OSCP Overview & Exam Strategy
OSCP Exam Structure & Scoring
Understanding the exam format is critical for success. This lesson breaks down exactly how the OSCP exam works, how points are awarded, and what restrictions apply.
Exam Overview
The OSCP exam is a 23 hour 45 minute practical penetration test followed by a 24-hour documentation period.
┌─────────────────────────────────────────────────────────┐
│ OSCP Exam Timeline │
├─────────────────────────────────────────────────────────┤
│ Exam Start ──────────────────────────────── 23h 45m │
│ │ │ │
│ ├── Hack machines │ │
│ ├── Collect flags │ │
│ └── Take screenshots │ │
│ │ │
│ Exam Ends ─────────────────────────────────────┘ │
│ │ │
│ └── 24-hour Report Window begins │
│ │ │
│ ├── Write professional report │
│ ├── Include all screenshots │
│ └── Document methodology │
│ │
│ Report Due ────────────────────────────────────────────┤
└─────────────────────────────────────────────────────────┘
Scoring Breakdown
You need 70 out of 100 points to pass. Points are distributed across two categories:
Standalone Machines (60 Points)
| Machine | Local Flag | Proof Flag | Total |
|---|---|---|---|
| Machine 1 | 10 pts | 10 pts | 20 pts |
| Machine 2 | 10 pts | 10 pts | 20 pts |
| Machine 3 | 10 pts | 10 pts | 20 pts |
- Local flag: Obtained after initial foothold (low-privilege shell)
- Proof flag: Obtained after privilege escalation to root/Administrator
Active Directory Set (40 Points)
The AD set consists of 3 machines in a domain environment:
| Target | Points | Notes |
|---|---|---|
| Machine 1 (Client/Workstation) | — | Part of complete chain |
| Machine 2 (Additional Server) | — | Part of complete chain |
| Domain Controller | — | Final target |
| Complete AD Chain | 40 pts | All-or-nothing |
Critical: The AD set is scored as a single unit. Partial completion (e.g., compromising only 2 of 3 machines) awards zero points. You must fully compromise the Domain Controller.
Passing Scenarios
| Scenario | Standalone | AD Set | Total | Pass? |
|---|---|---|---|---|
| All standalone, no AD | 60 pts | 0 pts | 60 pts | ❌ No |
| AD + 2 full standalone | 40 pts | 40 pts | 80 pts | ✅ Yes |
| AD + 1 full + 2 local flags | 30 pts | 40 pts | 70 pts | ✅ Yes |
| 3 standalone (local only) + AD | 30 pts | 40 pts | 70 pts | ✅ Yes |
Tool Restrictions
Metasploit & Meterpreter
You may use Metasploit/Meterpreter on exactly one machine during the entire exam:
Allowed (once):
├── Metasploit Framework exploits
├── Meterpreter payload
├── msfvenom for payload generation (unlimited)
└── Multi/handler listener (unlimited)
Choose wisely - once used on a machine, you cannot
use Metasploit exploits on any other machine.
Prohibited Tools
The following are strictly forbidden:
- AI/LLM tools: ChatGPT, Claude, Copilot, or any AI assistants
- Auto-exploitation: sqlmap (--os-shell), AutoSploit
- Commercial tools: Burp Suite Professional scanner features, Cobalt Strike
- Automated AD tools: BloodHound (data collection allowed, but not automated path analysis)
Allowed Tools
You can freely use:
- Nmap, Gobuster, ffuf, feroxbuster
- LinPEAS, WinPEAS, linux-exploit-suggester
- Burp Suite Community (manual testing)
- Impacket suite, NetExec (nxc)
- Custom scripts you've written
- Any tool in standard Kali Linux
Bonus Points Update (November 2024)
Important Change: As of November 2024, OffSec has removed bonus points from the OSCP exam. Previously, completing course exercises and lab machines could earn up to 10 bonus points. This is no longer available.
You must now earn all 70 points from the exam machines alone.
Proctoring Requirements
The exam is proctored via webcam:
| Requirement | Details |
|---|---|
| Webcam | Must be on throughout exam |
| Screen sharing | Your entire screen is recorded |
| ID verification | Government-issued ID required |
| Workspace | Must show room via webcam |
| Breaks | Allowed, but camera stays on |
| Communication | Via proctoring chat only |
Report Requirements
Your report must include:
- Executive Summary: High-level overview of findings
- Methodology: Tools and techniques used
- Detailed Walkthrough: Step-by-step for each machine
- Screenshots: Proof of every flag captured
- Recommendations: How to fix vulnerabilities found
Tip: Take screenshots constantly during the exam. Missing a single proof screenshot can cost you the entire machine's points.
Next, we'll create a study plan and timeline for OSCP preparation. :::