OSCE / OSCE3 (OffSec Certified Expert)

The Offensive Security Certified Expert (OSCE) is an advanced certification issued by Offensive Security (now known as OffSec). The original OSCE, based on the Cracking the Perimeter (CTP) course, was retired in 2020 and replaced by OSCE3, which combines three separate advanced-level certifications into a single credential. OSCE3 is widely regarded as one of the most technically demanding certifications available in offensive security.

To achieve OSCE3, a candidate must pass all three of the following certifications:

• OSED (OffSec Exploit Developer), which covers Windows exploit development including bypassing modern memory protections
• OSEP (OffSec Experienced Penetration Tester), which covers advanced active directory attacks, evasion techniques, and antivirus bypass
• OSWE (OffSec Web Expert), which covers advanced white-box web application exploitation.

Each of these certifications requires a dedicated training course and a 48-hour practical examination with a subsequent report submission. There are no multiple-choice questions; all three exams require candidates to demonstrate exploitation skills live against isolated laboratory environments.

The progression from OSCP to OSCE3 represents a substantial step in difficulty. Where OSCP focuses on demonstrating competence across a broad range of standard penetration testing techniques, the OSCE3 examinations focus more on depth: advanced exploitation chains, custom tooling, and the ability to operate in hardened environments where common tools and techniques are actively blocked. Candidates typically hold several years of hands-on offensive security experience before attempting any of the three component exams.

Holding OSCE3 is a strong signal of advanced practical capability in offensive security. For organisations procuring red team engagements or advanced penetration testing, consultants with OSCE3 or its component certifications bring a level of technical depth that goes beyond standard testing. The certification is particularly relevant for assessing hardened environments, testing detection and evasion scenarios, or understanding how a sophisticated attacker would approach a well-defended network.

For context on what senior-level offensive security engagements look like in practice, see what a red team engagement involves .