OSCP
PEN-200: Penetration Testing with Kali Linux (OSCP)
Section titled “PEN-200: Penetration Testing with Kali Linux (OSCP)”The OSCP is one of the most recognized offensive security certifications. This page covers exam prep platforms, community tips, and curated resources for passing the exam.
Join the Certs IrregularChat (Login Required)
Prep Platforms
Section titled “Prep Platforms”Hack The Box Academy (CPTS)
Section titled “Hack The Box Academy (CPTS)”The Certified Penetration Testing Specialist (CPTS) is the course most frequently recommended in the community for OSCP prep. One community member specifically recommended “the CPTS pipeline” over OSCP for those wanting hands-on skills.
- Course: Penetration Tester Job Role Path — 28 modules, ~480 sections
- Certification: CPTS Exam — 10-day unproctored lab engagement + professional report
- Coverage: Nmap, footprinting, web attacks (SQLi, XSS, file inclusion), password attacks, pivoting/tunneling, Active Directory enumeration and attacks, Windows and Linux privilege escalation, documentation and reporting
- Why for OSCP: Covers all OSCP objectives plus deeper AD content (forest pivoting, Kerberos attacks, lateral movement). The 10-day exam format builds better real-world skills than the 24-hour OSCP time crunch.
- Requirement: Must complete 100% of the Penetration Tester path before scheduling the exam
TryHackMe
Section titled “TryHackMe”TryHackMe is more guided and beginner-friendly — ideal for building fundamentals before HTB or OSCP.
- Offensive Pentesting Path — Designed specifically for OSCP candidates. Covers buffer overflows, AD attacks (Kerberoasting, AS-REP Roasting, Pass-the-Ticket), and network exploitation. Good supplement after PEN-200 labs but not sufficient alone.
- Jr Penetration Tester Path — Web vulnerabilities, network enumeration, basic exploitation. More structured entry point.
- Complete Beginner Path — Start here if new to pentesting.
Platform Comparison
Section titled “Platform Comparison”| Hack The Box Academy | TryHackMe | |
|---|---|---|
| Best for | Intermediate to advanced | Beginner to intermediate |
| Style | Self-directed, minimal hand-holding | Step-by-step guided rooms |
| OSCP relevance | High — CPTS exceeds OSCP scope | Moderate — good supplemental prep |
| AD depth | Deep (forest pivoting, Kerberos, lateral movement) | Basic to intermediate |
| Certifications | CPTS, CBBH, CDSA, CWEE | PT1, SAL1 |
Cost Comparison
Section titled “Cost Comparison”| Platform / Product | Cost | Notes |
|---|---|---|
| HTB Academy — Student Plan | $8/month | Requires school/university email. Covers full CPTS path. |
| HTB Academy — Silver Annual | $490/year | Includes CPTS exam voucher |
| HTB CPTS Exam Voucher (standalone) | ~$210 | Must complete 100% of path first |
| TryHackMe Premium | $16.99/month or $126/year | 20% student discount available |
| TryHackMe PT1 Exam | $297 | Includes free retake + 3-month subscription |
| OffSec PEN-200 + OSCP+ Bundle | $1,749 | 90-day lab + 1 exam attempt |
| OffSec Learn One (Annual) | $2,749/year | 1 year lab access + 2 exam attempts |
Community Feedback
Section titled “Community Feedback”Insights from IrregularChat members who have taken the OSCP:
-
“OSCP was recommended to help round out my resume as a new cyber officer. I started ethical hacking way before joining cyber, so I do enjoy it. The likelihood of me using this skill in a working environment is low. I just personally care about being a technically competent leader.”
-
“I’m going to go out on a limb here and offer a different approach, but it is situational dependent. Why are you taking the OSCP exam? If you just want the cert, read and apply the recommendations above. If you plan to employ the skills/knowledge, I have a much different recommendation: to do the CPTS pipeline.”
-
“I would also recommend setting up a repo of notes/cheat sheets in Obsidian. I also automated my initial Nmap scan process and website enumeration and created global variables of the IPs and URLs with bash scripts I built.”
-
“Got my OSCP on my second attempt. My first attempt was pre-AD, and I bombed it, only 10 points. On my second attempt, I did the Learn One and still only used about 5 months of it because I was deployed during half of it.”
Practice Resources
Section titled “Practice Resources”Labs, challenges, and machine lists to sharpen your skills.
- NetSecFocus “TJ Null’s” Trophy Room (Google Sheet) — The definitive OSCP-like machine list
- IrregularChat Community OSCP Tracker (Google Sheet) — Community-shared prep tracker
- All About OSCP
- TJNull’s Preparation Guide for PWK/OSCP
- Cracking the New Pattern
- Reddit OSCP Journey and Tips
- Avoiding Common OSCP Pitfalls
- Total OSCP Guide
- OSCP Scripts
- Enumeration Cheatsheets
- General OSCP Cheatsheet
- 0xsyr0 OSCP Resources (GitHub)
Active Directory Resources
Section titled “Active Directory Resources”Purple Team
Section titled “Purple Team”Red Team
Section titled “Red Team”- GitHub - 0xJs - Certified Red Team Professional Cheatsheet
- GitHub - 0xJs - Red Teaming Cheat Sheet for Windows Active Directory
- iRed Team - Offensive Security Cheatsheets
- Zer1t0’s Blog - Attacking Active Directory
- Lümmelsec - A Low Dive into Kerberos Delegations
Blue Team
Section titled “Blue Team”Mind Maps
Section titled “Mind Maps”- Whimsical - Target Machine IP Workflow Mind Map
- Orange Cyber - Penetration Testing Active Directory Mind Map
