The OSCP certification and exam [updated 2021]
For a career in information technology that encompasses defensive and offensive roles, you might want to consider becoming an Offensive Security Certified Professional (OSCP). This is a well-recognized certification for information security professionals that touches on hacking techniques that are being used in pentests today.
Those who choose to be OSCPs can demonstrate the practical knowledge of attack methods on systems and devices that is crucial to work in today’s security teams. They also show themselves to be well-versed in finding vulnerabilities due to software or hardware flaws or configuration mistakes. OSCPs can be the go-to individuals in cybersecurity because they are problem-solvers and analytical thinkers.
Those who look forward to a career in ethical hacking or pentesting (a skill that is invaluable today) can look at the Offensive Security (OffSec) course curriculum and training approach. Its certification program is the most rigorous and therefore the most well-respected in the industry. This sector, as OffSec states, was born out of the belief that the only way to achieve sound defensive security is through an offensive approach — to proactively test security measures before a real intruder does. If this is your philosophy, then it’s time to know what it takes to become an OSCP and provide security solutions, network testing and more.
The OSCP certification: An overview
Putting theory into practice is where the OSCP really shines, and it is also what separates it from other certifications. The OSCP process provides professionals with penetration testing/ethical hacking skills and sound concepts of their application abilities. To become certified, the candidate must complete the Offensive Security’s Penetration Testing with Kali Linux (PwK) course (PEN-200) and subsequently pass a hands-on exam. Successful OSCP test-takers will need a strong understanding of security principles and practice as they will be running exploits and recognizing common attack vectors in an online penetration testing lab that enables them to research a network, identify vulnerabilities and act as if they were attacking an organization’s IT environment.
Exam takers will need to apply various tools for pentesting within the Kali Linux operating system and learn how to work with different kinds of exploits, all while documenting any vulnerabilities in the lab exercises. (This can help you earn an extra five points in the exam.) Test takers will be required to compose and submit a real-life pentest report of all the activities in the lab. This means that the candidate will not only have to prove technical abilities but also the professional communication and proper documentation skills that are a requirement for the majority of IT roles.
A great feature of this certification is that OSCP holders do not need to re-qualify. OffSec’s certifications do not expire and they do not need to be renewed. However, anyone who is found engaging in any unethical practices (such as cheating on the exam or divulging test material) will have their certification revoked and receive a lifetime ban from any future courses or offerings by Offensive Security.
Another interesting aspect of becoming an OSCP is that Offensive Security does not require its students to maintain their certification status by earning continuing education credits periodically or by paying an annual fee.
About the OSCP preparation course and exam
We’ve already seen how, to become certified, professionals must complete the Offensive Security’s Penetration Testing with Kali Linux (PwK) course that exposes IT security practitioners to the latest ethical hacking tools and techniques, while the OSCP proctored exam consists of successfully hacking/penetrating various live machines located on different networks with various vulnerabilities.
This is, without a doubt, a difficult exam that’s designed to test one’s ability to think outside the box with the very mindset necessary to be good in this professional role. The OSCP certification challengers learn to put themselves in the shoes of an attacker by using the same tools and techniques that they will later apply to defending applications against real-world attacks. Candidates need a solid understanding of TCP/IP, networking and Linux, which are the prerequisites for taking PEN-200, together with familiarity with Bash scripting, basic Perl or Python.
The exam lasts 23 hours and 45 minutes. Such a long time is used to prove that the candidate has the right degree of persistence and determination to be successful in this role. During that time, professionals are exposed to real-world, hands-on penetration testing on an isolated VPN exam network with five victim hosts. They are asked to demonstrate their ability to successfully defend a system.
Once the tester has completed the exam, they must follow the submission guidelines. An email will inform them about the certification exam results (pass/fail) within 10 business days after submitting the documentation. A minimum score of 70 points is required to pass the exam; those who do will receive an email containing a link to update and confirm their certificate delivery address.
Note: OffSec does not convey the exam score, provide solutions to any part of the test or issue digital versions of the certificate.
Possession of a current certification can also be verified by emailing a request to email@example.com, including the full name and OSID or student Certification ID.
Is taking the OSCP worth the time and effort?
The OSCP credential is becoming a respected and sought-after designation within the information security realm, thanks to its unique way of testing applicants that targets their technical ability. Unlike many other related certifications, OSCP is truly 100 percent hands-on, so it is extremely valuable to employers looking for professionals who not only have a solid theoretical background but the practical skills necessary to identify weaknesses in their IT environment.
