Offensive Security Certified Professional

OSCP course

The course leading up to the OSCP certification was first offered in 2006 under the name "Offensive Security 101". Students expecting a 101 course were not prepared for the level of effort the course requires, so the name was changed to "Pentesting With BackTrack" in December 2008, and again to "Penetration Testing With Kali Linux" when the BackTrack distribution was rebuilt as Kali.

The course covers common attack vectors used during penetration tests and audit. The course is offered in two formats, either online or live "instructor led" classes. The online course is a package consisting of videos, a PDF, lab assignments and lab access. The instructor led course is intensive live training covering the same material, also with lab access. The labs are accessible via a high speed internet connection, and contain a variety of operating systems and network devices where the students perform their assignments.

OSCP challenge

Upon completion of the course students become eligible to take the certification challenge. They are given 24 hours in an unfamiliar lab to successfully complete the exam requirements. Documentation must include procedures used and proof of successful penetration including special marker files that are changed per exam. Exam results are reviewed by a certification committee and a reply is given within 72 hours.

Re-certification

The OSCP does not require re-certification.

Relations to other security trainings or exams

Successful completion of the OSCP exam qualifies the student for 40 (ISC)² CPE credits.

In 2015, the UK's predominant accreditation body for penetration testing, CREST, began recognising OSCP as equivalent to their intermediate level qualification CREST Registered Tester (CRT).