The OSCP exam has zero traditional questions. It is a 23-hour 45-minute hands-on penetration test where you compromise multiple machines and submit proof. After the practical, you have 24 hours to write a professional report. OSCP is the gold standard for penetration testing certifications.
OSCP holders command $95,000-$140,000 in pentest roles, with senior positions exceeding $160,000.
| Component | Details | Points |
|---|---|---|
| Active Directory Set (3 machines) | Full AD chain: initial access → lateral movement → domain admin | 40 |
| Standalone Machine 1 | Full exploitation + privilege escalation | 20 |
| Standalone Machine 2 | Full exploitation + privilege escalation | 20 |
| Standalone Machine 3 | Full exploitation + privilege escalation | 20 |
| Bonus Points | Course exercises and lab report | 10 |
Professional report with executive summary, detailed findings, reproduction steps, screenshots, and remediation recommendations.
| Cert | Format | Duration | Cost |
|---|---|---|---|
| OSCP | Hands-on + report | ~48 hrs | $1,649+ |
| CEH | 125 MC | 4 hrs | $1,199 |
| PenTest+ | 85 MC+PBQ | 165 min | $392 |
| GPEN | 82-115 questions | 3 hrs | $2,499 |
Zero MC. 23h 45m hands-on pentest.
70/100 points plus professional report.
One of the hardest cybersecurity certs.
~48 hours total (practical + report).
Enumeration, exploitation, privesc, AD, reporting.
3-6 months intensive; 6-12 for beginners.
$1,649+ for course + exam.
Limited — exploit modules on one target only.
Build penetration testing knowledge with practice questions.
Start Free Practice Test →