Who should earn the OSCP certification?
- Defenders: Helps better understand how attackers work and think. It allows you to truly understand what threats and attack vectors you are defending against and detect exploitation attempts.
- Attackers: Helps better skills and methodology. It helps you understand the importance of executing organized attacks in a controlled and focused manner while doing so to improve a workplace’s existing security posture by reducing the risk of a successful exploit.
Any person in IT security with Windows and Linux administration experience that would like to step into the world of ethical hacking or advance as a penetration tester could benefit from the OSCP certification.
What is the best way to prepare for the OSCP exam?
Those preparing for the OSCP exam are required to attend the Offensive Security in-house training. The Penetration Testing with Kali Linux (PwK) course offered by Offensive Security is self-paced and online and costs $999. The course consists of PDFs and videos with attached lab time and one exam voucher. OffSec’s curriculum includes hands-on exercises to try out and practice sessions in a lab environment to learn various attack techniques safely and legally. The course focuses on real-world applications employing modern techniques used by pentesters; the included lab environment is a critical component of an offensive, hands-on approach for the OSCP exam taker to be familiar with the Linux distro, common networking terminology and basic Bash/Python scripting, which will help later when tackling the test to be certified.
The PwK syllabus covers the following topics in detail:
- Penetration testing: What you should know
- Getting comfortable with Kali Linux
- Command-line fun
- Practical tools
- Bash scripting
- Passive information gathering
- Active information gathering
- Vulnerability scanning
- Web application attacks
- Introduction to buffer overflows
- Windows buffer overflows
- Linux buffer overflows
- Client-side attacks
- Locating public exploits
- Fixing exploits
- File transfers
- Antivirus evasion
- Privilege escalation
- Password attacks
- Port redirection and tunneling
- Active directory attacks
- The Metasploit framework
- PowerShell empire
- Assembling the pieces: Penetration test breakdown
- Trying harder: The labs
Included in the new PwK course (updated February 2020):
- Hands-on walk-throughs: “[OffSec] developed a hands-on mini-network in which the student will be able to reproduce the steps provided with a book and video walk-through.”
- Dedicated virtual machines: These are for the exercises (Windows 10 client, Windows 2016 Active Directory and Debian client).
- Updated targets: Labs that allow for more practice on fresh exercises (on tunneling, pivoting and port redirection) with new operating systems and exploitation vectors.
Course + lab + certification costs are as follows:
- PEN-200 course + 30 days lab access + OSCP exam certification fee – $999
- PEN-200 course + 60 days lab access + OSCP exam certification fee – $1,199
- PEN-200 course + 90 days lab access + OSCP exam certification fee – $1,349
- PEN-200 course + 365 days lab access + 2 OSCP exam attempts – $2,148
The exam is expected to be tough with many professionals taking the exam multiple times. After all, the Offensive Security motto is “Try Harder.” Exam retakes cost $150.
As OffSec states: Students may schedule and reattempt an exam as follows:
- After the first failed exam, a student may schedule an exam retake after four weeks from their previous exam date.
- After the second failed exam, a student may schedule an exam retake after eight weeks from their previous exam date.
- After the third failed exam onward, a student may schedule an exam retake after 12 weeks from their previous exam date.
Benefits of the OSCP certification
Pentesting is a growing field. If you’re looking for a proper certification, then you should seriously consider the OSCP credential. This designation is particularly geared towards evaluating skills in identifying and exploiting vulnerabilities and is relevant to jobs in many different industries and work environments. It also carries great salary potential.
Becoming an OSCP will take much self-study and preparation for the exam. In addition to OffSec’s courseware, it is wise to consider additional learning from reputable training companies that offer courses in ethical hacking and penetration testing that include hands-on labs that can augment the preparation of professionals and help them nail the exam on the first attempt.
Taking the OSCP exam for certification is definitely worth the money, time and effort. However, expect the test to be particularly challenging; being a very hands-on credential, it requires real-world experience with scripting expertise and hacking training, familiarity with exploit methods and the ability to put knowledge into practice.
- Offensive Security Certified Professional (OSCP) Overview, Offensive Security
- OSCP Exam Guide, Offensive Security
- OSCP Certification Exam FAQ, Offensive Security
- Offensive Security Testimonials and Reviews, Offensive Security
- What it means to be an OSCP, Offensive Security
- Salary for Certification: Offensive Security Certified Professional (OSCP), PayScale