In this article, you can find answers to the questions listed below:
- Exam tour
- Is there an exam report template?
- Are there any bonus points awarded for the OSCP exam?
- How can I practice Active Directory?
- Is there any pivoting required for the Active Directory machines on the exam?
- What are the exam restrictions?
- Can I use KAI or any other chatbots during the OSCP exam?
- When 3 boxes are part of an Active Directory network on the exam, how does that affect Metasploit usage?
- Is PSSession going to count as a shell?
- What are the possible scenarios to pass the exam?
- Which tools are allowed for the OSCP exam?
- How Do I Know If I'm Ready To Take The Exam?
- How Do I Schedule My Certification Exam?
- What is the policy for individuals requesting exam accommodations due to disabilities under the American Disabilities Act (ADA)?
- Can I use Discord during the exam?
- How Can I Find Out My Exam Score?
- Will I be provided with the feedback for my exam?
- How can I submit a complaint about my exam or results?
- What Is The Exam Retake Policy?
- How Many OSCPs Are There? What Is The Pass/Fail Rate?
Exam tour
Watch this video for a quick overview of the exam process, from scheduling to submitting your exam report.
This video was current as of October 2022. As we continue to improve the Learning Library, slight modifications in the interface or functionality may appear.
Have more questions? Check the frequently asked questions below.
Is there an exam report template?
Below are the example exam templates we have created to demonstrate how to report on the exam machines.
Are there any bonus points awarded for the OSCP exam?
No, bonus points are not available for the OSCP exam anymore. The final score is determined solely by performance on the exam itself.
How can I practice Active Directory?
-
Read the corresponding Modules
- Active Directory Introduction and Enumeration
- Attacking Active Directory Authentication
- Lateral Movement in Active Directory
- Read the final Module of the PEN-200 Course Material - Assembling the Pieces
- Begin enumerating the PEN-200 Challenges. Locate and attack all Active Directory sets within the challenges.
Is there any pivoting required for the Active Directory machines on the exam?
There may be pivoting required. Anything in the course material is subject to be on the exam.
What are the exam restrictions?
More information can be found in the OSCP Exam Guide and the exam restrictions video below.
Can I use KAI or any other chatbots during the OSCP exam?
Use of KAI or any other chatbots is not allowed during the exam and the exam reporting phase.
For more information about KAI, please visit the following URL: OffSec KAI FAQ
When 3 boxes are part of an Active Directory network on the exam, how does that affect Metasploit usage?
You may only use Metasploit on one target machine. Metasploit cannot be used for pivoting, because it would thereby be used on more than one target.
Is PSSession going to count as a shell?
Yes, PowerShell Core counts as an interactive shell and is allowed on the exam.
What are the possible scenarios to pass the exam?
- 40 points AD + 3 local.txt flags (70 points)
- 40 points AD + 2 local.txt flags + 1 proof.txt flag (70 points)
- 20 points AD + 3 local.txt flags + 2 proof.txt flag (70 points)
- 10 points AD + 3 fully completed stand-alone machines (70 points)
Please make sure to read the SECTION 1: EXAM REQUIREMENTS in the OSCP Exam Guide.
Which tools are allowed for the OSCP exam?
All tools that do not perform any restricted actions are allowed during the exam. The following tools are allowed, but the list is not limited to these:
- BloodHound (Legacy and Community Edition only)
- SharpHound
- PowerShell Empire
- Covenant
- Powerview
- Rubeus
- evil-winrm
- Responder (Poisoning and Spoofing is not allowed in the challenges or on the exam)
- Crackmapexec
- Mimikatz
- Impacket
- PrintSpoofer
More information regarding the allowed and restricted tools for the OSCP exam can be found in the Exam Restrictions section in the OSCP Exam Guide
How Do I Know If I'm Ready To Take The Exam?
This is, of course, a very difficult question to answer. In general, we suggest at minimum completing the course labs and exploiting the challenge labs. This will give you the bare skills needed to pass the exam. Of course, we cannot guarantee this estimate.
How Do I Schedule My Certification Exam?
You can schedule your OSCP exam directly from the Learning Library control panel. For more information on how to schedule an exam please view the Managing OffSec Certification Exams article.
What is the policy for individuals requesting exam accommodations due to disabilities under the American Disabilities Act (ADA)?
We are committed to providing reasonable accommodations for learners with disabilities in compliance with the American Disabilities Act (ADA). For individuals who qualify and request accommodations, we offer an additional 3-hour extension for the exam. Additionally, learners will be granted an extra 24 hours to submit their report.
- Three hours (3) extension to the actual exam time of twenty-four (24) hours. This means you will have twenty-seven (27) hours to complete the exam.
- Twenty-Four (24) hours extension for submitting the exam report. This means you will have fourty-eight (48 hours) to submit your exam report.
To process accommodation requests, learners must provide a medical letter with a hospital stamp and contact details for the doctor or hospital, so we can verify the integrity of the document.
The request and report forms can be found at the links below:
Only the Request form is required to apply for accommodations. The Report form is only necessary if submitting an appeal after a denied request.
In cases where an accommodation request is denied, learners may file an appeal using the report form within seven (7) days of the denial email.
If you need to request accommodations or file an appeal related to accommodations, please contact our Challenges Department via email at "challenges AT offsec DOT com" prior to your exam with the necessary documentation.
Can I use Discord during the exam?
While you may use Discord as a resource for searching for information during the exam, under no circumstances are you permitted to seek or receive assistance from others on the platform. This includes but is not limited to, asking for help, sharing exam-related information, or discussing any aspect of the exam with others.
How Can I Find Out My Exam Score?
Your exam score will be provided in the exam certification results email should you submit your exam report and have insufficient points to pass the exam. Additionally, you can use the point assignment outlined in the exam control panel to approximate your score. Partial points can also be awarded for systems where full root access is not achieved.
Will I be provided with the feedback for my exam?
You will be provided with the exam feedback after you receive your exam result. Note that only learners who submit the exam report and have insufficient points to pass the exam are going to receive feedback from us.
How can I submit a complaint about my exam or results?
If you have a concern or complaint regarding the exam or your results, you can submit your complaint directly to our Challenges Department via email at "challenges AT offsec DOT com".
Please include detailed information about your issue, such as the specific exam, the nature of the complaint, and any relevant details to help us investigate the matter thoroughly.
What Is The Exam Retake Policy?
All exams have a cooling-off period in between attempts. You can view additional details on the cooling-off period here.
How Many OSCPs Are There? What Is The Pass/Fail Rate?
We do not release the number of people who hold our certifications or the success rate of completing them. The exam-taking experience and perceived difficulty are different for everyone and we don't want to needlessly discourage or encourage learners with numbers based on success or failure.
Additional Resources
STILL HAVE QUESTIONS?
Chat with the OffSec Support Team