What is it?
The Offensive Security Discord server is an environment where Offensive Security students, staff, and members of the info-sec community can connect, communicate, and collaborate with one another. The main purpose of this server is to foster a sense of community between our staff, students, and fellow info-sec professionals.
How to join the Offensive Security Discord server
To join our Discord server without a PG account, click on one of the two invitation links presented below:
Create a Discord account and join our server - you can use this option if you are new to Discord and never created an account with them in the past. Once you access the link and complete the registration steps, you will automatically join our server.
Join our server with your existing Discord account - this option is recommended for users already registered with Discord. Once you access the link and log in with your Discord account, you will automatically join our server.
You can log in to the Offensive Security Discord server via a web browser or the Discord app. To download the app, you can visit Discord's download page and install the version applicable to your operating system.
The chat platform offers public and Offsec Course channels. Below is a list of the public channels you should check for important announcements and information:
- #welcome: This is a general channel where all users are welcomed.
- #guidelines: This channel defines the purpose of the community server as well as how students should legally abide by it under our Academic Policies.
- #announcements: This channel contains general announcements such as any updates to courses and labs, raffles and giveaways, and any other Offsec related news.
- #general: Is a channel for open discussion and an offtopic area where students can get to know each other
- #engagement-stories: This channel is where you can share interesting stories from an engagement or assessment, please let us all hear about it! (NB - Keep your NDA's in mind!)
- #knowledge-sharing: This is a channel where you can talk about your experiences and expertise within the field.
- #off-topic: A channel to discuss anything non-infosec related
The channels are updated on a regular basis. Please check the platform for the most up-to-date channels.
Offsec Course channels
Offensive Security students have an avenue where they can discuss the courses and exercises.
To avoid spoiling the fun and challenge of the exercises, there are rules that must be followed:
- Students are not allowed to share complete solutions or walkthroughs of any exercise as we still want students to complete them on their own.
- Students are not allowed to share complete source codes, scripts, or commands that are required for the exercises. Sharing sample code snippets are allowed as long as they don’t give the answers away.
Students can also ask for hints on the lab machines if they have exhausted all their options and have put enough effort in enumerating the target. However, lab machine questions will be stricter in moderation as we do not want the machine’s solutions to be spoiled to everyone. The following are examples of spoilers that should be avoided in the channels:
- Providing a detailed walkthrough or steps needed to exploit a lab machine.
- Providing the exact exploit, command, CVE, or URL of the exploit to use on a specific lab machine
- Providing detailed information on how to leverage the vulnerability of an exploit is not allowed. Although discussing the general concept such as RFI is acceptable.
- Discussing hidden information that should be enumerated, such as a hidden port number, hidden URL, or hidden files is not allowed. Giving details on such information defeats the purpose of having them hidden in the first place.
Student Mentors (SM's) are there to help students who may have questions or concerns as well as moderate the groups to ensure the rules and guidelines are followed.
How to join Offsec Course channels
To join an Offsec course channel please post a message in the #role-requests channel with the course channel you want to be in. One of the OffSec members will review and once approved. You will be added if you have registered the courses.
Note, receiving access to the Offsec course channels can take up to 24 hours from the moment you've joined our server.
Below are some of the Offsec Course channels:
- pen-200-exercises: A channel where students can discuss the PWK course modules and exercises
- web-300-exercises: A channel where students can discuss the AWAE course modules and exercises
- exp-301-exercises: A channel where students can discuss the EXP-301 course modules and exercises
- pen-300-exercises channel where students can discuss the PEN-300 course modules and exercises
Note: PG Practice Subscribers get access to an exclusive PG Practice channel.
How to Ask for Help
When asking for help, please include as much detail as possible. Provide the steps, commands, codes, and any other relevant information to https://paste.offsec.com/ . This way, the students and SM's will have a good understanding of what’s going on so they can better assist you. Please do not copy & paste your sample codes to the channels, as it will be difficult to read and to be mindful of other users also discussing in the channel.
Avoid: Hi I need help!
Avoid: I need help with x.x.x.x machine
Propose: I’ve been working on getting low-level access to x.x.x.x machine. I found credentials from another machine, but they do not seem to be working. Can someone help me?
Avoid: I’m stuck on exercise 123
Propose:I’m trying to get the exploit for exercise 123 to work, however I get an error when launching it. Here are the commands and outputs: https://paste.offsec.com/SdDfLvsw
Note: If you ask a vague question, “Hi I need help” or “Can one of the SM's DM me,” it shows that you are not trying or putting the effort in. As a result, we will not respond to you.
Please be polite and courteous within the chat platform as we do not tolerate unmannerly behavior of any kind. Below are the list of unacceptable topics within any of our channels:
- We do not allow discussing information on the course exams outside of what is publicly available in the course Exam Guides.
- We do not allow discussing illegal activities such as hacking private individuals or corporations.
- Please see #guidelines in Discord for more restrictions.
We also request students to keep discussions related to the channel topic. If you are not sure please check the #off-topic and #main channels.
Student Mentors (SM's)
Our SM's are Offsec alumni that have joined the company to mentor students since they have gone through the courses. The SM's will be available to mentor, support and monitor the channels/groups.
To identify an SM, please check if the OffSec Student Mentor tag is present in the Roles section under their username:
If a student wishes to DM an SM, the SM may not be available as he/she may be helping other students or working on other assignments. If the SM is not available, the SM will get back to the student once he/she is available. If the student would like a faster response, please message in the Offsec Course channels where another SM will assist.
Note: Extra Mile exercises require independent research and are meant to be completed by the student on their own. Therefore, SM's will not be able to help or provide assistance for it.
OffSec Ninja & OffSec Support Bot Commands
Below you can find a list of bot commands available to you and a description of their functionality.
|/help||Displays this menu|
|/members||Displays the total number of users on the server|
|/stats||Displays stats for each student role and certified users|
|/joined||Displays when you joined the server.|
|/support||Global command. Provides official OffSec support channels.|
|/tryharder||Global command. Try Harder|
|/oscpexam||Spits out the URL to OSCP Exam guide. Global command - works anywhere in server.|
|/osweexam||Spits out the URL to OSWE Exam guide. Global command - works anywhere in server.|
|/osceexam||Spits out the URL to OSCE Exam guide. Global command - works anywhere in server.|
|/oswpexam||Spits out the URL to OSWP Exam guide. Global command - works anywhere in server.|
|/osepexam||Spits out the URL to OSEP Exam guide. Global command - works anywhere in server.|
|/oseeexam||Spits out the URL to OSEE Exam guide. Global command - works anywhere in server.|
OffSec Hint Bot Command - BETA
It is now possible to receive hints for certain PEN-200 exercises through our new discord bot called OffSec Hint.
Please note that the current OffSec Hints bot is in the BETA phase.
We will continue to assess, add more functionality and make improvements to the bot.
To prevent abuse of the bot, each student is allowed one (1) hint every 60 mins.
Below you can find the bot command available to you and a description of their functionality.
|/hints||Displays hint to PEN-200 course exercises.
The command can only be executed in the #pen-200-exercises course private channel.