OSCP vs OSCE make the right decision for your career

blog + Certifications + Education Z. Oualid today

share close

OSCP and OSCE are some of the best and the most popular technical certifications in the field of cybersecurity. A lot of skilled penetration testers around the world are chasing it and work harder to pass their painful exam and I was once one of them.

OSCP and OSCE certifications are pretty different especially at the level of the required information to take the exam. Therefore, knowing the differences between them and which one is better for you is necessary to start your journey.

Here is a table that describes the main differences between the OSCP and OSCE certifications:

48h exam72h exam
5 machines to hack4 machines to hack
Focus on using toolsFocus on building tools
More popularLess popular than OSCP
Anyone can buy the voucherRequire passing a quick test before buying the voucher
About 4500 holder in USAbout 2500 holder in US
2 months lab for $11992 months lab for $1299

In the following paragraphs I will give more details about those different aspects, so if you want to know more to make the right decision, then just keep reading.

Course content differences

In terms of content, I see that OSCP and OSCE certification are sort of complementary. However, both certifications focus on some new aspects and techniques of penetration testing but somehow complete each other.

OSCP content

The OSCP certification focuses more on the following subjects:

  • Scanning and enumerating
  • Analyzing fixing and modifying public exploit codes
  • Privileges escalation in as much as possible ways
  • Exploiting SQL injection and File inclusion to get RCE
  • Learning the pivoting techniques

 The first and the most important aspect that OSCP is built around and that tries to force students to master it is information gathering and enumeration. If you ask any OSCP supervisors while doing the lab to give you a hint, then the first thing he will tell you is to keep enumerating.

I really cannot say this enough, but the key to success in OSCP certification is the enumeration. Actually, it is always the key to finding vulnerabilities in real life and that’s why OSCP focuses on it.

One of the best things that OSCP taught you is analyzing and modifying the public exploits. Man, that’s one of the craziest things that incompetent penetration tester, executing an exploit against the client machine without knowing what is exactly doing. OSCP team knows that and tries their best in this certification to make people aware of that by choosing the right exercises.

What I have noticed in the certification is that a big percentage of the scenarios in the lab are based on web application vulnerabilities. This is comprehensive as most real-life situations penetration comes from a vulnerable web application.

OSCE content

The OSCP certification focuses more on the following subjects:

  • Debugging Windows binaries
  • Creating exploits
  • Backdooring executables
  • Bypassing Antivirus
  • Advanced exploitation of XSS to gain RCE

As I said at the beginning of this blog post, the OSCE certification was created to teach penetration testers one of the rare competencies which is creating exploits and tools. The main objective of this certification is to give you the basics to start thinking outside the box and find new ways to penetrate a network.

Backdooring executables and bypassing antivirus is a very important skill that a penetration tester could have. This skill will help you, especially when dealing with an external penetration test. In this situation, you get only 2 options in most cases. The first one is to find a zero-day, which will take you too much time, or using phishing techniques while backdooring files and bypassing Antivirus.

Exam differences

To pass the OSCP certification you get 5 machines with different situations, which you need to penetrate to find flags and then submit them. Depending on the number of points you get from exploiting the machines you will be able to pass the exam with only 4 machines. You need to get 70 points out of 100 to be able to pass the exam.

After passing both certifications I have noticed that OSCE exam is more structured, I mean you know what you need to do next, contrary to OSCP. In the OSCP certification, there is no structure in most exercises. In many situations, you will get to a point where you did everything you know about and you still don’t get the first access point or a way to do privileges escalation. That is what I have found really frustrating in OSCP.

In the OSCP exam, you can get a bonus of 10 points if you make a good lab report and send it to the Offensive security team. I know it seems not very interesting, but trust me, you can fail an exam for less than that and you would wish that you have sent the report to get that 10 points.

The OSCE certification represents the next step after the OSCP certification, as the knowledge required to pass the exam is more complex than the OSCP.

I am really sorry, I can’t say anything else about the exam as this is against the Offensive security rules. However, all I can say is that you need to work really hard to get certified. These two certifications are not QA-like exams. It will be so difficult that you will even doubt your competencies.

Certification value

Both certifications are the best and the most popular among cybersecurity professionals. Someone who holds the OSCE is much respected as it is a sort of proof of competence. I am not saying this because I hold these two certifications, but trust me you can google them both and see what other people say about them.

They get this value from giving a very difficult exam over years. A lot of other certifications in the market have very good course content like the SANS course but the problem is that the exam is a QCM style. In addition, the price is too high that only companies have the possibility to pay for it.

This certification is also known by employers and start to be a requirement in job offers. I believe that in the next years, holding at least an OSCP would become necessary to get a job as a penetration tester.

The new changes in OSCE

The OSCE certification has changed this year by introducing a lot of modern techniques to penetrate systems. The certification has been divided into three big categories depending on what you like to focus on:

  • Advanced Web Attacks and Exploitation
  • Evasion Techniques and Breaching Defenses
  • Windows User Mode Exploit Development

Written by: Z. Oualid

Rate it

About the author

Z. Oualid

I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).

Previous post

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *