OSCP Exam Update | What is OSCP+ Certification?

OSCP Exam Updates

Offensive Security has announced significant changes to its flagship certification exam, the Offensive Security Certified Professional (OSCP), effective November 1, 2024. These updates are aimed at enhancing the certification's alignment with the evolving demands of the cybersecurity industry.

The key changes include:

• Enhancements to the Active Directory (AD) Section: The new exam will place greater emphasis on AD environments, introducing scenarios that simulate real-world compromises. Candidates will begin with a standard user account within an AD domain and work towards achieving a full domain compromise. This change reflects the increasing relevance of AD in modern cyberattacks.
• Removal of Bonus Points: The updated exam eliminates bonus points, which were previously earned through optional exercises. This change ensures uniformity across all Offensive Security certifications, providing a consistent structure for learners.

Reasons for Changes

Offensive Security made these updates to address the dynamic nature of the cybersecurity landscape and better prepare candidates for real-world challenges.

• Adapting to Cybersecurity Trends: Cybercriminals often target AD environments, making it essential for professionals to have advanced skills in handling such scenarios. By updating the exam, Offensive Security ensures candidates are better equipped to deal with these critical attack surfaces.
• Introduction of “Assumed Compromise” Scenarios: The revised exam incorporates realistic scenarios where candidates must navigate compromised environments, reflecting challenges they are likely to face in actual penetration testing roles.
• Removal of Bonus Points for Consistency: Previously, OSCP was the only certification within the Offensive Security portfolio that allowed bonus points. By removing this feature, the organization creates a level playing field across all its certifications while maintaining fairness and continuity.

3. Introduction of OSCP+ Certification

Starting November 1, 2024, the new OSCP exam will not only award candidates the traditional OSCP certification but also introduce the OSCP+ designation. This additional certification aims to ensure that certified professionals remain current with industry developments.

• Key Features of OSCP+ Certification:
  1. Three-Year Validity: Unlike the lifetime-valid OSCP, the OSCP+ certification will expire three years after issuance.
  2. Renewal Options: To retain the "+" designation, candidates can choose from the following paths:
     • Recertification Exam: Retake and pass the updated OSCP+ exam within six months of the expiration date.
     • Qualifying Certification: Earn another advanced Offensive Security certification, such as OSEP, OSWA, OSED, or OSEE, before the expiration date.
     • Continuing Professional Education (CPE) Program: Complete an upcoming CPE program designed by Offensive Security (details to be announced).

This structure encourages continuous learning and ensures that professionals stay up-to-date with the latest techniques and tools in cybersecurity.

OSCP vs. OSCP+

The introduction of OSCP+ does not replace the existing OSCP certification but rather builds upon it. Both certifications have distinct purposes:

• OSCP:

  • Remains valid for life and does not require renewal.
  • Continues to represent a strong foundation in offensive security and penetration testing.
  • Ideal for professionals seeking a static certification to demonstrate their skills.

• OSCP+:

  • Reflects expertise that is continuously updated to meet current industry standards.
  • Highlights a professional’s commitment to lifelong learning and staying relevant in the fast-paced cybersecurity field.
  • Designed for individuals who aim to maintain their edge in offensive security over time.

The introduction of OSCP+ underscores Offensive Security's commitment to providing certifications that meet industry demands while encouraging ongoing professional development.

For Existing OSCP Holders

Offensive Security has introduced special provisions for existing OSCP holders who wish to earn the new OSCP+ designation.

• Discounted Exam Option: Existing OSCP holders can take the updated OSCP+ exam at a promotional price of $199. This offer is valid for purchases made between November 1, 2024, and March 31, 2025. After this period, the price will increase to $799 for recertification exams.
• Exclusive Offer: The promotional pricing applies only to the first purchase. Subsequent attempts or recertifications will require paying the standard price.
• Optional Upgrade: The OSCP+ exam is not mandatory for current OSCP holders. Those who choose not to take the updated exam will retain their OSCP certification, which remains valid for life.

Exam Preparation

To ensure candidates are thoroughly prepared for the updated exam, Offensive Security has clarified the role of its training programs:

• PEN-200 Course: The existing PEN-200 course content remains unchanged and continues to be aligned with the updated OSCP exam requirements. This ensures that learners already enrolled in the course can confidently prepare for the exam.
• AWS Module: A new AWS module has been added to the PEN-200 course; however, it is currently not included in the OSCP+ exam. This module provides additional knowledge but does not impact the exam preparation directly.

Candidates are encouraged to utilize the PEN-200 course materials to strengthen their foundational skills and prepare for the challenges of the updated exam.

Cost Structure

The updated OSCP+ certification comes with a tiered pricing structure to accommodate learners at different stages of their training and certification journey:

• For Current OSCP Holders:

  • Promotional Price: $199 (available between November 1, 2024, and March 31, 2025).
  • Regular Price: $799 after the promotional period.

• For New Learners:

  • Standalone Certification Exam: $1699, which includes two exam attempts valid for 120 days from the date of purchase.
  • Course & Certification Bundle: Learners who purchase the PEN-200 course and certification bundle will receive an OSCP+ exam attempt as part of their package.
  • Subscription Options:
    • Learn One: Includes two OSCP+ exam attempts valid during the subscription period.
    • Learn Unlimited: Offers unlimited exam attempts for OSCP+ during the subscription period.

