Offensive Security Certified Professional (OSCP)
1 Global Definition
The Offensive Security Certified Professional (OSCP) is one of the most respected and challenging cybersecurity certifications offered by OffSec. It focuses heavily on hands-on penetration testing and requires candidates to demonstrate real-world hacking skills under time pressure.
1.2 Why It Matters
Unlike theory-based certifications, OSCP is a practical exam where the candidate must break into live machines, escalate privileges, and document findings. It proves not only knowledge but also the ability to think and act like a hacker, making it a top choice for companies hiring penetration testers, red teamers, and security consultants.
1.3 Key Domains Covered
- Information Gathering & Enumeration: Identifying open ports, services, and misconfigurations.
- Exploitation: Web application flaws (SQL Injection, XSS), buffer overflows, misconfigured services.
- Privilege Escalation: Windows & Linux privilege escalation techniques.
- Post-Exploitation: Persistence, lateral movement, pivoting into other networks.
- Scripting & Automation: Writing exploits in Python and Bash.
- Buffer Overflow: Classic binary exploitation to gain shell access.
1.4 Exam Details
- Duration: 24 hours hacking + 24 hours report writing.
- Format: Candidate is given access to a lab with 5 machines of varying difficulty.
- Scoring: Up to 100 points (70 required to pass). Each machine carries a set point value.
- Environment: Conducted in a controlled VPN environment using Kali Linux.
- Requirement: Submit a professional penetration test report documenting findings and exploits.
1.5 Career Benefits
- Highly valued by employers for technical, hands-on skills.
- Qualifies for roles like Penetration Tester, Red Team Operator, and Security Engineer.
- Respected as one of the hardest practical certifications, often compared to real-world engagements.
- OSCP-holders stand out in cybersecurity job markets.
1.6 Study & Preparation Resources
- PWK (Penetration Testing with Kali Linux): The official OSCP training course.
- Labs: Hundreds of vulnerable machines to practice real-world attacks.
- Tools: Nmap, Netcat, Gobuster, Metasploit (limited use in exam), Burp Suite, Hydra, John the Ripper.
- Practice Platforms: Hack The Box, TryHackMe, VulnHub.
- Books: “The Hacker Playbook” series, “Penetration Testing” by Georgia Weidman.
1.7 Practical Example – OSCP Skill in Action
During an OSCP-style exam, a candidate scans a target with Nmap:
nmap -A -T4 10.11.1.22
The scan shows port 80/tcp running Apache with a vulnerable CMS.
Using Gobuster, the candidate finds a hidden admin panel:
gobuster dir -u http://10.11.1.22 -w /usr/share/wordlists/dirb/common.txt
Exploiting weak credentials, they gain access, upload a reverse shell, and escalate privileges by exploiting a SUID binary. The process mirrors real-world penetration testing methodology.