 lab machine turning off after I disconnect from the VPN?
A: Your Windows 7 machine is automatically assigned to you upon each VPN connection and it is dedicated to you for as long as your VPN connection is active.

Once you have disconnected from the VPN, your machine will get powered off and you will need to revert it from your student control panel. Because of this, we recommend that all students back up their work locally.

Q: How can I receive a free demo of Saint Exploit?
A: In order to receive a Saint Exploit Demo please visit the URL and follow the instructions to request your demo: http://www.saintcorporation.com/welcome/offensive-security.html

We hope you enjoy this fine tool.

Q: Where are the PWK report templates located?
A: You can find the Penetration Testing with Kali Linux report templates at the following URLs:

http://www.offensive-security.com/pwk-online/PWKv1-REPORT.doc
http://www.offensive-security.com/pwk-online/PWKv1-REPORT.odt

Q: How can I play the PWK videos in Kali?
A: If you are trying to view the course videos in Kali Linux, you will first need to install the flashplugin-nonfree package as follows:

apt-get update && apt-get install flashplugin-nonfree

After installing the package and restarting your browser, you should be able to view the videos using the HTML file.

Q: How can I choose the start date for a lab extension?
A: You are unable to choose a specific starting date for the lab extension during the purchase process. If you wish to choose a certain date to begin your lab extension, please contact us at orders@offensive-security.com with your preferred starting date after submitting the lab extension fees.

You can also submit your payment on the day you want to start your lab and you will receive lab access within a few hours. Note that you will not have 2 attempts for the exam. Your last date for scheduling the exam will move forward by 90 days from your lab extension ending date.

Return to Top

Cracking The Perimeter (CTP)

Q: What are the prerequisites of the Cracking The Perimeter course?
A: Cracking the Perimeter is not an entry level course, requiring it to have more prerequisites than any other course offered by Offensive Security. Familiarity with basic Windows exploitation techniques is required among other skills which can be found in the respective course description and course documentation.

Q: What happens once I pay?
A: Once payment is made and verified, you will receive a confirmation mail, ensuring yourself a place in the next course. On the first day of the course you will receive a username / password combination to the online training labs and a download link to the training videos. You will be able to watch the videos in the comfort of your home, and discuss the classes and exercises with other students, using Internet Relay Chat and private messaging.

Q: How long is the course?
A: The Cracking the Perimeter course videos are around 5 hours long. Our students report an average of 40 hours of lab exercises.

Q: Why should I opt for the OSCE certification?
A: Once obtained, the OSCE certification provides testament of your exceptional Penetration Testing skills in a real life environment.

Return to Top

Advanced Windows Exploitation (AWE)

Q: What are the prerequisites for AWE?
A: Our Advanced Windows Exploitation (AWE) course requires students to not only to have solid debugging skills but also previous experience in writing basic Windows exploits. Our Penetration Testing with BackTrack (PWB) and Cracking the Perimeter (CTP) courses are more oriented towards pentesting although they both cover writing exploits for Windows, albeit at a different difficulty level.

We typically suggest that students take PWB and CTP in order to build a solid exploitation foundation before approaching AWE however, as PWB and CTP are not strictly focused on exploit writing, they may or may not be suitable for you.

Q: What happens once I pay?
A: Once payment is made and verified, you will receive a confirmation email, ensuring yourself a place in the course. One week prior to the start of the course, you will receive an email reminder about your upcoming course date. On the first day of the course, present yourself to the instructors at the training facility.

Q: How long is the course?
A: Advanced Windows Exploitation is a 5 day live course.

Q: Why should I opt for the OSEE certification?
A: Once obtained, the OSEE certification provides testament of your exceptional windows exploitation skills in a real life environment.

Return to Top

Advanced Web Attacks and Exploitation (AWAE)

Q: What are the prerequisites of the Advanced Web Attacks and Exploitation course?
A: Advanced Web Attacks and Exploitation is NOT an entry level course. The pace of learning is fast and furious. At a minimum, students are expected to have a solid understanding of how to perform basic web application attacks. This class is aimed at penetration testers and security auditors who need to take their web application penetration testing skills to a new level.

Q: When will AWAE be released online?
A: Our Advanced Web Attacks and Exploitation (AWAE) course is currently only available in a live training format. AWAE will be online once it’s ready and meets with our standards and not a minute sooner. We’re excited for it to be online as well and as soon as we have more information to provide about it. We will announce new information regarding our AWAE online courses on our website and blog once available.

Note that, once it is available, the new AWAE online course will initially be offered to Offensive Security alumni students only.

