› Certifications · compare
Compare certifications Pick up to 3 certifications and compare them side-by-side on cost, exam format, recertification, salary signal, quality, and domain coverage.
OffSec · professional
OSCP Offensive Security Certified Professional
Hands-on penetration testing — exploitation, privilege escalation, AD attacks.
Official page OffSec · professional
OSEP Offensive Security Experienced Penetration Tester
The OffSec Experienced Penetration Tester (OSEP) is based on the PEN-300 course and addresses advanced techniques around antivirus evasion, Active Directory attacks, and living-off-the-land methods. The fully practical 48-hour exam (47:45 hrs exam + 24 hrs report) in a simulated enterprise environment is the key difference from knowledge-based certifications—it tests real attack capabilities. OSEP is considered credible proof of high-level offensive competence in red team circles, but requires solid OSCP knowledge. Together with OSED and OSWE, OSEP forms the OSCE³ trio.
Official page Comparing
OffSec OSCP
OffSec OSEP
› Cost 3-year cost of ownership
$1,649
$1,649
› Exam mechanics Pass mark
OSCP 70 / 100 points across the 24-hour exam
OSEP Lab points-based (typically 100/100 across multiple targets in 48hr exam)
Pass mark
70 / 100 points across the 24-hour exam
Lab points-based (typically 100/100 across multiple targets in 48hr exam)
Retake policy
OSCP $249 fee · 0d wait
OSEP $249 fee · 0d wait
Retake policy
$249 fee · 0d wait
$249 fee · 0d wait
Study time
OSCP 300–600 hrs
OSEP 300–600 hrs
Study time
300–600 hrs
300–600 hrs
Delivery
OSCP practical lab
OSEP online proctored
Delivery
practical lab
online proctored
› Salary signal (US base) Range
OSCP $110K – $170K
OSEP $140K – $215K
Range
$110K – $170K
$140K – $215K
Role context
OSCP Penetration tester / red team operator, US, 3–5 years.
OSEP Red team operator / advanced pentester, US, 5+ years.
Role context
Penetration tester / red team operator, US, 3–5 years.
Red team operator / advanced pentester, US, 5+ years.
› Quality (4-axis rubric · 0–10) › Recognition & lifecycle Recognition
OSCP Global · US · EU · UK
OSEP Global
Recognition
Global · US · EU · UK
Global
Holders worldwide
30,000
2,500
Current version
OSCP PEN-200 (2024) (2024-03)
OSEP PEN-300 (2024) (2024-06)
Current version
PEN-200 (2024) (2024-03)
PEN-300 (2024) (2024-06)
› Domain coverage A1 Governance, Risk & Compliance
A1 Governance, Risk & Compliance
⚠ gap
·
A12 Data Security, Privacy & Protection
A12 Data Security, Privacy & Protection
⚠ gap
·
A2 Network Security
● core
● core
A21 Malware Analysis & Reverse Engineering
A21 Malware Analysis & Reverse Engineering
○ touched
·
A24 Exposure Management & Attack Surface
A24 Exposure Management & Attack Surface
○ touched
·
A4 Application Security
● core
·
A6 Identity & Access Management
A6 Identity & Access Management
● core
● core
A9 Penetration Testing & Red Teaming
A9 Penetration Testing & Red Teaming
● core
● core
C1 Adversarial Machine Learning
C1 Adversarial Machine Learning
⚠ gap
·
C2 LLM-Specific Attacks
⚠ gap
·
Browse the full catalog or open any one of these on its detail page for full study materials, peer comparisons, and lifecycle notes.