OffSec · Offensive · Hands-on

OSCP — Offensive Security Certified Professional

The gold-standard hands-on offensive certification. OSCP is the bar for entry-to-mid penetration tester roles globally and a hard differentiator in red team hiring.

// exam format
24-hour hands-on penetration test of 5 machines + 24 hours to write the report; 70 points to pass
// cost
≈ £1300
// prerequisites
  • Solid Linux + Windows fundamentals, Python or Bash scripting, basic networking
OSCP is delivered through OffSec's PEN-200 course. The exam is a brutal 24-hour live lab against five target machines, followed by 24 hours to submit a professional penetration test report. There are no multiple-choice questions. The 2024 refresh added Active Directory as a mandatory chain — you cannot pass with standalone box pwns alone. ## What the exam covers - Enumeration and information gathering - Vulnerability scanning and manual exploitation - Active Directory attacks (Kerberoasting, AS-REP roasting, NTLM relay, ACL abuse) - Privilege escalation (Linux + Windows) - Buffer overflow basics - Client-side and web application attacks - Report writing to a commercial standard ## Prerequisites - Solid Linux + Windows fundamentals, Python or Bash scripting, basic networking ## Study plan Plan 4–6 months of evenings + weekends. Complete the PEN-200 PDF + videos, then grind HackTheBox 'TJ Null OSCP-like' list (>40 boxes), Proving Grounds Practice (>30 boxes), and the new AD-focused HTB labs. Build a methodology cheat sheet you can execute under pressure — the exam tests pace, not novelty. ## Cost (UK 2026) Exam fee approx. £1300 (vendor list price; bundles + corporate discounts vary). ## Format 24-hour hands-on penetration test of 5 machines + 24 hours to write the report; 70 points to pass

Frequently asked questions

Is OSCP harder than CEH or PenTest+?

Vastly. CEH/PenTest+ are knowledge tests; OSCP is a real penetration test under time pressure. Industry rule of thumb: 1 OSCP > 5 CEHs on a CV.

What is the OSCP pass rate?

OffSec does not publish official numbers; community estimates put first-attempt pass around 30–40%.

Do UK pen-test firms still hire without OSCP?

Junior roles yes (graduate schemes at PwC, NCC, BAE, WithSecure); mid-level pen-tester roles almost always require OSCP or CRT/CCT.

OSCP or CREST CRT for UK consultancies?

CREST (CRT then CCT) is preferred for CHECK-scope UK government work; OSCP is preferred for commercial pen-test and red team roles. Most senior testers hold both.

Practice OSCP — Offensive Security Certified Professional interview questions

Run AI-graded mock interviews keyed to the OSCP — Offensive Security Certified Professional body of knowledge.

Start free
// related
pen-testerred-teamerappsec-engineerframework · mitre-attack