These options provide flexibility for learners to choose the path that best suits their needs and goals.

Maintaining OSCP+ Certification

To retain the "+" designation after the initial three-year validity period, OSCP+ holders must complete one of the following renewal paths:

1. Recertification Exam: Retake and pass the OSCP+ exam within six months before the certification expires.
2. Qualifying Certification: Earn another advanced Offensive Security certification, such as:
   • OSEP (OffSec Experienced Penetration Tester)
   • OSWA (OffSec Web Assessor)
   • OSED (OffSec Exploit Developer)
   • OSEE (OffSec Exploitation Expert)
     (Note: The list of qualifying certifications is subject to change.)
3. Continuing Professional Education (CPE) Program: Complete the upcoming CPE program designed by Offensive Security. The program details will be announced in late 2024 or early 2025.

By offering multiple renewal paths, Offensive Security ensures that OSCP+ holders can maintain their certification in a manner that aligns with their career goals and learning preferences.

Frequently Asked Questions

1. I already have an OSCP certification, how does this change affect me?

The changes will not affect your current OSCP certification. Your OSCP certification remains valid for life, and you can choose to upgrade to OSCP+ if you wish.

2. What is OSCP+ and how does it differ from the regular OSCP?

OSCP+ is a new certification that is awarded alongside OSCP starting November 1, 2024. It reflects up-to-date cybersecurity knowledge and requires periodic recertification to maintain the "+" designation.

3. Will my OSCP certification expire?

No, your OSCP certification will never expire. It remains valid indefinitely unless you choose to pursue the OSCP+ designation.

4. Do I need to retake the OSCP exam to earn the OSCP+ certification?

Yes, to earn OSCP+, you must pass the updated OSCP exam after November 1, 2024. If you are an existing OSCP holder, you can take the exam at a discounted price.

5. How long is the OSCP+ certification valid?

OSCP+ is valid for three years. After that, you must renew it by completing one of the available renewal paths.

6. How can I renew my OSCP+ certification?

You can renew your OSCP+ certification by:

• Retaking the exam.
• Earning another qualifying OffSec certification.
• Completing the upcoming CPE program.

7. What is the cost for the OSCP+ exam?

The promotional price for OSCP+ for current OSCP holders is $199 between November 1, 2024, and March 31, 2025. After that, the price will increase to $799. For new candidates, the standalone OSCP+ exam is priced at $1699.

8. Can I earn OSCP+ without taking a new exam?

No, you must take and pass the updated OSCP exam after November 1, 2024, to earn OSCP+.

9. Will the content of the PEN-200 course change to reflect OSCP+ exam updates?

No, the PEN-200 course content remains unchanged for the updated OSCP exam, but the AWS module will be added to the course (though it is not part of the exam).

10. What happens if I fail my OSCP+ exam?

If you fail your OSCP+ exam, you will need to retake the exam. Existing OSCP holders can retake the exam for $199 if they are within the promotional window.

11. How can I maintain the OSCP+ designation after three years?

You can maintain your OSCP+ designation by either:

• Passing a recertification exam within six months of the expiry.
• Earning another qualifying OffSec certification.
• Completing the OffSec CPE program (details to be announced in 2024-2025).

12. I have a Learn One subscription; can I use it for the OSCP+ exam?

Yes, if you are a Learn One subscriber and have passed the OSCP exam, you can use your remaining exam attempt for the OSCP+ exam.

13. What if I don’t want to pursue OSCP+?

If you don’t want to pursue OSCP+, you can keep your OSCP certification, which will remain valid for life. The OSCP+ designation is optional.

14. Will there be any new modules in the PEN-200 course?

While the PEN-200 course has a new AWS module, this module is not part of the OSCP+ exam. The course content remains aligned with the updated OSCP exam.

15. How do I register for the updated OSCP+ exam?

You can register for the updated OSCP+ exam starting November 1, 2024. If you are an existing OSCP holder, you will receive instructions for registration and discounted pricing.

16. What happens if I already purchased an OSCP retake before November 1, 2024?

If you have purchased an OSCP retake, it remains valid for 120 days from the purchase date. You can use it for the updated OSCP exam and earn OSCP+.

17. Can I use my Learn Unlimited subscription for the OSCP+ exam?

Yes, if you have a Learn Unlimited subscription and have passed the OSCP exam, you can use your subscription to sit for the OSCP+ exam without additional cost.

18. What if I need more exam attempts after using my Learn One or Learn Unlimited attempts?

If you need additional attempts after using your subscription’s exam attempts, you can purchase a regular exam retake for $249.

19. Is the $199 promotional price available for new candidates?

No, the $199 promotional price is available exclusively to current OSCP holders. New candidates must pay the standard price of $1699 for the standalone exam.

20. Will there be any other certifications that offer a “+” designation in the future?

Offensive Security is considering adding the “+” designation to other certifications in the future. However, specific details and timelines have not yet been announced. Keep an eye on the website for updates.