What is it?
The Offensive Security Discord server is an environment where Offensive Security students, staff, and members of the info-sec community can connect, communicate, and collaborate with one another. The main purpose of this server is to foster a sense of community between our staff, students, and fellow info-sec professionals.
To join our Discord server without a PG account, click on one of the two invitation links presented below:
Create a Discord account and join our server - you can use this option if you are new to Discord and never created an account with them in the past. Once you access the link and complete the registration steps, you will automatically join our server.
Join our server with your existing Discord account - this option is recommended for users already registered with Discord. Once you access the link and log in with your Discord account, you will automatically join our server.
You can log in to the Offensive Security Discord server via a web browser or the Discord app. To download the app, you can visit Discord's download page and install the version applicable to your operating system.
Offensive Security students have an avenue where they can discuss the courses and exercises.
To avoid spoiling the fun and challenge of the exercises, there are rules that must be followed:
- Students are not allowed to share complete solutions or walkthroughs of any exercise as we still want students to complete them on their own.
- Students are not allowed to share complete source codes, scripts, or commands that are required for the exercises. Sharing sample code snippets are allowed as long as they don’t give the answers away.
Students can also ask for hints on the lab machines if they have exhausted all their options and have put enough effort into enumerating the target. However, lab machine questions will be stricter in moderation as we do not want the machine’s solutions to be spoiled to everyone. The following are examples of spoilers that should be avoided in the channels:
- Providing a detailed walkthrough or steps needed to exploit a lab machine.
- Providing the exact exploit, command, CVE, or URL of the exploit to use on a specific lab machine
- Providing detailed information on how to leverage the vulnerability of an exploit is not allowed. Although discussing the general concept such as RFI is acceptable.
- Discussing hidden information that should be enumerated, such as a hidden port number, hidden URL, or hidden files is not allowed. Giving details on such information defeats the purpose of having them hidden in the first place.
Student Mentors (SM's) are there to help students who may have questions or concerns as well as moderate the groups to ensure the rules and guidelines are followed.
To join an OffSec course channel please post a message in the #role-requests channel with the course channel you want to be in. One of the OffSec members will review and once approved. You will be added if you have registered for the courses.
Note, receiving access to the OffSec course channels can take up to 24 hours from the moment you've joined our server.
Below are some of the OffSec Course channels:
- pen-exercises: A channel where students can discuss the PEN-100 course modules and exercises
- pen-200-labs: A channel where students can discuss the PEN-200 course lab machines
- web-300-exercises: A channel where students can discuss the AWAE course modules and exercises
- exp-301-exercises: A channel where students can discuss the EXP-301 course modules and exercises
- pen-300-labs: A channel where students can discuss the PEN-300 course challenges
- osmr-masters: A channel for students who have passed the OSMR exam.
Note: PG Practice Subscribers get access to an exclusive PG Practice channel.
When asking for help, please include as much detail as possible. Provide the steps, commands, codes, and any other relevant information to https://paste.offsec.com/ . This way, the students and SM's will have a good understanding of what’s going on so they can better assist you. Please do not copy & paste your sample codes to the channels, as it will be difficult to read and to be mindful of other users also discussing in the channel.
Avoid: Hi I need help!
Avoid: I need help with x.x.x.x machine
Propose: I’ve been working on getting low-level access to x.x.x.x machine. I found credentials from another machine, but they do not seem to be working. Can someone help me?
Avoid: I’m stuck on exercise 123
Propose:I’m trying to get the exploit for exercise 123 to work, however I get an error when launching it. Here are the commands and outputs: https://paste.offsec.com/SdDfLvsw
Note: We encourage community engagement! Anyone is free to help assist students if they know an answer to a question. For this reason, if you have not received a reply from a Student Mentor within 15 minutes, don't worry! If a student has not received help within 15 minutes, the Student Mentors will gladly assist.
The chat platform offers public and OffSec Course channels. Below is a list of the public channels you should check for important announcements and information:
- #welcome: This is a general channel where all users are welcomed.
- #guidelines: This channel defines the purpose of the community server as well as how students should legally abide by it under our Academic Policies.
- #announcements: This channel contains general announcements such as any updates to courses and labs, raffles and giveaways, and any other OffSec related news.
- #general: Is a channel for open discussion and an offtopic area where students can get to know each other
- #engagement-stories: This channel is where you can share interesting stories from an engagement or assessment, please let us all hear about it! (NB - Keep your NDA's in mind!)
- #knowledge-sharing: This is a channel where you can talk about your experiences and expertise within the field.
- #off-topic: A channel to discuss anything non-infosec related
The channels are updated on a regular basis. Please check the platform for the most up-to-date channels.
Please be polite and courteous within the chat platform as we do not tolerate unmannerly behavior of any kind. Below are the list of unacceptable topics within any of our channels:
- We do not allow discussing information on the course exams outside of what is publicly available in the course Exam Guides.
- We do not allow discussing illegal activities such as hacking private individuals or corporations.
- Please see #guidelines in Discord for more restrictions.
We also request students to keep discussions related to the channel topic. If you are not sure please check the #off-topic and #main channels.
Our SM's are OffSec alumni that have joined the company to mentor students since they have gone through the courses. The SM's will be available to mentor, support and monitor the channels/groups.
To identify an SM, please check if the OffSec Student Mentor tag is present in the Roles section under their username:
If a student wishes to speak directly to an SM, the SM may not be available immediately as he/she may be assisting other students or working on other assignments. If the SM is not available, another SM will get back to the student as soon as one is available. If the student would like a faster response, please message the relevant OffSec channels where the community can assist or until another SM might be able to assist.
Note: Extra Mile exercises require independent research and are meant to be completed by the student on their own. Therefore, SM's will not be able to help or provide assistance for it.
Below you can find a list of bot commands available to you and a description of their functionality.
|/help||Displays this menu|
|/members||Displays the total number of users on the server|
|/stats||Displays stats for each student role and certified users|
|/joined||Displays when you joined the server.|
|/support||Global command. Provides official OffSec support channels.|
|/tryharder||Global command. Try Harder|
|/oscpexam||Spits out the URL to OSCP Exam guide. Global command - works anywhere in server.|
|/osweexam||Spits out the URL to OSWE Exam guide. Global command - works anywhere in server.|
|/osceexam||Spits out the URL to OSCE Exam guide. Global command - works anywhere in server.|
|/oswpexam||Spits out the URL to OSWP Exam guide. Global command - works anywhere in server.|
|/osepexam||Spits out the URL to OSEP Exam guide. Global command - works anywhere in server.|
|/oseeexam||Spits out the URL to OSEE Exam guide. Global command - works anywhere in server.|
It is now possible to receive hints for certain PEN-200 exercises and SOC-200 challenges through our new discord bot, OffSec Hints.
We will continue to assess, add more functionality, and improve the bot.
To prevent abuse of the bot, each student is allowed one (1) hint every 60 mins.
Below you can find the bot command available to you and a description of their functionality.
|/pen-200-hints||Displays hint to PEN-200 course exercises.
The command can only be executed in the #pen-200-exercises course private channel.
|/soc-200-hints||Displays hint to SOC-200 challenges.
The command can only be executed in the #soc-200-labs course private channel.