Offensive Security Certified Professional

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Offensive Security Certified Professional (OSCP) is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution (successor of BackTrack).[1] The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment.[2] It is considered more technical than other ethical hacking certifications,[3][4] and is one of the few certifications that requires evidence of practical penetration testing skills.[5]

OSCP course[edit]

The course leading up to the OSCP certification was first offered in 2006 under the name "Offensive Security 101". Students expecting a 101 course were not prepared for the level of effort the course requires, so the name was changed to "Pentesting With BackTrack" in December 2008, and again to "Penetration Testing With Kali Linux" when the BackTrack distribution was rebuilt as Kali.[5]

The course covers common attack vectors used during penetration tests and audit. The course is offered in two formats, either online or live "instructor led" classes. The online course is a package consisting of videos, a PDF, lab assignments and lab access. The instructor led course is intensive live training covering the same material, also with lab access. The labs are accessible via a high speed internet connection, and contain a variety of operating systems and network devices where the students perform their assignments.

OSCP challenge[edit]

Upon completion of the course students become eligible to take the certification challenge.[6] They are given 24 hours in an unfamiliar lab to successfully complete the exam requirements. Documentation must include procedures used and proof of successful penetration including special marker files that are changed per exam. Exam results are reviewed by a certification committee and a reply is given within 5 business days.


The OSCP does not require recertification.

Relations to other security trainings or exams[edit]

Successful completion of the OSCP exam qualifies the student for 40 (ISC)² CPE credits.

In 2015, the UK's predominant accreditation body for penetration testing, CREST,[7] began recognising OSCP as equivalent to their intermediate level qualification CREST Registered Tester (CRT).[8]


  1. ^ "Offensive Security Certified Professional". Offensive Security. Retrieved 13 October 2016.
  2. ^ Linn, Ryan (1 March 2010). "Final Course and Exam Review: Pen Testing with BackTrack". EH-Net Online Mag. Retrieved 13 October 2016.
  3. ^ Westfall, Brian (15 July 2014). "How to Get a Job as an Ethical Hacker". Intelligent Defense. Software Advice. Retrieved 13 October 2016.
  4. ^ Dix, John (11 August 2016). "How well does social engineering work? One test returned 150%". Network World. Retrieved 13 October 2016.
  5. ^ a b Merritt, Chris (2012). "Certification Spotlight: Offensive Security's OSCP" (PDF). IAnewsletter. Information Assurance Technology Analysis Center. 15 (2): 24–25.
  6. ^ "Information Security Training and Ethical Hacking Courses". Offensive Security. Retrieved 13 Oct 2016.
  7. ^ Knowles, William; Baron, Alistair; McGarr, Tim (26 May 2015). Analysis and recommendations for standardization in penetration testing and vulnerability assessment: Penetration testing market survey (Report). BSI Group & Lancaster University.
  8. ^ "CREST Signs New Partnership with Offensive Security to Improve the Standards of Information Security" (Press release). CREST and Offensive Security. 4 August 2015.

External links[edit]