Q: Why should I opt for the OSWE certification?
A: Once obtained, the OSWE certification provides testament of your exceptional web application penetration testing skills in a real life environment.

Return to Top

Exams and Certifications

General Exam Frequently Asked Questions

Q: How can I schedule my exam?
A: Please make use of your personalized exam schedule link you received in order to schedule your certification exam. We can resend this link to you via email in case it has been misplaced.

Q: Can I take an Offensive Security exams without taking the course?
A: The certification exam is part of the course package and cannot be offered separately. Only those students who purchase the course materials can attempt the certification challenge.

Q: What is your exam reschedule policy?
A: You can reschedule the date or time of your exam up to 3 times via the exam schedule link you received until 48 hours before the exam date.
If you wish to change your challenge date less than 48 hours before the exam date, you will need to submit an additional fee of $60 USD.

You will be able to retake the challenge at an additional cost if required.

Q: What happens if I fail an exam?
A: If you wish, you may reschedule and attempt to retake the challenge within 12 months. If you choose to do so, please submit the certification challenge fees via your personalized purchase link, after which, you will be able to schedule your challenge within 90 days of the payment date.

If you choose to purchase a lab extension before taking the exam again, the extension fee includes a complimentary exam attempt and you will be able to schedule your challenge within 90 days from your lab extension ending date.

Please keep your course report and send it together with your exam retake documentation.

Q: What type of recognition and accreditation do your certifications have?
A: Our training is not accredited through a university or college and we do not keep track of the course offerings of other organizations. What we are able to you is that the courses and certifications offered by Offensive Security are well-known and highly respected throughout the information security industry.

We invite you to visit the following URL to view unsolicited testimonials and reviews: https://www.offensive-security.com/testimonials-and-reviews/

Q: Can I claim CPEs without taking the exam?
A: If you wish to claim your CPE credits without passing the certification exam, you are required to provide us with your course documentation in the form of a penetration test report for our review. The documentation is to include the results of the course exercises and the exploitation of lab systems. You may send your report to challenges[at]offensive-security.com and will receive our response within 3 business days.

Q: What is the pass/fail rate for the OSWP/OSCP/OSCE exam? How many OSWP/OSCP/OSCEs are there?
A: We do not release the number of people that hold our certifications or the success rate of completion for them. The exam-taking experience and perceived difficulty is different for everyone and we don’t want to needlessly discourage or encourage students with numbers based on success or failure.

Return to Top

General Certification Frequently Asked Questions

Q: Do you provide digital certificates?
A: Unfortunately we do not provide certificates in a digital format, however, we can provide you with a letter of completion for the course. You can send an email to orders[at]offensive-security.com if you wish to receive an OSCP confirmation letter and we will gladly fulfill your request.

Q: How can my employer or potential employer verify the legitimacy of an Offensive Security certification?
A: The person seeking to verify a certification can send an email to orders[at]offensive-security.com with the name and Offensive Security ID number of each individual whose certification they would like to verify. Once we have received this information, we will proceed to contact each student in order to obtain his or her approval of the release of their certification status.

If the student authorizes the release of the information, we will then contact the individual in order to verify their certification.

Return to Top

Additional Services

Penetration Testing

Q: What types of security assessments does Offensive Security offer?
A: Unlike most consulting companies that offer audit- and coverage-driven assessments, Offensive Security specializes in offering high-impact, real-life attack simulations. Our assessments focus on demonstrating true consequences of a security breach, rather than delivering incomplete results limited by highly restrictive and artificial scope limitations.

Offensive Security also offers advanced attacked simulations that are best suited for companies and government institutions with mature security perimeter and defense systems. Organizations that have gone through typical security assessments and would like to test their security posture against highly knowledgable and well-funded attackers, can expect Offensive Security to deliver high quality results in these situations. Each of these security assessments is specifically tailored to the target organization. They typically require extended period of time and great cooperation with the network and system administrators, and more often than not result in 0-day attacks.

Q: Who conducts the security assessments?
A: Offensive Security assessments are performed by the same people who are responsible for the development of our industry-leading education courses, security tools and numerous exploits. We strive to be on the cutting edge of the information security field and use our knowledge and expertise to deliver exceptional services to our clients.

Q: How can I get Offensive Security to do a penetration test of my company?
A: You should review all of the information we have available and submit the form found at the following URLs: https://www.offensive-security.com/offensive-security-solutions/penetration-testing-services/
https://www.offensive-security.com/offensive-security-solutions/advanced-attack-simulation/

Return to Top

Kali Linux

Q: What is this site, is it connected to Kali.org?
A: Yes, Offensive-Security.com is a training spinoff of Kali.org

Q: Does Kali Linux cost money?
A: No, and it never will

Q: Do you provide support for Kali Linux?
A: Offensive Security does not provide support for the Kali Linux distribution.

