OSCP and OSCE are some of the best and the most popular technical certifications in the field of cybersecurity. A lot of skilled penetration testers around the world are chasing it and work harder to pass their painful exam and I was once one of them.
OSCP and OSCE certifications are pretty different especially at the level of the required information to take the exam. Therefore, knowing the differences between them and which one is better for you is necessary to start your journey.
Here is a table that describes the main differences between the OSCP and OSCE certifications:
| OSCP | OSCE |
| 48h exam | 72h exam |
| 5 machines to hack | 4 machines to hack |
| Focus on using tools | Focus on building tools |
| More popular | Less popular than OSCP |
| Anyone can buy the voucher | Require passing a quick test before buying the voucher |
| About 4500 holder in US | About 2500 holder in US |
| 2 months lab for $1199 | 2 months lab for $1299 |
In the following paragraphs I will give more details about those different aspects, so if you want to know more to make the right decision, then just keep reading.
In terms of content, I see that OSCP and OSCE certification are sort of complementary. However, both certifications focus on some new aspects and techniques of penetration testing but somehow complete each other.
The OSCP certification focuses more on the following subjects:
The first and the most important aspect that OSCP is built around and that tries to force students to master it is information gathering and enumeration. If you ask any OSCP supervisors while doing the lab to give you a hint, then the first thing he will tell you is to keep enumerating.
I really cannot say this enough, but the key to success in OSCP certification is the enumeration. Actually, it is always the key to finding vulnerabilities in real life and that’s why OSCP focuses on it.
One of the best things that OSCP taught you is analyzing and modifying the public exploits. Man, that’s one of the craziest things that incompetent penetration tester, executing an exploit against the client machine without knowing what is exactly doing. OSCP team knows that and tries their best in this certification to make people aware of that by choosing the right exercises.
What I have noticed in the certification is that a big percentage of the scenarios in the lab are based on web application vulnerabilities. This is comprehensive as most real-life situations penetration comes from a vulnerable web application.
The OSCP certification focuses more on the following subjects:
As I said at the beginning of this blog post, the OSCE certification was created to teach penetration testers one of the rare competencies which is creating exploits and tools. The main objective of this certification is to give you the basics to start thinking outside the box and find new ways to penetrate a network.
Backdooring executables and bypassing antivirus is a very important skill that a penetration tester could have. This skill will help you, especially when dealing with an external penetration test. In this situation, you get only 2 options in most cases. The first one is to find a zero-day, which will take you too much time, or using phishing techniques while backdooring files and bypassing Antivirus.
To pass the OSCP certification you get 5 machines with different situations, which you need to penetrate to find flags and then submit them. Depending on the number of points you get from exploiting the machines you will be able to pass the exam with only 4 machines. You need to get 70 points out of 100 to be able to pass the exam.
After passing both certifications I have noticed that OSCE exam is more structured, I mean you know what you need to do next, contrary to OSCP. In the OSCP certification, there is no structure in most exercises. In many situations, you will get to a point where you did everything you know about and you still don’t get the first access point or a way to do privileges escalation. That is what I have found really frustrating in OSCP.
In the OSCP exam, you can get a bonus of 10 points if you make a good lab report and send it to the Offensive security team. I know it seems not very interesting, but trust me, you can fail an exam for less than that and you would wish that you have sent the report to get that 10 points.
The OSCE certification represents the next step after the OSCP certification, as the knowledge required to pass the exam is more complex than the OSCP.
I am really sorry, I can’t say anything else about the exam as this is against the Offensive security rules. However, all I can say is that you need to work really hard to get certified. These two certifications are not QA-like exams. It will be so difficult that you will even doubt your competencies.
Both certifications are the best and the most popular among cybersecurity professionals. Someone who holds the OSCE is much respected as it is a sort of proof of competence. I am not saying this because I hold these two certifications, but trust me you can google them both and see what other people say about them.
They get this value from giving a very difficult exam over years. A lot of other certifications in the market have very good course content like the SANS course but the problem is that the exam is a QCM style. In addition, the price is too high that only companies have the possibility to pay for it.
This certification is also known by employers and start to be a requirement in job offers. I believe that in the next years, holding at least an OSCP would become necessary to get a job as a penetration tester.
The OSCE certification has changed this year by introducing a lot of modern techniques to penetrate systems. The certification has been divided into three big categories depending on what you like to focus on:
I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).
One of the best ways to improve the security level of a company is by performing a penetration test. Unfortunately, a penetration test is not an exact science like software ...
Undoubtedly, ChatGPT stands out as one of the most remarkable inventions of 2021. Its wide-ranging capabilities and applications have opened up endless possibilities for human interaction and problem-solving. Furthermore, certain [...]
Post comments (0)