This article is about the OSCP certification by Offensive Security. For information on the PenTest+ and CEH certifications, check out our article here.

Penetration testing is one of the most asked-about careers in the cybersecurity field.  Being an “ethical hacker” sounds interesting, and is a career goal for many up and coming cybersecurity professionals.  There are several certifications that specifically focus on penetration testing, and in this article, I’m going to go into one of the more popular ones, the OSCP by the Offensive Security organization.

Is the OSCP worth it?  The Offensive Security Certified Professional is a well-respected certification required for many penetration testing jobs.  It is a notoriously difficult and lengthy exam but is well worth the effort for cybersecurity professionals that aspire to become senior-level penetration testers.

Let’s take a look at all of the details of the OSCP certification, including how you can earn your certification.

Table of Contents

What is the OSCP?

The OSCP is the Offensive Security Certified Professional certification, which is issued by the Offensive Security organization – the same organization that issues Kali Linux.  The OSCP is just one of several penetration-style certifications offered by Offensive Security but is probably the most well known. Of the certifications offered by Offensive Security, the OSCP serves as the introductory certification and training option, which they consider their foundational certification.

(Here’s a video I did on the comparison between the CompTIA PenTest+ and OSCP.)

(And also a podcast episode on the topic.)

OSCP Exam Details

Number of QuestionsHands-On Performance-Based
Question TypeHands-On Performance-Based
Test Length24 hours, plus 24 hours for reporting
Recommended ExperienceKnowledge of Linux, TCP/IP, and BASH scripting with Python or PERL
Required ExperienceNone.
Suggested PrerequisiteCompTIA Security+ or similar

Key skills areas of the OSCP

The Offensive Security organization cites the following list as topics that are covered in detail through their training, which is designed to prepare candidates for the OSCP certification.

  • Passive Information Gathering
  • Active Information Gathering
  • Vulnerability Scanning
  • Buffer Overflows
  • Win32 Buffer Overflow Exploitation
  • Linux Buffer Overflow Exploitation
  • Working with Exploits
  • File Transfers
  • Privilege Escalation
  • Client Side Attacks
  • Web Application Attacks
  • Password Attacks
  • Port Redirection and Tunneling
  • The Metasploit Framework
  • Bypassing Antivirus Software
  • Assembling the Pieces: Penetration Test Breakdown

What other certifications are offered by Offensive Security?

Offensive Security also offers the OSCE, which is the Offensive Security Certified Expert and is considered the follow-up step for a serious penetration tester to pursue after they earn their OSCP.  The OSCE is aligned with a course called “Cracking the Perimeter”, and has more focus on exploit development.

Offensive Security also offers the OSWE, which is the Offensive Security Web Expert and is another certification considered to be a follow up to the OSCP.  The OSWE focuses on web application exploitation and security.

The OSEE is the Offensive Security Exploitation Expert, and according to Offensive Security, it is the most challenging course and certification that they offer, and because of this, the course is only available at the Black Hat USA convention.

Lastly, the OSWP is the Offensive Security Wireless Professional, which is another follow up to the OSCP and focuses on wireless security.

Who Should Consider the OSCP?

Offensive Security states that the OSCP is designed for professionals already in the information security field that want to take a “meaningful step into the world of professional penetration testing.”  They specifically list network administrators and security professionals as potential candidates, and they make it clear that this is considered a gateway certification into the world of penetration testing.

Should You Consider The OSCP?

The OSCP certification is a serious certification exam, and although it is considered a beginning certification within Offensive Security’s suite of certifications and courses, it should still be considered an advanced certification exam by any cybersecurity professional, regardless of experience within the industry.

Established cybersecurity professionals should consider the OSCP only if they are very serious about entering the realm of penetration testing and have substantial cybersecurity or systems administration experience.  For more general cybersecurity professionals that do not currently, or do not intend to work in penetration testing, but are interested in earning a penetration testing certification, the Certified Ethical Hacker or CompTIA PenTest+ may be better alternatives that require less commitment.

