All OSCP exams that are scheduled for or after January 11th, 2022 will be subject to the new exam structure.
There is no updated content at this time, as the new exam structure correlates with changes to the course material that were made in February of 2020. As with the rest of the OffSec Library, PEN-200 material is subject to constant updates and improvements over time.
Here is the lab report templates we have created to demonstrate how to report lab machines and a few exercises.
Below are the example exam templates we have created to demonstrate how to report on the exam machines.
10 bonus points may be earned with the new exam structure. In order to receive the full 10 bonus points, lab reports must include the full exploitation of at least one Active Directory set (including the Domain Controller). Every successfully submitted proof.txt within a particular AD set will count as one machine, as long as all other requirements are met. More information about the exercise and lab report requirements can be found here: OSCP Exam Guide
Lab reports with exercises must be submitted with the exam report into one .7z archive as explained in the OSCP Exam Guide.
Lab reports do not need to be overly long. For the PEN-200 lab machines, we only expect our students to show us the exploitation steps. Enumeration steps and any detailed command outputs are not necessary.
Lab exercises may just contain a screenshot to demonstrate how the exercise was completed.
Exam reports should contain both full enumeration and exploitation steps. You should assume that a technically competent reader will execute every step mentioned in the report in order to validate its accuracy.
- Read the corresponding Module on Active Directory
- Read the final Module of the PEN-200 Course Material (Assembling the Pieces: Penetration Test Breakdown)
- Follow along and perform all the steps against the Sandbox.local Active Directory environment
- Begin enumerating the PWK labs. Locate and attack all Active Directory sets within the labs.
There may be pivoting required. Anything in the course material is subject to being on the exam.
Yes, the exam restrictions have not changed at this time. More information can be found here: OSCP Exam Guide
When 3 boxes are part of an Active Directory network on the exam, how does that affect Metasploit usage? Can we use it through the Active Directory network or only on 1 machine? Would pivoting in a meterpreter session count as 2 uses?
You may only use Metasploit on one target machine, this rule has not been modified. Metasploit cannot be used for pivoting, because it would thereby be used on more than one target.
The exam in the past has required that we read the proof from the desktop location, not somewhere else. What does this mean for PowerShell Remoting? Is PSSession going to count as a shell?
Yes, PowerShell Core counts as an interactive shell and is allowed on the exam.
The duration of the exam is not changing at this time. It will remain 23 hours and 45 minutes.
The technical requirements have not changed.
- 40 pt AD + 3 local.txt flags
- 40 pt AD + 2 local.txt flags + 1 proof.txt flag
- 40 pt AD + 2 local.txt flags + bonus points
- 40 pt AD + 1 proof.txt + 1 local.txt + bonus points
- 3 fully completed non-AD machines + bonus points
Please make sure to read the SECTION 1: EXAM REQUIREMENTS in the OSCP Exam Guide.
All tools that do not perform any restricted actions are allowed on the exam.
- PowerShell Empire
- Responder (Poisoning and Spoofing is not allowed in the labs or on the exam)
More information regarding the allowed and restricted tools for the OSCP exam can be found in the Exam Restrictions section in the OSCP Exam Guide
This is, of course, a very difficult question to answer. In general, we suggest at minimum hacking all the machines in the student network apart from pain, sufferance, and humble. This will give you the bare skills needed to pass the exam. Of course, we cannot guarantee this estimate.
If you are studying inside the Training Library, you can schedule your exam directly from the Training library control panel. For more information on how to schedule an exam please view the Important information about exam scheduling in the Training Library article.
If you are studying outside the Training Librar, you can schedule your exam using the link that was provided to you in your course welcome pack. If you’re unable to locate it, please submit a request here, and we will be happy to re-send it to you.
While we cannot provide your exact exam score, you can use the point assignment outlined in the exam guide to approximate your score. Partial points can also be awarded for systems where full root access is not achieved.
All exams have a cooling off period in between attempts. You can view additional details on the cooling off period here.
We do not release the number of people that hold our certifications or the success rate of completion for them. The exam-taking experience and perceived difficulty is different for everyone and we don't want to needlessly discourage or encourage students with numbers based on success or failure.
STILL HAVE QUESTIONS?