Who should take the OSCP+?

IT professionals who work in security, systems administration, or network engineering roles and who want to move into penetration testing or red teaming should be thinking about the OSCP+ and PEN-200. It's a great certification to prove you have hands-on familiarity with offensive security skills in real-world conditions.

How much does the OSCP+ cost?

The OSCP+ costs at least $1,749, but it can cost quite a lot more. The lowest price necessarily includes a 90-day course at offsec.com and the OSCP+ exam (PEN-200) bundled together, it also comes with only one attempt at the exam. There are longer access periods with more attempts at the exam and other resources priced as high as $6,099/year.

Does the OSCP+ pay well?

Yes -- OSCP+ holders often command salaries in the $90K - $130K+ range, depending on role and location. Roles like penetration tester, red team operator, and security consultant frequently list OSCP+ as a preferred or required qualification.

Is the PEN-200 exam hard?

Yes. the OSCP+ exam is a challenging, hands-on, 24 hour-long test. The whole exam is a real-world test of your ability to exploit live machines in a simulated environment. Passing it takes solid technical knowledge, practical experience, and strong time management. It's widely regarded as one of the most challenging entry-to-mid-level cert exams in cybersecurity.

Is the OSCP+ worth it?

If you're serious about a career in offensive security, The OSCP+ is absolutely worth it. OSCP+ is one of the most recognized certifications in the field, signaling that you have real, tested penetration testing skills. It opens doors to more advanced roles and hands-on security work.

Network Penetration Testing Essentials (PEN-200) Online Training

This is a professional-level OffSec course that prepares penetration testers and red team operators for the OSCP+ certification. Gain deep experience in areas like enumeration, privilege escalation, and Active Directory exploitation as you apply tools like Metasploit, Kali Linux, and tunneling frameworks in real-world scenarios.

Erik ChoronOffensive Security & Security Operations

Updated December 2025

Request a Demo

46Skills

358Videos

12Virtual Labs

37h 16mTotal

358 videos12 labs37h 16m

Who This Course Is For

This course is for IT professionals who want to break into offensive security, including those in blue team roles ready to pivot to red teaming. If you're ready to move from theory to hands-on, real-world exploitation in a lab setting, this PEN-200 and OSCP+ course are meant for you.

Skills Your Team Will Gain

Perform enumeration and vulnerability scanning
Exploit SQL injection and client-side vulnerabilities
Bypass protections and escalate privileges on Windows and Linux
Conduct tunneling and port redirection
Use Metasploit Framework to manage and deliver exploits
Attack Active Directory authentication and move laterally

Course Curriculum

Premium skill.Beginning Pen-20050m
Premium skill.Pen Testing Lifecycle with Reconnaissance46m
Premium skill.Exploit resources47m
Premium skill.Metasploit fundamentals54m
Premium skill.Metasploit Payloads57m
Premium skill.Scanning with nMap46m
Premium skill.Scanning with Nessus (Active)53m
Premium skill.Detailed Active Scanning with Nessus52m
Premium skill.OpenVAS51m
Premium skill.Passive Scanning for Vulnerabilities59m
Premium skill.Deeper into Passive Scanning48m
Premium skill.Web Application Assessment51m
Premium skill.Web Application Assessment Tools55m
Premium skill.Burpsuite46m
Premium skill.Cross-Site Scripting XSS50m
Premium skill.Directory Traversal48m
Premium skill.File Inclusion Attack48m
Premium skill.Command Injection47m
Premium skill.SQL Theory and Exploration50m
Premium skill.Exploiting Microsoft Office47m
Premium skill.Windows Library Files52m
Premium skill.Abusing Windows Library Files55m
Premium skill.Advanced DLL Injection45m
Premium skill.Post-Exploitation with Metasploit50m
Premium skill.Password Attacks - Understanding47m
Premium skill.Password Attacks - Methodology50m
Premium skill.Password Attacks - Physical Attack47m
Premium skill.Password Attacks - Tools48m
Premium skill.Windows Enumeration53m
Premium skill.Leveraging Windows Services47m
Premium skill.Linux Enumeration47m
Premium skill.Linux Insecurity47m
Premium skill.Linux File Insecurity46m
Premium skill.Port Forwarding and Tunneling45m
Premium skill.Deep Packet Inspection47m
Premium skill.Other Tunneling Tools45m
Premium skill.Antivirus Evasion44m
Premium skill.Automating Metasploit46m
Premium skill.Memory Corruption Exploits46m
Premium skill.Fixing Web Exploits44m
Premium skill.Understanding Active Directory Authentication46m
Premium skill.Active Directory Manual Enumeration47m
Premium skill.Active Directory Automated Enumeration46m
Premium skill.Attacks on Active Directory Authentication50m
Premium skill.Active Directory Persistence44m
Premium skill.Lateral Movements and Post-cleanup46m