What experience is required to sit for the OSCP?

Offensive Security specifically requires all testing candidates to complete the “Penetration Testing with Kali Linux” course to be eligible to sit for the OSCP certification exam, which is a course offered exclusively through Offensive Security.  This course is available in both self-paced and instructor-led formats, and has three required prerequisites listed, which Offensive Security defines as the following:

  1. “Solid understanding of TCP/IP networking”
  2. “Reasonable understanding of Linux”
  3. “Familiarity of Bash scripting with basic Python or Perl a plus”

From their language here, it is safe to assume that to get the most out of the training course (and have the best chance of passing the certification exam), you should have solid networking and Linux knowledge, preferably in a live environment, as well as scripting knowledge, preferably with Python.

While these requirements are fairly straightforward, it is advisable that candidates interested in taking this course and the OSCP exam have very solid experience in the field, given the challenging nature of the exam and the content covered in the course.

What is the cost of the OSCP?

The cost of the OSCP certification isn’t terribly expensive, given that for all options you must also purchase the proprietary course and access to the testing lab environment.  Currently, the minimum cost for the package is $800, which gets you the course, 30 days of access to the lab environment, and the exam voucher.  

From there you have additional options to add on extra lab time in 15, 30, 60, or 90-day increments, and you can purchase an exam retake voucher.  Offensive Security has stated before that they do not offer coupon codes or discounts in general, but they do offer options for corporate training for companies interested in training their staff.

How long will it take to prepare for the OSCP?

Assuming that you have the prerequisite knowledge required to begin the Kali Linux course, you can start on the course right away in an online format.  The face to face classes generally last for five days, and from there you will have access to the lab environment for the amount of time that you purchased.

After completing the class, you should expect to spend at least 30 days of study and lab practice to prepare, however, many people that have a limited background in penetration testing may need much longer.  Offensive Security states that exams should be taken within 90 days of completion of the course, so anyone pursuing the course and certification should choose a timeframe where they will have several months to devote focused study and should be sure that they have sufficient networking and Linux experience to get the most out of the training course.

What is the format of the OSCP exam?

The OSCP is a live, hands-on certification exam, where you will have 24 hours to hack into multiple systems in a lab environment.  Keep in mind that these 24 hours are 24 hours straight, not 24 hours over the course of several days, meaning your stamina and desire to persevere will be greatly tested, as well as your time management skills.  The exam is set up to simulate a network environment, with several machines that you’ll need to exploit, either through a single step or multiple steps. Every machine within the environment has what is called a “proof file”, which provides proof that you successfully exploited that machine.  Once you locate a proof file, you’ll need to take a screenshot of the file as evidence. If you fail to provide documentation of the proof file, you will not get credit for hacking that specific system.

This 24-hour lab period is proctored, and Offensive Security has very specific rules regarding what tools and techniques you can and cannot use during this part of the exam.  For example, certain techniques, such as spoofing, are not allowed, and tools like Metasploit are allowed, but you are limited in their use. Be sure to read all of the exam requirements before sitting for the certification exam, as they are very detailed, can change at any time, and will result in disqualification if you fail to follow them.

If you’re still hung up on the 24-hour concept, understand that Offensive Security intends for the exam to be challenging, and for you to manage your time well.  They state in their guide that you “are expected to take rest breaks, eat, drink and sleep”, so you’ll need to figure out how you’ll need to structure your time and how you’ll approach these things during your 24 hour testing period.

Following the 24-hour hacking section of the exam, you’ll have another 24 hours to write up and submit a report on your findings.  Note that this 24 hour period starts right at the conclusion of the first 24 hour period, so you’re going for up to 48 hours straight, based on how quickly you work and how successful you are.

