What is Offensive Security?
Offensive Security (OffSec) is the company behind Kali Linux, the Exploit Database, and the most respected penetration testing certifications in the industry. Their philosophy is captured in two words the entire security community knows: Try Harder. As they describe it:
Offensive Security believes in ‘Try Harder’ — our motto representing the persistence, creativity, and determination required to succeed in penetration testing. Our certifications are designed to challenge, frustrate, and ultimately develop professionals who can overcome real-world security challenges.
OSCP is the single most respected offensive security certification in the industry. The pass rate for first-time attempts sits around 50%. Employers know exactly what it means when they see it on a resume.
Is This Right for You?
This is for you if...
- You want the most respected offensive security certification in the industry
- You’re serious about penetration testing as a career, not just a credential
- You can commit to 200–300 hours of preparation — OffSec themselves state this as the minimum
- You’ve already built a foundation in networking, Linux, and basic scripting
- You want a cert where the exam proves you can actually hack, not just answer questions
This is NOT for you if...
- You’re brand new to security — build fundamentals first with CompTIA or TryHackMe
- You want structured lecture-based learning — OffSec’s model is self-directed and demanding
- You don’t enjoy struggling through problems independently — that’s the core of the OffSec experience
Certification Roadmap
Phase 1 — Prerequisites (Before Enrollment)
OffSec is explicit about prerequisites:
Start with honest self-assessment. Complete our free introductory resources, build fundamental skills, and only then enroll in PEN-200. The OSCP journey requires dedication, persistence, and a genuine passion for penetration testing.
Minimum requirements: comfortable Linux CLI, basic networking (TCP/IP, ports, services), Python or Bash scripting, familiarity with Nmap and Burp Suite.
Phase 2 — OSCP (The Foundation)
OSCP is earned through PEN-200. OffSec describes the exam format:
“The OSCP exam is a 24-hour practical penetration test in a controlled network environment. Candidates must identify vulnerabilities, exploit systems, and produce a comprehensive penetration test report within 24 hours of exam completion.”
Minimum 70 points out of 100 to pass. No multiple choice. You either pop the box or you don’t.
| Certification | Course | Exam Format | Duration | Passing Score |
|---|---|---|---|---|
OSCP |
PEN-200 |
Practical — live network |
24h exam + 24h report |
70/100 points |
Phase 3 — Advanced Specializations
| Certification | Course | Focus |
|---|---|---|
OSEP |
PEN-300 |
Evasion techniques, advanced Active Directory, bypassing modern defenses |
OSWE |
WEB-300 |
Advanced web application exploits and source code review |
OSED |
EXP-301 |
Windows exploit development and shellcode creation |
Phase 4 — Security Core (9–12 Months)
OSEE through EXP-401 covers advanced Windows exploitation including kernel exploits. Taught exclusively at Black Hat USA. Candidates typically have 5+ years of offensive experience before attempting.
Career Opportunities
| Certification | Target Job Titles | Average Salary (US) |
|---|---|---|
OSCP |
Penetration Tester, Red Team Operator, Vulnerability Researcher |
$95,000 – $130,000 |
OSEP / OSWE / OSED |
Senior Penetration Tester, Red Team Lead, Exploit Developer |
$120,000 – $160,000 |
OSEE |
Principal Security Researcher, Advanced Red Team Operator |
$150,000 – $200,000+ |
Recommended Resources
Official Study Guides
OffSec is clear about their learning materials:
Offensive Security does not sell standalone certification books. Our learning materials are only available as part of our official training courses, ensuring students have access to current materials and supporting lab environments.
- PEN-200 course materials — included with OSCP enrollment
- Metasploit Unleashed — free online resource from OffSec
- TJ Null’s OSCP Prep List — community-curated HTB and PG machines that mirror OSCP style
- TCM Security — Practical Ethical Hacking course, widely recommended as OSCP prep
Where to Practice
── Hands-On Practice Platforms ──
- Hack The Box — closest match to OSCP exam difficulty
- OffSec Proving Grounds — official practice platform, same team as OSCP
- TryHackMe — Pre-Security and Jr Penetration Tester paths for prerequisites
- TCM Security — Practical Ethical Hacking, widely used OSCP prep
- VulnHub — free downloadable VMs for offline practice
How to Get Started
- Build prerequisites first. Can you enumerate a network with Nmap, exploit a basic vulnerability manually, escalate privileges on Linux, and write a basic Python script? If not — build those skills first.
- Work TJ Null’s list on HTB and PG. Complete 20–30 machines from TJ Null’s prep list before enrolling. You’re ready when you can solve Easy-to-Medium boxes without hints.
- Enroll and protect your lab time. When you buy PEN-200, you’re buying lab time. Treat every lab hour as sacred. Take notes on every machine. The notes you take in the lab become your exam strategy.
📌 Note: The information on this page — including certification details, exam codes, pricing, and salary ranges — is regularly reviewed and updated to reflect the latest data from official sources. Always verify current details directly with the relevant certification body or platform before making any decisions.
Community & Support
── OffSec Communities ──
Related Articles
What Is Cybersecurity — And Why It’s the Most Important Field of Our Time
Most people who want to get into cybersecurity start without direction — jumping between courses, collecting certifications that don’t connect. This guide gives you the honest path: three foundations you cannot skip and four starting options.
The 6 Learning Paths Every Cybersecurity Beginner Should Know
**In our first guide**, we covered how to start learning cybersecurity without feeling overwhelmed. If you haven’t read it yet, start there.
Now, let’s talk about which path to take once you’re ready. When I decided to get into cybersecurity 20 years ago after I graduated from school of engineering as computer engineer, I had no idea which path to