You can try to find answers and solutions on the Kali Linux forums (http://forums.kali.org), the Kali documentation site (http://docs.kali.org), or in the Kali Linux IRC channel (#kali-linux on Freenode).

For more information, please visit the official Kali Linux website at the following URL: http://www.kali.org/

Return to Top

Exploit Database (EDB)

Q: How do I become an EDB registered partner?
A: The annual fee for access to our archive that contains mappings of CVE identifiers to Exploit Database entries is $1,000 USD. Our archive is updated on a daily basis and is available for our partners to download whenever they wish.

Once an interested organization has provided payment for access to our archive that contains the CVE identifiers mapped to Exploit Database entries, they may provide us with a logo that will be added as a Registered Partner at the following URL: https://www.offensive-security.com/community-projects/the-exploit-database/

Should you wish to purchase access, we will provide you with an invoice and a unique purchase link to submit the fees. Note that we accept payments via credit cards, debit cards, and e-Wallets only.

Q: Do you provide support for EDB?
A: Offensive Security does not provide support for the Exploit Database. Please send your inquiry to submit@offensive-security.com, the account used for submissions and general inquiries about Exploit-DB.

Return to Top

Bug Bounty Program

Q: How will I get paid by the Offensive Security bug bounty program?
A: You can receive a wire transfer or paypal. With a wire transfer you will receive the funds ($ USD) in your account within 5 business days.

Q: Which domains are included in your bug bounty program?
A: The domains that we maintain that are eligible for the Bug Bounty are listed below. Note that our sub-domains are included as well (i.e. docs.kali.org, etc.).

  • offensive-security.com
  • exploit-db.com
  • kali.org
  • backtrack-linux.org

Return to Top

Offensive Security Intelligent Penetration Testing Labs (OSIPTL)

Q: How can I take advantage of the Offensive Security Intelligent Penetration Testing Labs?
A: We would be happy to discuss your needs and goals in order to get a better understanding of your requirements. The OSIPTL are created as custom solutions for each customer based on their specific requirements. In order to receive further information regarding our OSIPTL service, please complete the online request form found at the following URL: https://www.offensive-security.com/offensive-security-solutions/virtual-penetration-testing-labs/

Once you have completed the online form, your request will be directed to the appropriate individual in our company and they will touch base with you within 24 hours.

Q: Do you have virtual penetration testing labs available to individual users?
A: Our virtual pentesting labs are created as built-to-order solutions for organizations that require top of the line network simulation. If this is in line with your needs, please let us know and we would be happy to provide you with further information.

For individual use, we recommend the labs that are included with the Penetration Testing with Kali Linux course. You can find more information on the course at the following URL: https://www.offensive-security.com/information-security-training/penetration-testing-with-kali-linux/

Return to Top

General FAQ

General Frequently Asked Questions

How can I become a vendor or training partner for Offensive Security courses?
Do you have any job positions open at Offensive Security?
How do I register with Freenode to talk in the #offsec channel?
Can I blog about any Offensive Security courses I’ve taken?
I have a job offering of OSCPs. Is there somewhere I can post this information?
How can I become a penetration tester?

Return to Top

In-House and Live Training

In-House Training

What is required at the training facility where the training will be provided?
What does the In-House training include?
Does In-House training include the exam?
How can I receive a quote for In-House training in my organization?
How can I pay for In-House training?

Return to Top

Live Training

What materials will we receive during the Blackhat live courses?
What standing do I have with Offensive Security after I attend a Blackhat Live course?
Will you be offering live training outside of Blackhat?

Return to Top

Orders, Registration and Payments

Orders and Registration

Why do you require a non-free email address?
What is considered a non-free email address?
What if I do not have a non-free email address?
How can I change the email address I have associated with Offensive Security?
What can I do if I didn’t receive any registration emails?
Why is the registration process limited in time (24-72 hours)?
Is an exam included in the lab extension fee?
How can I receive an invoice for my order?
How can I register for a future course date?
Can my company register for the courses on behalf of the students who will be attending?
Why is the legal form only valid with a home address?
Do you offer personal discounts on your courses?
Do you offer corporate discounts on your courses?

Return to Top

Course Payments

Are there any additional fees for international transactions?
What is the fee for canceling a credit card charge?
What types of payments do you accept?
Do you accept wire transfers?
Am I able to pay for Offensive Security courses with a GI Bill?
Do you accept net term payments?
Do you require confirmation of payment if I am not the credit card holder?
What happens if I am late to make payment for a course?
Do you have a DUNS number?