It is critical that you take excellent notes during the 24-hour lab portion in order to complete your report successfully, especially given that you may not remember everything that you learned or found on each system you had to work with.  Offensive Security’s documentation is very precise, and they make it clear that your report is expected to include all steps, commands, and techniques that you used in a fully documented format. In particular, the report must make it possible for another penetration tester to follow the steps you documented and recreate your results, which in many ways is more detail than you would add into a report for a penetration testing client in a real scenario.

With this reporting section as well, Offensive Security’s documentation is very precise, including the format of the report file that you are to submit and the method of submission.  They do provide you with a template that you can work from, or you can use your own, however, the report must include all required information.

How difficult is the OSCP?

Everyone wants to know if the OSCP is as difficult as it sounds or as difficult as they’ve heard.

So, is the OSCP hard? The OSCP is a very difficult exam, which even very experienced penetration testers will find challenges them. The OSCP is intended for penetration testers with strong technical and ethical hacking backgrounds.

As one penetration tester stated, “taking the OSCP made me a better penetration tester.”

It’s important to note that many certification exams are designed for you to prove what you know, where the OSCP is designed for you to prove you can do what you know.  This differentiation, combined with the 24 testing format and the following 24 hour reporting period, make the OSCP one tough certification to earn, and one that all candidates will need to devote serious effort and attention to.

What certifications are comparable to the OSCP?

There are several other penetration testing certifications on the market, however, several of these are considered by many professionals to be less challenging than the OSCP.  If you are just getting started on your penetration testing journey, you could consider the CompTIA PenTest+ or the Certified Ethical Hacker certifications. Although these certifications are not truly comparable to the OSCP, they are in the same subject area of cybersecurity, and may be closely related enough in content for HR or hiring managers to consider your resume.

The other certifications offered by Offensive Security are also similar in style and discipline to the OSCP, however, they all are designed to follow the OSCP in sequence.

How well known is the OSCP?

The OSCP doesn’t appear to be as well known to general hiring managers as some other penetration testing certifications, such as the Certified Ethical Hacker certification, however, the OSCP seems to be highly respected and known within true penetration testing circles.  Most candidates will find those job openings that are specifically for penetration testers or with penetration testing organizations will require or request the OSCP certification, and having the OSCP certification should provide an advantage to any job applicant seeking a penetration testing job.

How long is the OSCP good for?

The OSCP certification does not expire, which is not common for technical or cybersecurity certifications like these but is a benefit for those that achieve it.

What positions would benefit from the OSCP?

Cybersecurity professionals in the following fields, or intending to be in the future, will be greatly benefitted by earning the OSCP certification.

  • Penetration testers – Those that perform ethical hacking or offensive tests against a system or systems.
  • Cybersecurity consultants – Professionals that are in a consulting role related to cybersecurity, including offensive security.
  • Systems auditors – professionals that perform cybersecurity audits of systems.
  • Advanced security professionals – Those with security or cybersecurity-related job tasks, such as cybersecurity analysts, network security engineers, incident responders, and similar roles.

Our Recommendations

The OSCP is a serious penetration testing certification for professional penetration testers, so if you intend to be a senior level penetration tester, you’ll probably need this certification exam at some point.
Make sure you go into the OSCP with strong Linux knowledge; knowledge of python and Kali will help you as well.
If you do sit for and pass this certification, you should also consider the PenTest+ and CEH, as you’ll find them very doable without much additional effort.

Conclusion/Key Points

  • The OSCP certification by Offensive Security is an advanced penetration testing certification that will improve the career options for any serious professional penetration tester.
  • The certification exam itself is one of the most rigorous cybersecurity-based certification exams available but has a very good reputation among penetration testers.
  • Most potential candidates for the certification exam will want to have built substantial networking and Linux knowledge before considering sitting for the OSCP exam, given the hands-on nature of the certification.
  • Aspiring penetration testers with less experience may want to consider the PenTest+ or CEH certifications.

About the author 

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity, and technology training fields. He has a degree in Computer Information Science and CompTIA A+, Network+, Security+, Server+, CySA+, and Cisco CCNA certifications.