OSCP Exam Prep Tactics Debated
The Offensive Security Certified Professional (OSCP) community is discussing new preparation materials, including a video claiming to provide exam dumps and another analyzing why many candidates fail complex modules. While the ethics of using dumps are questionable, the content highlights the pressure to pass high-stakes exams and the importance of active, iterative learning over passive study for difficult sections.
- As of November 1, 2024, Offensive Security has updated the OSCP exam. Successful candidates now earn both the OSCP and OSCP+ certifications. The OSCP+ designation is valid for three years and requires continuing education for renewal. - The updated exam format introduces an "assumed compromise" model where candidates start with a standard user account in an Active Directory (AD) environment. This change allows for partial points within the AD section, a significant shift from the previous all-or-nothing approach to the AD portion of the exam. - Bonus points, which could previously be earned through lab work, were eliminated from the OSCP exam as of November 1, 2024, to create a more consistent and fair experience across all Offensive Security exams. - While Offensive Security does not publish official pass rates, community discussions suggest many candidates fail on their first attempt, with some unofficial estimates citing a pass rate as low as 20%. Successful attempts often follow hundreds of hours of preparation. - The cost for the OSCP certification, including the PEN-200 course and one exam attempt, is approximately $1,649 to $1,749. This is comparable to other advanced penetration testing certifications but more expensive than entry-level options like CompTIA's PenTest+ ($381 for the exam). - For hands-on practice, TryHackMe is often recommended for beginners due to its guided, step-by-step learning paths that cover foundational skills. HackTheBox is generally considered more suitable for intermediate to advanced users, as it focuses on unguided, realistic challenges that validate existing skills and prepare candidates for the difficulty of the OSCP. - Employers seeking junior penetration testers often look for a bachelor's degree in a related field, though experience and certifications can sometimes substitute for formal education. Besides OSCP, other frequently requested certifications include Certified Ethical Hacker (CEH) and GIAC Penetration Tester (GPEN). - The use of "exam dumps" is a violation of Offensive Security's academic policy. If a candidate is found to have used or distributed such materials, they can be banned from the exam and have any existing certifications revoked.
