CertPath
OSCP

OSCP Exam Guide: How to Approach the 24-Hour Penetration Test

OSCP is the most demanding cert in this guide — but also one of the most respected. Here's what to study, how to approach the 24-hour lab exam, and what separates passing candidates from failing ones.

14 min readUpdated 2026-01-22

What OSCP Actually Is

OSCP is a 24-hour performance-based exam where you're given a set of vulnerable machines and must compromise them to accumulate enough points to pass (70/100). There are no multiple-choice questions. You then have 24 hours to write a professional penetration test report. The exam is famous for being the first serious filter separating professional penetration testers from those who've only studied theory.

Key Tips

  • You must score 70+ points — not all machines need to be fully compromised
  • A professional-quality report is required; poor reports have failed candidates who got enough points
  • The exam includes Active Directory chains that typically account for 40 points

Prerequisites You Actually Need

OffSec says 'basic familiarity with networking and Linux' — that's an understatement. You need to be comfortable before starting PEN-200.

Key Tips

  • Linux command line must be second nature — file system, permissions, processes, networking
  • Networking fundamentals: TCP/IP, routing, subnetting, common protocols
  • Scripting: Python basics for automation, Bash for one-liners
  • Complete TryHackMe or HackTheBox beginner paths before starting PEN-200

The OSCP Preparation Path

Most candidates spend 3–6 months preparing before purchasing the PEN-200 course. Don't buy until you're ready — lab time expires.

Key Tips

  • Phase 1: TryHackMe or HackTheBox to learn the fundamentals for free
  • Phase 2: TCM Security's Practical Ethical Hacking course ($15 on Udemy) — highly recommended pre-OSCP
  • Phase 3: PEN-200 course (OffSec) with 90-day lab access
  • During labs: complete as many machines as possible before the exam
  • Try Hack The Box's OSCP-like machines: Lame, Blue, Legacy, Jerry, Optimum, Bastard

24-Hour Exam Strategy

Approach the exam like a professional engagement — systematic, documented, and time-managed.

Key Tips

  • Start with the AD chain — 40 points and it's all or nothing; get it early
  • Take breaks — fatigue is real after 8+ hours; 20 minutes off restores focus
  • Document EVERYTHING as you go; your report is due 24 hours after the exam ends
  • If stuck: take notes and move on — fresh eyes often see what tired eyes miss
  • Sleep is not failure — a 3-hour rest can unlock problems that 6 hours of struggling won't

Recommended Resources

The OSCP community is generous — there are excellent free resources.

Recommended Resources

TCM Security — Practical Ethical Hacking

course

~$15Visit →

TryHackMe (free tier)

lab

FreeVisit →

Hack The Box Academy

lab

~$14Visit →

OffSec PEN-200 (official course)

official

~$1499Visit →

r/oscp

community

FreeVisit →

Ready to dive deeper?

See full exam details, salary data, and pros/cons.

View OSCP details →

Stay ahead of your certifications

New cert reviews, exam updates, study tips, and salary data. Monthly digest, no spam.

No spam. Unsubscribe anytime.