The certification exam simulates a live corporate network in a private VPN. You will have 47 hours and 45 minutes to complete the challenge itself and a further 24 hours to submit your documentation.
WHERE CAN I FIND THE EXAM GUIDE?
The OSEP exam guide is available at the following link: OSEP Exam Guide
HOW DO I KNOW IF I'M READY TO TAKE THE EXAM?
This is, of course, a very difficult question to answer. At a minimum, we recommend that you understand the majority of the concepts taught in the course and complete the challenge labs.
HOW DO I SCHEDULE MY CERTIFICATION EXAM?
You can schedule your exam using the link that was provided to you in your welcome pack. If you’re unable to locate it, please contact our Orders department and they will be happy to re-send it to you. Using the link, you are able to see when there is a free slot in our exam lab, allowing you to select a date that suits you.
WHAT IS THE EXAM RETAKE POLICY?
Students may schedule an exam retake within 120 days of the exam retake cooling off period as follows:
- After the 1st failed exam, a student may schedule an exam retake after 4 weeks within 120 days of purchase / end-of-lab.
- After the 2nd failed exam, a student may schedule an exam retake after 8 weeks within 120 days of purchase / end-of-lab.
- After the 3rd failed exam onward, a student may schedule an exam retake after 12 weeks within 120 days of purchase / end-of-lab.
HOW DO I GET POINTS ON THE EXAM?
Points are awarded from finding flags in the form of local.txt or proof.txt files; each flag is worth 10 points.
HOW MANY POINTS DO I NEED TO PASS THE EXAM?
The exam can be passed in one of two ways. Either you achieve the objective provided on the control panel, or obtain at least 100 points.
CAN I SUBMIT AN EXERCISE REPORT FOR BONUS POINTS?
It is not possible to obtain any bonus points on the OSEP exam from completing the course exercises.
WHAT IS SECRET.TXT?
The exam objective will be provided on the control panel when the exam starts. Completion of that objective is proven by obtaining the secret.txt flag.
HOW DO I KNOW WHAT THE GOALS OF THE EXAM ARE?
Once your exam starts, you will get access to the control panel. On the control panel, you will find an explanation of the simulated penetration test and the associated goals.
DO I NEED TO INCLUDE CODE AND SCREENSHOTS IN THE EXAM REPORT?
You should include enough information in the exam report so our graders can replicate your steps.
WHAT IS REQUIRED AS DOCUMENTATION FOR FLAGS?
In the exam report, you must include a screenshot of the flag in its original location by using the type or cat command. Additionally you must include the output of the ipconfig/ifconfig/ip a command.
IS A WEB SHELL ENOUGH?
The shell from which the flag is documented must be a fully interactive remote shell. This means a web shell or RDP session is not sufficient.
HOW MANY MACHINES ARE IN THE EXAM?
The exam simulates a black box penetration test and as such, the total number of machines in the exam is not provided to students. It should be considered an exam secret that must be enumerated during the exam.
DO I NEED TO COMPROMISE ALL MACHINES IN THE EXAM TO PASS?
It is not required to compromise all machines in order to pass the exam. In fact, some machines are not possible to be compromised.
ARE THERE MACHINE DEPENDENCIES IN THE EXAM?
Just like in a penetration test of a real corporate network, many machines will have dependencies.
CAN I REVERT MACHINES DURING THE EXAM?
You can revert the exam machines through the control panel. Due to dependencies, it's not possible to revert individual machines; instead, they are listed in groups.
IF I GET STUCK ON ONE MACHINE CAN I STILL COMPLETE THE EXAM?
There are multiple avenues of attack that can be found through enumeration, so no single machine is required to pass.
WILL ATTACKS LIKE ZEROLOGON WORK IN THE EXAM?
We regularly patch the exam machines in order to prevent unintended attack vectors. Do not expect a new vulnerability to provide an easy way to pass the exam.
DO EXAM MACHINES HAVE ANTIVIRUS INSTALLED?
Exam machines will have various security solutions configured as taught in the course material. Note that bypasses taught in the course and practiced in the labs will also work in the exam.
DOES THE EXAM CONTAIN OLD OS VERSIONS LIKE WINDOWS XP?
The exam only contains modern and fully patched operating systems.
ARE THERE ONLY WINDOWS MACHINES IN THE EXAM?
Just like in the PEN-300 course and challenge labs, the majority of topics and machines use Windows as the operating system. However, there will be Linux machines in the exam as well.
MY COMPANY HAS A LICENSE TO COBALT STRIKE, WHY CAN'T I USE THAT IN THE EXAM?
The exam is designed to test and verify skills and knowledge as covered in the syllabus. Allowing the use of commercial tools in the exam may provide an unfair advantage to some students.
DO I NEED A LOCAL VM FOR DEVELOPMENT DURING THE EXAM?
As part of the exam, the student will be provided with a development VM in the VPN. This VM will contain tools such as Visual Studio and Microsoft Office among others.
HOW DOES THE CHALLENGE LABS COMPARE TO THE EXAM?
The challenges in the PEN-300 labs train most of the concepts that are tested in the exam. The last challenge in the PEN-300 labs has a comparable complexity to the exam.
IF I FAIL AND RETAKE THE EXAM WILL I GET THE SAME EXAM MACHINES?
The OSEP exam consists of a pool of exam sets. The exam sets are assigned at random, so there is no guarantee you will receive the same exam set on a retake.
WHAT INFORMATION IS AVAILABLE ABOUT EXAM PROCTORING?
All OSEP exams are now proctored. Please make sure to read our online FAQ.
STILL HAVE QUESTIONS?