The OffSec Certified Professional (OSCP) is a practical penetration testing certification issued by OffSec (formerly Offensive Security). It is delivered through the PEN-200 course (previously known as Penetration Testing with Kali Linux) and is consistently cited by employers as the baseline qualification for professional penetration testers.
The certification is built around a 24-hour practical examination in which candidates must compromise a set of target machines within an isolated lab network. There are no multiple-choice questions or theoretical components, and the exam is assessed entirely on demonstrated exploitation results and a written technical report submitted afterwards. This format means that passing the OSCP requires genuine hands-on ability rather than the ability to recall facts or eliminate incorrect answers.
The PEN-200 course covers the core disciplines of penetration testing: information gathering, vulnerability identification, exploitation of network services and web applications, post-exploitation techniques, privilege escalation on both Linux and Windows, and pivoting through networks. Candidates also gain extensive lab time against a large network of machines in varying configurations before sitting the exam.
The course and exam have a deliberate culture of independent problem-solving with OffSec’s “Try Harder” philosophy encouraging students to work through obstacles themselves rather than seeking step-by-step guidance.
The OSCP is the one of the most widely recognised entry-level offensive security certification in the industry. It proves that the holder can conduct a structured penetration test independently and produce a professional report.
For organisations that are evaluating penetration testing providers, OSCP-holding testers have demonstrated practical competence rather than simply theoretical knowledge. More advanced practitioners may also hold certifications such as OSCE , which builds on OSCP-level skills with advanced exploitation and evasion techniques. For context on what a penetration test involves in practice, see what a penetration test is .