The OSCP (Offensive Security Certified Professional) is a penetration testing certification offered by OffSec (formerly Offensive Security). It is one of the most respected hands-on credentials in the industry because it is awarded only after a 24-hour practical exam in which the candidate must compromise multiple lab machines and produce a professional-quality report.
The course
Candidates prepare with the PEN-200 course (formerly PWK, “Penetration Testing with Kali Linux”). The material covers reconnaissance, vulnerability identification, exploitation, privilege escalation on Windows and Linux, Active Directory attacks, web application basics, client-side attacks, and report writing. The course includes access to a large practice lab containing dozens of vulnerable machines that mirror the difficulty of the real exam.
The exam
The exam is 24 hours hands-on, followed by another 24 hours to write and submit a professional penetration test report. The lab environment changes for each candidate but typically contains a standalone Active Directory set plus several independent machines worth different point values. A pass requires both meeting the score threshold and producing an acceptable report; technical success without a passing report still fails the exam.
Why it is respected
Unlike multiple-choice certifications, the OSCP cannot be brain-dumped or passed by memorising answers. The candidate must demonstrate the practical ability to compromise unfamiliar systems within a time limit while documenting their methodology cleanly. The phrase “Try Harder”, originally an OffSec course slogan, captures the iterative, problem-solving mindset the certification tests for.
How it fits in a career
The OSCP is widely recognised as a strong entry-level-to-mid-level signal for penetration testing roles. UK government and CREST-aligned organisations value it alongside CREST CRT and CCT, although CREST membership is the primary requirement for testing in regulated industries. Many testers pursue OSCP first and then add CREST credentials as their career progresses.
Beyond OSCP
OffSec offers further certifications including OSEP (advanced exploitation and bypass), OSWA (web app), OSED (exploit development), OSWE (advanced web), and OSCE3 (a multi-cert advanced track). Each is hands-on and exam-driven. Many working pen testers take one or two of these alongside or instead of OSCP, depending on their specialisation.
Related terms
See also: penetration tester, ethical hacker, penetration testing, and Kali Linux.
Leave a Reply