OSCE³ (OffSec Certified Expert³) is a certification which replaced the retired OSCE certification that learners would get when completing the CTP course.
- Which courses do I need to complete in order to achieve the OSCE³ certification?
- Why was the OSCE³ certification created?
- Will I get a printed certificate for the OSCE³ certification?
- Do I have to attempt an additional exam to obtain the OSCE³ certification?
- I already achieved the original OSCE certification, how can I get the OSCE³ certification?
Earning all three of the following certifications automatically grants you the new OSCE³ certification:
- OffSec Exploit Developer (OSED), granted after completing Windows User Mode Exploit Development (EXP-301) and passing the exam
- OffSec Experienced Pentester (OSEP), granted after completing Advanced Evasion Techniques and Breaching Defenses (PEN-300) and passing the exam
- OffSec Web Expert (OSWE), granted after completing Advanced Web Attacks and Exploitation (WEB-300) and passing the exam.
The retired Cracking the Perimeter (CTP) course and its certification, OffSec Certified Expert (OSCE), was part of the OffSec’s curriculum for a long time. From its beginning, CTP was envisioned as a natural continuation of the learning path for which Penetration Testing with Kali Linux (PEN-200) served as the foundation. This path ultimately culminated in our most advanced course, Advanced Windows Exploitation (AWE).
When CTP was first conceived it attempted to cover three different areas of pentesting expertise: attacking web applications, advanced userland exploit development (manual encoding, egg hunters, etc.) and antivirus evasion, and attacks against network and edge devices. This led to a course that covered the primary areas where advanced penetration testers spent most of their time. With the level of defense and traditional network complexity at the time, we could cover all these topics adequately in a single course.
However, with the technology and defense mechanisms greatly improving since we released CTP, in 2020, we decided it was time for an overhaul and for a number of years, it was our vision to create individual courses that focus more intensely on the attack areas and techniques taught in the CTP course. The first step in that plan was to create and release an online course that focuses on web application attacks: Advanced Web Attacks and Exploitation (WEB-300), which was released in 2019.
Following the WEB-300 release, we launched 2 courses in late 2020 and early 2021:
- Advanced Evasion Techniques and Breaching Defenses (PEN-300); a course that focuses on more advanced and modern pentesting techniques that cover AV avoidance, lateral movements, and so on.
- Windows User Mode Exploitation Development (EXP-301); a course that focuses exclusively on Windows userland exploit development
With the release of these courses, the OSCE³ was created as we believe a special recognition for completing 3 of our advanced courses that demonstrates exceptional mastery of the offensive security domain was warranted.
The OSCE³ is available in both printed form and as a digital certificate.
In addition to the digital certificate and badge, OSCE³ earners will receive via traditional snail mail the OffSec printed paper certificate, wallet card, and OSCE³ challenge coin.
We’ve chosen to continue physically printing and globally shipping the OSCE³ as it embodies the critical thinking, grit, and ambition needed to earn the OSEP, OSWE, and OSED certifications.
Instructions on how to claim your OSCE³ digital certificate and badge, can be found on our Digital certification FAQ page.
No, the completion of the three courses (WEB-300, PEN-300 & EXP-301) will automatically result in the awarding of the OSCE³ certification. No additional exam will be required once you have obtained the other three standalone certifications.
Current learners who already achieved the OSCE certificate will retain their original certification. If you would like to pursue the OSCE³ certification path, you will have to complete the courses required in order to achieve the certification (WEB-300, PEN-300 & EXP-301).