Introduction

In the rapidly growing field of cybersecurity, certifications like the Offensive Security Certified Professional (OSCP) have become widely recognized and respected. As we are about to enter 2025, both aspiring and seasoned cybersecurity professionals have exciting new opportunities with the revamped OSCP and the newly introduced OSCP+ certification. These updates cater to the evolving threat landscape, emphasizing advanced penetration testing skills and practical, real-world scenarios.

OSCP Study Notes

HackTheBox Certified Penetration Testing Specialist Study Notes

What is OSCP?

The OSCP certification is a rigorous credential provided by Offensive Security, known for its challenging and hands-on approach to cybersecurity. Aimed at testing a candidate’s ability to conduct penetration tests and ethical hacking practices, OSCP evaluates skills in real-time, making it highly valued by employers seeking qualified security professionals. Since its inception, OSCP has focused on fundamental cybersecurity skills, such as vulnerability assessment, network exploitation, and post-exploitation tactics.

This certification is particularly known for its “try harder” motto, which signifies the determination and self-reliance required to pass the exam. Candidates must demonstrate practical skills, perseverance, and the ability to solve complex security challenges.

Introduction to OSCP+: What’s Different?

Starting November 1, 2024, successful candidates of the revised exam will receive both the OSCP and OSCP+ certifications. The OSCP+ designation differs from the standard OSCP in one key way—it has a three-year expiration from the date of issue. Within this period, candidates can renew the “+” designation through one of three continuing education options:

  1. Pass a recertification exam within six months before the OSCP+ expiration.
  2. Pass another approved OffSec certification exam before the OSCP+ expires. Eligible exams currently include:
    • OSEP (OffSec Experienced Penetration Tester)
    • OSWA (OffSec Web Assessor)
    • OSED (OffSec Exploit Developer)
    • OSEE (OffSec Exploitation Expert)
  3. Successfully complete OffSec’s upcoming CPE (Continuing Professional Education) program, details of which will be released in late 2024 or early 2025.

Please note that the list of qualifying exams is provisional and may change.

The OSCP+ certification signifies not only the holder’s expertise in cybersecurity but also their commitment to staying up-to-date with evolving industry standards. The “+” designation underscores a professional’s dedication to ongoing learning in this dynamic field.

Learners who decide not to renew the “+” designation will retain their OSCP certification, which remains valid indefinitely. As such, current OSCP holders, those who pass the OSCP exam before November 1, 2024, and those who opt not to renew the OSCP+ designation will keep their OSCP credential for life. Although it lacks the “+” designation, the OSCP certification still serves as a valuable marker of expertise and knowledge.

The OSCP certification holds a significant place within OffSec and the wider cybersecurity community. We are committed to maintaining its high standards, ensuring it continues to reflect excellence in the industry. The new OSCP+ designation emphasizes both mastery of the content and the relevance of that knowledge over time.

Since the OSCP+ exam is distinct from the current OSCP exam, existing OSCP holders will have the option to take the new OSCP+ exam at a significantly reduced rate of $199 USD. For those interested in sitting for this updated exam, registration will open on November 1, 2024, and OSCP holders will be notified once it becomes available.

Exam Structure of OSCP in 2024 | Updated

Beginning November 1, 2024, OffSec will replace the current OSCP exam with an updated version. This revised exam will include:

  • Expanded content in the Active Directory section
  • Elimination of bonus points

This update will bring the OSCP exam in line with other OffSec certifications, ensuring it represents the current landscape of penetration testing.

Previously, the Active Directory (AD) section was only accessible after exploiting an unrelated vulnerability. If learners couldn’t bypass this initial step, they missed the chance to showcase their AD skills, limiting OffSec’s ability to evaluate this knowledge area. Moreover, learners needed to complete all aspects of the AD domain to earn any points for this section, which made up a significant portion of the exam score (40 out of 100 points). The bonus point system also had the unintended effect of allowing, or even encouraging, learners to bypass the AD component of the exam.

With the updated OSCP exam, learners will now start with a standard user account on the AD domain under an “assumed compromise” model, aiming to achieve a full domain compromise. This setup allows for partial points within the AD domain, so learners no longer need to complete the entire AD section to earn points.

The revised format also enables OffSec to align with industry-leading certification standards and work toward compliance with ISO 17024, further enhancing the OSCP’s value to the learner community.

Most importantly, this new OSCP exam structure reflects feedback from the OffSec community, who expressed a desire to see the OSCP format evolve.

OSCP Preparation

Take a look at this post for tips on preparing to pass the OSCP.

OSCP vs HTB CPTS

, ,
Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles