The Offensive Security Certified Professional (OSCP) certification has long been a gold standard in the cybersecurity world, particularly for those focusing on penetration testing. As we step into 2024, the OSCP exam continues to evolve, challenging even the most seasoned professionals. This blog will explore what’s new, what remains the same, and how you can successfully navigate the journey to becoming OSCP-certified.
Key Changes to the OSCP Exam
Starting from November 1, 2024, the OSCP exam will see two major changes:
- Enhancements to the Active Directory Portion: The updated exam introduces an “assumed compromise” scenario, where learners start with a standard user account on the AD domain and work towards achieving full domain compromise. This update allows candidates to earn partial points within the AD domain, reflecting a more practical and realistic approach to penetration testing.
- Removal of Bonus Points: Previously, candidates could earn up to 10 bonus points by completing certain labs and challenges in the PEN-200 course. With the updated exam, bonus points have been removed to create a fairer, more consistent experience across all OffSec certifications.
Detailed Explanation of OSCP+
The OSCP+ is a new designation introduced alongside the updated OSCP exam. When a candidate passes the updated exam, they earn both the OSCP and OSCP+ certifications. However, unlike the OSCP, the OSCP+ certification has an expiration date—three years from issuance. To maintain the “+” designation, candidates must complete one of the three continuing education paths:
- Take and pass a recertification exam within six months of the OSCP+ expiry date.
- Take and pass another qualifying OffSec certification exam before OSCP+ expires (e.g., OSEP, OSWA, OSED, or OSEE).
- Successfully complete OffSec’s new Continuing Professional Education (CPE) program.
Active Directory Enhancements
The changes to the Active Directory (AD) section of the OSCP exam are a significant update. The new “assumed compromise” model allows candidates to start with a standard user account on the AD domain, simulating a real-world breach scenario. This change means that:
- Candidates will earn points for compromising individual machines within the AD set, allowing for partial credit.
- The new format provides a more realistic assessment of a candidate’s ability to navigate and exploit AD environments.
Removal of Bonus Points
Bonus points were previously awarded to encourage learners to complete specific exercises in the PEN-200 course. However, OffSec found that most learners did not need these bonus points to pass the exam. The removal of bonus points aligns the OSCP with other OffSec certifications and complies with ISO 17024 standards, which do not recognize bonus points in certification exams. This move ensures a more standardized and fair approach across all OffSec certifications.
How to Earn the OSCP+ Certification
To earn the OSCP+ certification, learners must pass the updated OSCP exam starting from November 1, 2024. The OSCP+ will automatically be awarded alongside the OSCP upon passing the exam. However, to maintain the OSCP+ designation beyond three years, learners must follow one of the continuing education paths mentioned earlier.
The primary differences between the OSCP and OSCP+ are as follows:
- Validity: The OSCP certification is valid for life, while the OSCP+ certification is valid for three years.
- Recertification Requirements: The OSCP+ requires periodic recertification or completion of additional education paths to maintain the “+” designation.
- Exam Format and Scenarios: The updated OSCP+ exam includes the new AD scenario and changes to point allocation.
Benefits of Holding an OSCP+
The OSCP+ certification signifies not only a mastery of the material but also a commitment to staying current with the latest industry standards and practices. It reflects a learner’s dedication to continuous learning, which is crucial in the ever-evolving field of cybersecurity.
Impact on Existing OSCP Holders
Current OSCP holders can upgrade to the OSCP+ by taking the new exam after November 1, 2024. OffSec offers a promotional rate of $199 USD for the new exam for those who register between November 1, 2024, and March 31, 2025. After this period, the regular price of $799 USD applies.
1. Understanding the OSCP in 2024
The OSCP certification, offered by Offensive Security, is designed to test your ability to think and act like a professional penetration tester. It's not just about knowing tools or commands; it's about demonstrating hands-on expertise in a controlled, real-world environment.
What’s New in 2024?
- Updated Exam Format: While the OSCP has always been a practical, hands-on exam, the structure has seen tweaks to keep up with the evolving landscape of cybersecurity. Expect more complex and integrated scenarios, which require a broader understanding of network infrastructures and more sophisticated attack techniques.
- Enhanced Learning Path: Offensive Security has enriched its learning materials, offering more detailed guides, lab environments, and video content. This helps candidates better prepare by simulating more realistic environments and providing deeper insights into the methodologies used by modern attackers.
- Greater Emphasis on Reporting: In 2024, the ability to create detailed, clear, and concise reports is more critical than ever. The reporting aspect of the exam now plays a significant role in your final score, emphasizing the importance of not just finding vulnerabilities, but effectively communicating them.
2. The OSCP Exam Structure
The OSCP exam is a 24-hour marathon where you’re tasked with compromising a series of machines within a network. You’re awarded points based on the level of access you achieve and the robustness of your reports. In 2024, the exam structure remains largely consistent with previous years, but with slight adjustments to accommodate the evolving cybersecurity landscape.
- Exam Duration: 24 hours to compromise machines, followed by an additional 24 hours to submit your exam report.
- Scoring: A total of 100 points are available. You must score 70 points to pass. Points are awarded for gaining root or administrator access and for submitting clear, concise, and accurate reports.
- Machine Types: Expect a mix of easy, medium, and hard machines, with a greater emphasis on active directory environments and pivoting between networks.
3. Preparation Tips for Success
3.1. Start with the Basics: Ensure a solid understanding of networking, basic Linux commands, and scripting (Bash, Python). The OSCP is not an entry-level certification; a firm grasp of these basics is crucial.
3.2. Lab Practice is Key: The Offensive Security labs are invaluable. Spend as much time as possible in the labs, simulating real-world attacks and defenses. This hands-on practice is what will prepare you for the actual exam.
3.3. Time Management: The exam is as much a test of endurance as it is of knowledge. Learn to manage your time effectively during the exam. Prioritize easier machines first, then move on to more challenging ones.
3.4. Reporting Skills: Don’t neglect the report. Practice writing clear and detailed reports during your lab exercises. This will save you time and stress during the actual exam.
3.5. Stay Updated on Techniques: Cybersecurity is a rapidly evolving field. Stay informed about the latest attack techniques and tools. The OSCP evolves with the industry, and so should your knowledge.
4. The Road Ahead
Passing the OSCP in 2024 will require dedication, practice, and a deep understanding of penetration testing methodologies. However, the rewards are well worth the effort. The OSCP certification not only boosts your credibility in the cybersecurity community but also opens doors to advanced career opportunities.
Final Thoughts
The OSCP is more than just a certification; it’s a rite of passage for penetration testers. As you prepare for this challenge in 2024, remember that persistence, practice, and patience are your best allies. Embrace the journey, and you'll find that the skills and knowledge you gain will be invaluable throughout your cybersecurity career.
Good luck on your OSCP journey!
0 Comments