Please read this entire document carefully before beginning your exam!
In this article, you will find relevant information on:
- OSCC Introduction
- Section 1: Exam Requirements
- Section 2: Exam Information
- Section 3: Submission and Results
INTRODUCTION
This guide explains the objectives of the OffSec CyberCore Certified (OSCC) exam certification. Section 1 describes the requirements for the exam, Section 2 provides important information and suggestions, and Section 3 specifies instructions for after the exam is complete.
The exam consists of three sections, each relating to one of the major parts of the course syllabus: Attack, Defend and Build. You will have six (6) hours to complete the proctored exam. Once your exam has started, you will see a timer at the bottom of your screen. Upon submission of the exam, your results will be immediately displayed.
All OSCC exams are proctored.
Please make sure to read the proctoring tool learner manual and the proctoring FAQ at the following URL: https://help.offsec.com/hc/en-us/sections/360008126631-Proctored-Exams
SECTION 1: EXAM REQUIREMENTS
Objectives
The exam consists of three sections, each relating to one of the major parts of the course syllabus: Attack, Defend and Build. We have designed each scenario to take approximately 2 hours each, but you are welcome to work on each scenario as you see fit.
Attack
In the Attack scenario, learners will be presented with two challenge lab machines. Learners will be tasked with exploiting an external attack vector to gain an initial foothold on the first machine. On the second machine, learners will be required to perform privilege escalation to elevate privileges.
Learners will need to leverage skills like information gathering, web attacks, attacking endpoints, and privilege escalation.
Defend
The Defend scenario provides learners with access to a Vulnerable Machine, Event Manager (SIEM) and Grader Machine.
- Grader Machine
- Launch the phases and also obtain the proofs once you mitigated the attacks from the vulnerable machine.
- Event Manager (SIEM)
- Observe and analyze the attack using generated logs.
- Vulnerable Machine
- After the attack is run, migitate the attack on this machine.
Using the skills obtained throughout the course, learners will put on their investigator's hat and determine what happened and then remediate the vulnerability that enabled each attack.
Build
The Build scenario provides learners with a series of secure coding and cloud architecture challenges. For example, they might be provided with samples of vulnerable code and then be tasked with determining the best ways of fixing it. Learners will need to understand basic secure coding concepts and cloud architecture patterns to complete these challenges.
Documentation Requirements
You do not need to write or submit a professional report.
Exam Restrictions
AI chatbots such as ChatGPT, YouChat, and similar are not allowed.
NOTE: While you may use Discord as a resource for searching for information during the exam, under no circumstances are you permitted to seek or receive assistance from others on the platform.
Downloading any applications, files, or source code from the exam environment to your local machine is strictly forbidden. For more information, please refer to the https://www.offsec.com/legal-docs/
SECTION 2: EXAM INFORMATION
Exam Connection
Your connection to the exam is to be done primarily via the OffSec Portal. Target machines can be accessed via a local Kali machine and VPN pack, or via the OffSec Portal by using Kali in-browser (KiB).
Passing
The exam consists of three sections, Attack, Defend and Build. Each section has a specific set of objectives that must be met in order to receive points.
Points for each section are awarded as follows:
Section | Total Points | Points Breakdown |
Attack | 30 points | 15 points for Box 1 (proof.txt) 15 points for Box 2 (proof.txt) |
Defend | 30 points | 15 points for Defense 1 15 points for Defense 2 |
Build | 30 points | 6 questions (5 points each) |
Each section of the exam has a total of 30 points that can be awarded with a combined total of 90 points. You must achieve a minimum score of 60 points to pass the exam and receive the OffSec CyberCore Certified (OSCC) certification.
The maximum achievable score is 90. No additional/bonus points are applicable for this course.
Guidelines for Handling Unforeseen Factors During the Exam
This subsection of the exam guide documents what you should do in case you are unable to complete your exam due to severe external factors. Please make sure to read and understand it carefully.
The exam lab is a dedicated environment with no learners connected other than yourself. The total allotted time of 6 hours does take life and its situations into consideration:
- You are welcome to take rest breaks, eat and drink
- You are also expected to have a contingency plan in the event that there is an issue outside your control. (e.g. ensure you have access to a backup Internet connection, power etc.)
If you have a legitimate issue, please send an email with your OSID to "challenges AT offsec DOT com" immediately. Make sure to include all of the necessary details and supporting information - such as a letter from your power company, ISP, or any other relevant documentation.
Please note that we are only able to extend the exam time if the issues you experience are present on our side and only when the exam subnet is not immediately in use by another learner following your exam. In the event of an issue on our side and the exam subnet is scheduled immediately following your exam we will provide a free exam retake attempt. We work diligently to ensure that our environments are highly available and issues are very rare.
Contact Protocol
If you encounter any connectivity problems with Kali in-browser, the VPN or target machines, inform us immediately, directly in the proctoring chat.
Should you not be able to access the proctoring tool, please contact us via the live chat available at https://chat.offsec.com/ or via email to "help AT offsec DOT com".
Please note that we will not be able to assist with, or give hints on, any exam objectives and will only be available for technical problems during the exam.
SECTION 3: SUBMISSION AND RESULTS
Submission
Once you have completed the exam and are ready to submit, click the 'Submit exam' button located at the bottom right of the 'Next Steps' section. Please be aware that after submitting, you will not be able to edit your answers. This step is crucial as it finalizes your exam, so ensure all answers are reviewed and complete before clicking the button. Once submitted, the system processes your exam immediately, and no further changes can be made.
If you accidentally close the exam without clicking "Submit Exam" and the proctor is no longer available, don't worry. Simply wait for the exam to conclude as scheduled, and your results will automatically appear in your exam dashboard.
Results
Upon submission, your results will be displayed immediately and will be final. If you pass, follow these steps to view your certificate:
- Click the three vertical dots next to your Passed Certification exam on the Exam page.
- Click 'Generate certificate'.
- View the generated certificate.
You can then access your digital credentials via the OSCC tile on your Achievements Page.
In the event of a failing result, you can schedule another attempt if you still have a valid OSCC exam attempt on your account. If you do not have a valid attempt left, you will need to purchase a new exam attempt. For further guidance or questions, please refer to the OSCC Exam FAQ page.