The modern attacker's perspective — as a skill inside your team.
We deliver the full OffSec catalog across DACH, MENA and GCC — for individual learners and enterprise teams. Trainers who actually pentest between courses.
Certify what you already know — or build a new specialisation.
From entry-level to senior consultant: we guide you through OSCP, OSEP, OSWE, OSDA and the rest of the OffSec catalog — with 1:1 mentoring, exam prep, and access to real attack scenarios from our live engagements.
- ▸ OSCP bootcamps led by active pentesters.
- ▸ EUR invoicing via German bank account — no credit card required.
- ▸ 1:1 mentoring and exam prep.
- ▸ Career paths: pentester, red teamer, SOC analyst, threat hunter.
Audit-ready skill evidence for your security team — at OffSec standard.
Learn Enterprise is the platform solution for whole teams: reassignable licences, progress reporting, LMS integration and onboarding paths that make new hires productive in weeks rather than months. We deliver the full OffSec catalog plus DACH-localised support, TIBER-/DORA-aligned vendor processes, and trainers who actually pentest between courses.
- ▸ Reassignable licences when staff move on.
- ▸ Progress and certification reporting for audit evidence.
- ▸ LMS integration and structured onboarding paths.
- ▸ Cyber ranges: live attack scenarios instead of slide decks.
- ▸ Vendor onboarding aligned with ISO 27001, BSI IT-Grundschutz, TIBER-EU and DORA.
Original OffSec curriculum. Local support, EUR billing, regulatory clarity.
Local expertise, in your language
Original OffSec courses combined with local-language support and 1:1 mentoring — so your team applies what they learn.
Regulatory safety
Based in Germany. Meets ISO 27001, BSI IT-Grundschutz, TIBER-EU and DORA requirements. Vendor due diligence and third-party risk assessments without friction.
Billing in EUR
Payment via German bank account in Euro. No cross-border transactions, no FX risk, no credit-card requirement.
Exclusive extras
Beyond standard OffSec bootcamps: extra trainings, 1:1 mentoring, and access to attack scenarios from our live engagements.
Trainers with a dual role
Our trainers are active red team consultants and pentesters — with real project experience from banks, insurers and critical infrastructure.
Strategic partner
From first enquiry to sustained capability — including career guidance, exam prep, and follow-on engagements.
From foundational level to senior exploit development.
CyberCore — Security Essentials
Solid entry-level foundation: offensive and defensive techniques, network and system admin, scripting, cloud security and secure coding. Hands-on labs plus a 6-hour proctored exam with Attack, Defend and Build phases.
Penetration Testing with Kali Linux
The globally recognised pentesting standard. Plan attacks, compromise networks, exploit vulnerabilities — in realistic lab environments. Ends in OSCP, the international benchmark for penetration testers.
Foundational Wireless Network Attacks
Solid foundation in wireless pentesting. Analyse WiFi networks, exploit weaknesses. Ideal for practitioners deepening their wireless security skills. Ends in OSWP.
Advanced Evasion Techniques & Breaching Defenses
Senior-level advanced penetration testing. EDR evasion, bypassing controls, red-team techniques in realistic scenarios. Ends in the coveted OSEP certification.
Foundational Web Application Assessments
Hands-on coverage of the most common web weaknesses: SQL injection, XSS, session hijacking and more. For developers and security professionals mastering web application security. Ends in OSWA.
Advanced Web Attacks & Exploitation
Complex web attacks in a white-box environment. Deep code analysis, exploit chaining, authentication bypasses. Ends in OSWE — a must for web security specialists.
Security Operations & Defensive Analysis
For aspiring SOC analysts and threat hunters. SIEM-based practice: detect, analyse and respond to attacks. Ends in OSDA — evidence of solid defensive security skills.
Foundational Incident Response
The full incident response lifecycle: preparation, detection, containment, eradication, recovery, post-mortem. Hands-on labs in forensics, communications, case management and malware analysis. Ends in OSIR.
Foundational Threat Hunting
Core threat hunting skills: threat landscape analysis (APTs, ransomware), endpoint and network IoC detection, proactive methods without pre-defined indicators. Challenge lab plus OSTH certification.
Windows User Mode Exploit Development
Entry to Windows exploit development: bypass DEP and ASLR, build ROP chains, write shellcode. Ends in OSED — evidence of deep Windows security and exploit-dev expertise.