Return to Top

Offensive Security Courses

General Course Frequently Asked Questions

Can I pause my lab time?
When does my lab time start and how is that lab time measured?
I haven’t used any of my lab time. Can I get free lab time since it was not being used?
How can I purchase a lab extension?
What languages are your courses available in?
How are the course start dates determined?
What is your academic policy?
How many CPEs can I obtain by taking an Offensive Security course?
What happens when a course gets updated? Do past students need to repurchase the course materials or should I wait until a new course version comes out?
How do I register for one of your online courses?
How long before I want to take a course should I start the registration process?
Can I receive my course materials early?
Is there a minimum age requirement for taking a course with Offensive Security?
What are the training fees for the online courses?
Which course should I take?
Do you offer bulk voucher purchases?
Where can I find the syllabus for each of the courses provided by Offensive Security?

Return to Top

Support Frequently Asked Questions

What are your support hours?
Can I get my revert counter reset?
I’m having issues connecting to the VPN. What can I do before contacting support?
I’m having problems with the stability of my Windows 7 machine. How can I help fix this?
How can I contact you for support on Jabber?

Return to Top

Offensive Security Wireless Attacks (WiFu)

What are the prerequisites of the Offensive Security Wireless Attacks course?
What happens once I pay?
How long is the course?
Why should I opt for the OSWP certification?
What is the recommended hardware?

Return to Top

Pentesting With Kali (PWK)

When will I be able to purchase the PWK upgrade? When will I receive the new course materials?
What does the upgrade fee include? Does it come with any lab time?
Can I still purchase lab time & take the exam without upgrading my course material?
How much do I have to pay if I want upgrade & labs?
What happens if I have an active lab time, can I switch to the new environment?
How will this affect my current progress? Do I need to start a new report?
Do I need to re-take the OSCP exam with the new PWK?
I did not receive an email regarding this, what do I do?
I am planning on taking the OSCP challenge in the near future, will the new version affects the exam?
I have unused voucher for the PWK labs. Will it stay valid?
Is documentation required for PWK?
Where is the course syllabus?
Where can I download the VM for PWK?
What is the difference between PWB and PWK?
I’m a returning student and I would like more lab time. Do I have to submit the full course fees?
What is the average time for PWK?
Why can I not ping my Windows 7 client machine?
Why is my Windows 7 lab machine turning off after I disconnect from the VPN?
How can I receive a free demo of Saint Exploit?
Where are the PWK report templates located?
How can I play the PWK videos in Kali?
How can I choose the start date for a lab extension?

Return to Top

Cracking The Perimeter (CTP)

What are the prerequisites of the Cracking The Perimeter course?
What happens once I pay?
How long is the course?
Why should I opt for the OSCE certification?

Return to Top

Advanced Windows Exploitation (AWE)

What are the prerequisites for AWE?
What happens once I pay?
How long is the course?
Why should I opt for the OSEE certification?

Return to Top

Advanced Web Attacks and Exploitation (AWAE)

What are the prerequisites of the Advanced Web Attacks and Exploitation course?
When will AWAE be released online?
Why should I opt for the OSWE certification?

Return to Top

Exams and Certifications

General Exam Frequently Asked Questions

How can I schedule my exam?
Can I take an Offensive Security exams without taking the course?
What is your exam reschedule policy?
What happens if I fail an exam?
What type of recognition and accreditation do your certifications have?
Can I claim CPEs without taking the exam?
What is the pass/fail rate for the OSWP/OSCP/OSCE exam? How many OSWP/OSCP/OSCEs are there?

Return to Top

General Certification Frequently Asked Questions

Do you provide digital certificates?
How can my employer or potential employer verify the legitimacy of an Offensive Security certification?

Return to Top

Additional Services

Penetration Testing

What types of security assessments does Offensive Security offer?
Who conducts the security assessments?
How can I get Offensive Security to do a penetration test of my company?

Return to Top

Kali Linux

What is this site, is it connected to Kali.org?
Does Kali Linux cost money?
Do you provide support for Kali Linux?

Return to Top

Exploit Database (EDB)

How do I become an EDB registered partner?
Do you provide support for EDB?

Return to Top

Bug Bounty Program

How will I get paid by the Offensive Security bug bounty program?
Which domains are included in your bug bounty program?

Return to Top

Offensive Security Intelligent Penetration Testing Labs (OSIPTL)

How can I take advantage of the Offensive Security Intelligent Penetration Testing Labs?
Do you have virtual penetration testing labs available to individual users?

Return to Top