OSCP Exposed Part 3: What The OSCP Will Never Teach You
After getting the OSCP, I always wondered:
Why the Heck does this certificate have such a high value?
I’m sure this question will cross your mind too once you pass the exam. So, let’s dive into this exposé and uncover the gaps in what OSCP teaches!
No Antivirus Solutions
When I was working on the practice machines for OSCP, a constant thought nagged at me:
Where the fuck is the antivirus?
I was able to upload tools like Mimikatz without any resistance. I could use Metasploit-generated reverse shells with ease, and run Nmap scans without any firewall blocking my way. In a real-world environment, this would be almost impossible. Most organizations have some level of antivirus or Endpoint Detection and Response (EDR) solutions, not just for security but for compliance reasons such as PCI DSS. However, in the OSCP labs, there is not a single layer of protection.
This was my first indication that the OSCP doesn’t accurately simulate real-world network security scenarios. If you’re practicing for OSCP, you might find it much easier than actual pentesting engagements, where bypassing defenses like antivirus, EDRs, and firewalls is a critical skill.
Persistence Not Required
The exploitation methodology for OSCP is pretty simple.
Enumeration → Initial Access → Privilege Escalation → Lab Solved!
However, in a real penetration test, there are several other crucial steps, one of which is Persistence. After gaining initial access, attackers often need to maintain their foothold, especially if the system has defenders (blue team) actively monitoring it. Yet, OSCP labs do not require you to implement any persistence mechanisms because there’s no blue team involved. This is a missed opportunity since learning and practicing persistence is vital for a pentester.
Furthermore, Clearing Tracks to erase any evidence of an attack is an essential skill that many OSCP holders might overlook. Real-world engagements often involve covering tracks to evade detection, a skill not emphasized in OSCP training. For aspiring red teamers, these skills are non-negotiable, and it’s a glaring gap in the OSCP curriculum.
Limited Focus on Web Application Penetration Testing
While OSCP is renowned for network penetration testing, it falls short in the realm of web application penetration testing. The course briefly touches on only a handful of web application attacks like SQL Injection, Local/Remote File Inclusion (LFI/RFI), Cross-Site Scripting (XSS), Command Injection, and File Upload vulnerabilities.
However, these barely scratch the surface of the OWASP Top 10, let alone the more complex web vulnerabilities. For someone looking to specialize in web app pentesting, the OSCP offers limited value. I learned more about web application attacks through platforms like PortSwigger Academy, which provides in-depth, hands-on labs for free.
Insufficient Coverage of Active Directory
If you’ve read my first article on the OSCP exam, you know that the Active Directory (AD) component in the exam was underwhelming. Active Directory is a crucial part of most corporate environments, yet the OSCP barely scratches the surface. The course touches on a few basic attacks, but it doesn’t delve into more advanced AD exploitation techniques like LAPS Password Abuse, GMSA Password Abuse, Resource-Based Constrained Delegation (RBCD) Attacks, Pass the Certificate, Diamond Ticket Attacks, and many others.
For those serious about mastering AD exploitation, other courses like TCM Security’s Practical Ethical Hacking (PEH) course, Certified Red Team Professional (CRTP) by Altered Security, and HackTheBox machines offer much more comprehensive training. In comparison, the OSCP’s AD training feels like an appetizer without the main course.
Not Worth $1649
One of the biggest criticisms of OSCP is its price tag — $1,649. For many, this is a substantial investment. In countries like India, this amounts to ₹1.4 Lakhs, a significant sum for an upper-middle or middle-class individual. On top of that, if you’re a student, this amount comes on top of your existing education expenses. In my case, my B.Tech Engineering fees were ₹4 Lakhs per year, totaling ₹16 Lakhs.
Before purchasing the OSCP course, I had already learned around 90% of its content from platforms like TryHackMe and HackTheBox. While the course did introduce a few new concepts, the content didn’t justify the hefty price tag. I even reached out to OffSec to explain my financial situation, hoping for a discount, but my request was declined.
If the OSCP didn’t hold such high market value, I would have chosen more budget-friendly alternatives like TCM Security’s PNPT or HackTheBox’s CPTS. These certifications provide a more comprehensive learning experience for a fraction of the cost.
Final Thoughts
OSCP is undeniably a prestigious certification that opens doors in the cybersecurity field, but it’s not without its flaws. While it provides a solid foundation for network penetration testing, it lacks depth in areas like antivirus evasion, persistence, web application security, and Active Directory exploitation. Additionally, the high cost of the certification raises questions about its overall value, especially when there are more affordable and comprehensive options available.
If you’re considering OSCP, be aware of these limitations. Use it as a stepping stone, but don’t expect it to be the be-all and end-all of your penetration testing journey.