Advanced macOS Control Bypasses
Focused on macOS exploits and privilege escalation. Assess Apple systems for weaknesses, bypass controls deliberately. Ends in OSMR — specialist status for macOS security research.
Secure Java Development Essentials
For developers: secure Java programming, common attack scenarios, best practices. OSCC-SJD positions you as the go-to voice in secure coding and development teams.
From CyberCore to Learn Enterprise.
Course + Cert Bundle and Learn One are single-course packages: at checkout you pick one course from the OffSec catalog (OSCP, OSEP, OSWE, OSDA …). Learn Enterprise gives your team access to the entire catalog — see the table below for the exact differences.
Already know what you need? Head straight to checkout. Still weighing options? Get in touch — we'll help you pick. Prices in EUR, net, plus statutory VAT.
| Feature | CyberCore™ | Course + Cert Bundle | Learn One | Learn Enterprise |
|---|---|---|---|---|
| Lab access (days) | 365 | 90 | 365 | 365 |
| Exam attempts | 2 | 1 | 2 + 1× KLCP + 1× OSWP | 6 per seat/year · KLCP/OSWP unlimited |
| 100-level courses | ||||
| 200- & 300-level courses | ||||
| Fundamentals learning paths | ||||
| Proving Grounds Play | ||||
| Proving Grounds Practice | ||||
| PEN-103 access | ||||
| PEN-210 access | optional | |||
| Reassignable licence | 5+ seats | |||
| Price (net, +VAT) | €800 | €1.545 | €2.425 | €5.500+ |
One-time · EUR invoice · VAT calculated at checkout.
One-time · EUR invoice · VAT calculated at checkout.
One-time · EUR invoice · VAT calculated at checkout.
Game of Active Directory — 2-day Windows AD hacking with Kali Linux.
Our own bootcamps — on-site in Reykjavík and Dubai or fully remote in German. Hands-on attack paths: enumeration, Kerberos attacks, lateral movement, domain dominance. Prices per format below (net, plus VAT).
GOAD is Orange Cyberdefense's open-source Active Directory lab — now the de-facto standard for practising real-world Windows AD attack techniques. Version 3 uses Ansible to spin up a full multi-forest with two domains (sevenkingdoms.local and north.sevenkingdoms.local) plus a trust-linked essos.local — five Windows servers, an IIS web host and an MSSQL host, intentionally misconfigured.
In the bootcamp you work the full chain: unauthenticated recon and AS-REP roasting, LLMNR/NBT-NS poisoning with Responder, SMB relay against unhardened hosts, Kerberoasting and silver/golden tickets, ACL abuse (GenericAll, WriteDACL) via BloodHound, delegation attacks (unconstrained, constrained, RBCD), coercion via PetitPotam, MSSQL linked-server abuse, ADCS abuse (ESC1/ESC8), and cross-domain / cross-forest movement using SID history and trust tickets — all the way to enterprise admin.
All you need is a laptop with Kali Linux (VM or native). Everything else — toolchain, cheat-sheets, attack paths — is provided.
Game of Active Directory · 2 days
- Online · German
- 1–2 Dec 2026 · Remote
Or request invoice / group booking
Exploit IcelandGame of Active Directory · 2 days
- Reykjavík
- 15–16 Oct 2026 · Venue: TBA
Or request invoice / group booking
Exploit DubaiGame of Active Directory · 2 days
- Dubai
- 5–6 Nov 2026 · Venue: TBA
Or request invoice / group booking
OffSec live trainings with our partner Red Blue Alliance.
We co-deliver selected OffSec courses with Red Blue Alliance. Registration and pricing directly at redbluealliance.com.
Penetration Testing with Kali Linux
- 31 Aug – 04 Sep 2026 · Frankfurt · 5-day intensive · Guaranteed
- 27 Oct – 19 Nov 2026 · Online · 4 Tuesdays 9–17 CET · from 5 attendees
Advanced AI Red Teaming
- Coming soon · 8×4 h online (14–18 CET) · Waiting list
A decade of live-earned exploits
Supplementary material from ten years of live operations — techniques you won't find in a slide deck.
Trainers who run live engagements
Not full-time trainers — practitioners who actually pentest and run red team engagements between courses.