Part of the Security & Compliance training initiative

Platform Features

Certification

OffSec Certified Professional (OSCP+) (PEN-200)

The OffSec Certified Professional (OSCP+) certification is a rigorous and highly respected credential that validates a candidate's ability to perform penetration testing and ethical hacking. It is designed for security professionals who want to demon...

Exam OSCPLevel ProfessionalDifficulty AdvancedCost $1,699

penetration testingethical hackingvulnerability assessmentexploit developmentnetwork security

Official certification page

For IT leaders

What IT leaders need to know before assigning this course

Security teams need repeatable penetration testing skills to find exploitable weaknesses before they become incidents, audit findings, or emergency contractor work. This advanced PEN-200 course fits IT Practitioners moving into offensive security, security engineers who support vulnerability validation, and Team Leads building an internal red-team capability. The visible curriculum alone is about 33 hours, plus additional skills, so IT Directors should plan roughly a full training week per learner and allow extra practice time for OSCP+ readiness.

Because the course covers offensive tooling and techniques — including Metasploit, password attacks, antivirus evasion, tunneling, and exploitation of Windows, Linux, and web applications — assign it within clear rules of engagement and approved lab or test environments. CBT Nuggets Playlists can help Training Managers sequence the rollout, while Team Reporting helps leaders track progress across assigned learners.

Team Impact

How this training helps your team succeed

IT teams complete this training to turn vulnerability data into actionable security validation. The curriculum moves from reconnaissance and scanning into exploitation, post-exploitation, enumeration, tunneling, and web application assessment, giving security teams a practical workflow for controlled penetration testing.

Validate exposure with tools and methods such as Nmap scanning, Nessus active scanning, OpenVAS, and passive vulnerability discovery.
Assess web applications for common attack paths, including XSS, directory traversal, file inclusion, command injection, and SQL exploration.
Investigate Windows and Linux systems through enumeration, insecure services, file permissions, DLL injection concepts, and library file abuse.
Practice controlled exploitation workflows with Metasploit, payloads, post-exploitation, password attack methodology, port forwarding, tunneling, and traffic inspection.

After completion

Knowledge & ability your team will gain

Knowledge

Penetration testing lifecycle concepts, including reconnaissance and vulnerability discovery.
How exploit resources, Metasploit fundamentals, payloads, and post-exploitation fit into an authorized test.
Differences between active scanning, detailed Nessus scanning, OpenVAS usage, and passive scanning approaches.
Common web application weaknesses, including XSS, directory traversal, file inclusion, command injection, and SQL-related issues.
Windows and Linux enumeration concepts, including services, file insecurity, library files, and DLL injection topics.

Ability

Run structured reconnaissance and scanning activities using tools covered in the course, including Nmap, Nessus, and OpenVAS.
Use Burp Suite and other web assessment tools to investigate web application attack paths.
Apply Metasploit workflows for exploitation, payload handling, automation, and post-exploitation practice in authorized environments.
Evaluate password attack methodology and related tools, including physical attack considerations.
Analyze tunneling, port forwarding, deep packet inspection, antivirus evasion, and memory corruption exploit concepts.