Nerd Level Tech logo
|
Lesson 2 of 24

OSCP Overview & Exam Strategy

OSCP Exam Structure & Scoring

5 min read

Understanding the exam format is critical for success. This lesson breaks down exactly how the OSCP exam works, how points are awarded, and what restrictions apply.

Exam Overview

The OSCP exam is a 23 hour 45 minute practical penetration test followed by a 24-hour documentation period.

┌─────────────────────────────────────────────────────────┐
│                    OSCP Exam Timeline                    │
├─────────────────────────────────────────────────────────┤
│  Exam Start ──────────────────────────────── 23h 45m    │
│       │                                         │       │
│       ├── Hack machines                         │       │
│       ├── Collect flags                         │       │
│       └── Take screenshots                      │       │
│                                                 │       │
│  Exam Ends ─────────────────────────────────────┘       │
│       │                                                 │
│       └── 24-hour Report Window begins                  │
│              │                                          │
│              ├── Write professional report              │
│              ├── Include all screenshots                │
│              └── Document methodology                   │
│                                                         │
│  Report Due ────────────────────────────────────────────┤
└─────────────────────────────────────────────────────────┘

Scoring Breakdown

You need 70 out of 100 points to pass. Points are distributed across two categories:

Standalone Machines (60 Points)

Machine Local Flag Proof Flag Total
Machine 1 10 pts 10 pts 20 pts
Machine 2 10 pts 10 pts 20 pts
Machine 3 10 pts 10 pts 20 pts
  • Local flag: Obtained after initial foothold (low-privilege shell)
  • Proof flag: Obtained after privilege escalation to root/Administrator

Active Directory Set (40 Points)

The AD set consists of 3 machines in a domain environment:

Target Points Notes
Machine 1 (Client/Workstation) Part of complete chain
Machine 2 (Additional Server) Part of complete chain
Domain Controller Final target
Complete AD Chain 40 pts All-or-nothing

Critical: The AD set is scored as a single unit. Partial completion (e.g., compromising only 2 of 3 machines) awards zero points. You must fully compromise the Domain Controller.

Passing Scenarios

Scenario Standalone AD Set Total Pass?
All standalone, no AD 60 pts 0 pts 60 pts ❌ No
AD + 2 full standalone 40 pts 40 pts 80 pts ✅ Yes
AD + 1 full + 2 local flags 30 pts 40 pts 70 pts ✅ Yes
3 standalone (local only) + AD 30 pts 40 pts 70 pts ✅ Yes

Tool Restrictions

Metasploit & Meterpreter

You may use Metasploit/Meterpreter on exactly one machine during the entire exam:

Allowed (once):
├── Metasploit Framework exploits
├── Meterpreter payload
├── msfvenom for payload generation (unlimited)
└── Multi/handler listener (unlimited)

Choose wisely - once used on a machine, you cannot
use Metasploit exploits on any other machine.

Prohibited Tools

The following are strictly forbidden:

  • AI/LLM tools: ChatGPT, Claude, Copilot, or any AI assistants
  • Auto-exploitation: sqlmap (--os-shell), AutoSploit
  • Commercial tools: Burp Suite Professional scanner features, Cobalt Strike
  • Automated AD tools: BloodHound (data collection allowed, but not automated path analysis)

Allowed Tools

You can freely use:

  • Nmap, Gobuster, ffuf, feroxbuster
  • LinPEAS, WinPEAS, linux-exploit-suggester
  • Burp Suite Community (manual testing)
  • Impacket suite, CrackMapExec
  • Custom scripts you've written
  • Any tool in standard Kali Linux

Bonus Points Update (November 2024)

Important Change: As of November 2024, OffSec has removed bonus points from the OSCP exam. Previously, completing course exercises and lab machines could earn up to 10 bonus points. This is no longer available.

You must now earn all 70 points from the exam machines alone.

Proctoring Requirements

The exam is proctored via webcam:

Requirement Details
Webcam Must be on throughout exam
Screen sharing Your entire screen is recorded
ID verification Government-issued ID required
Workspace Must show room via webcam
Breaks Allowed, but camera stays on
Communication Via proctoring chat only

Report Requirements

Your report must include:

  1. Executive Summary: High-level overview of findings
  2. Methodology: Tools and techniques used
  3. Detailed Walkthrough: Step-by-step for each machine
  4. Screenshots: Proof of every flag captured
  5. Recommendations: How to fix vulnerabilities found

Tip: Take screenshots constantly during the exam. Missing a single proof screenshot can cost you the entire machine's points.

Next, we'll create a study plan and timeline for OSCP preparation. :::

Quiz

Module 1: OSCP Overview & Exam Strategy

Take Quiz