The Offensive Security Certified Professional (OSCP) certification has long been a gold standard in the cybersecurity industry, representing a candidate’s proficiency in penetration testing and ethical hacking. As the cybersecurity landscape continues to evolve, Offensive Security (OffSec) is updating the OSCP exam to better reflect the skills and knowledge required in modern penetration testing. These changes will take effect on November 1, 2024, at 10 am GMT. In this blog post, we’ll explore the key updates to the OSCP exam and what this means for current and aspiring OSCP holders.
Key Changes to the OSCP Exam:
- Enhanced Active Directory (AD) Component:
- One of the most significant updates to the OSCP exam is the enhancement of the Active Directory portion. To better align with current penetration testing practices, candidates will now start the AD portion of the exam from an “assumed compromise” scenario. In this scenario, learners begin with a standard user account on the AD domain, with the goal of achieving full domain compromise. This change reflects the reality of many modern penetration testing engagements, where attackers often begin with some level of access and must escalate their privileges.
- Removal of Bonus Points:
- OffSec is also removing the bonus points system from the OSCP exam. This aligns the OSCP with other OffSec certifications, ensuring consistency and fairness across the board. By eliminating bonus points, OffSec aims to focus solely on the critical skills needed to be a successful cybersecurity professional, ensuring that every candidate meets the same rigorous standards.
Introducing the OSCP+ Update: With these changes, the OSCP exam will now be referred to as OSCP+. While the certification itself remains the same, the updated exam will have a new requirement: it will expire three years from the date of issuance. During this time, holders will have the opportunity to maintain their certification by completing one of three Continuing Professional Education (CPE) paths:
- Retake the Updated OSCP Exam:
- Candidates can renew their OSCP+ certification by taking and passing the updated OSCP exam on or after November 1, 2024.
- Pass Another Qualifying OffSec Certification Exam:
- Alternatively, candidates can maintain their OSCP+ certification by passing another qualifying OffSec exam. The list of qualifying exams includes the Offensive Security Experienced Penetration Tester (OSEP), Offensive Security Web Expert (OSWE), Offensive Security Exploit Developer (OSED), or Offensive Security Exploitation Expert (OSEE).
- Complete OffSec’s New CPE Program:
- OffSec is also introducing a new CPE program, details of which will be announced in late 2024 or early 2025. Successfully completing this program will allow candidates to renew their OSCP+ certification.
What This Means for Current OSCP Holders: It’s important to note that the traditional OSCP certification will remain valid indefinitely. If you currently hold an OSCP certification, pass the exam before November 1, 2024, or choose not to maintain the OSCP+ after it expires, your OSCP certification will still be recognized without an expiration date.
However, for those looking to stay ahead in the ever-evolving cybersecurity field, the OSCP+ offers an opportunity to demonstrate ongoing commitment to professional development and mastery of the latest penetration testing techniques.
The upcoming changes to the OSCP exam and the transition to OSCP+ reflect OffSec’s commitment to maintaining the relevance and rigor of its certifications in a rapidly changing cybersecurity landscape. As November 1, 2024, approaches, it’s crucial for current and prospective OSCP candidates to understand these updates and prepare accordingly. At SafeNet, we’re here to support your journey to OSCP+ certification with the latest training resources and expert guidance. If you have questions or wish to obtain the OSCP qualifaction before November 1st contact our sales team today or visit our webiste!