› Certifications · compare
Compare certifications Pick up to 3 certifications and compare them side-by-side on cost, exam format, recertification, salary signal, quality, and domain coverage.
OffSec · professional
OSEP Offensive Security Experienced Penetration Tester
The OffSec Experienced Penetration Tester (OSEP) is based on the PEN-300 course and addresses advanced techniques around antivirus evasion, Active Directory attacks, and living-off-the-land methods. The fully practical 48-hour exam (47:45 hrs exam + 24 hrs report) in a simulated enterprise environment is the key difference from knowledge-based certifications—it tests real attack capabilities. OSEP is considered credible proof of high-level offensive competence in red team circles, but requires solid OSCP knowledge. Together with OSED and OSWE, OSEP forms the OSCE³ trio.
Official page OffSec · professional
OSCP Offensive Security Certified Professional
Hands-on penetration testing — exploitation, privilege escalation, AD attacks.
Official page Comparing
OffSec OSEP
OffSec OSCP
› Cost 3-year cost of ownership
$1,649
$1,649
› Exam mechanics Pass mark
OSEP Lab points-based (typically 100/100 across multiple targets in 48hr exam)
OSCP 70 / 100 points across the 24-hour exam
Pass mark
Lab points-based (typically 100/100 across multiple targets in 48hr exam)
70 / 100 points across the 24-hour exam
Retake policy
OSEP $249 fee · 0d wait
OSCP $249 fee · 0d wait
Retake policy
$249 fee · 0d wait
$249 fee · 0d wait
Study time
OSEP 300–600 hrs
OSCP 300–600 hrs
Study time
300–600 hrs
300–600 hrs
Delivery
OSEP online proctored
OSCP practical lab
Delivery
online proctored
practical lab
› Salary signal (US base) Range
OSEP $140K – $215K
OSCP $110K – $170K
Range
$140K – $215K
$110K – $170K
Role context
OSEP Red team operator / advanced pentester, US, 5+ years.
OSCP Penetration tester / red team operator, US, 3–5 years.
Role context
Red team operator / advanced pentester, US, 5+ years.
Penetration tester / red team operator, US, 3–5 years.
› Quality (4-axis rubric · 0–10) › Recognition & lifecycle Recognition
OSEP Global
OSCP Global · US · EU · UK
Recognition
Global
Global · US · EU · UK
Holders worldwide
2,500
30,000
Current version
OSEP PEN-300 (2024) (2024-06)
OSCP PEN-200 (2024) (2024-03)
Current version
PEN-300 (2024) (2024-06)
PEN-200 (2024) (2024-03)
› Domain coverage A1 Governance, Risk & Compliance
A1 Governance, Risk & Compliance
·
⚠ gap
A12 Data Security, Privacy & Protection
A12 Data Security, Privacy & Protection
·
⚠ gap
A2 Network Security
● core
● core
A21 Malware Analysis & Reverse Engineering
A21 Malware Analysis & Reverse Engineering
·
○ touched
A24 Exposure Management & Attack Surface
A24 Exposure Management & Attack Surface
·
○ touched
A4 Application Security
·
● core
A6 Identity & Access Management
A6 Identity & Access Management
● core
● core
A9 Penetration Testing & Red Teaming
A9 Penetration Testing & Red Teaming
● core
● core
C1 Adversarial Machine Learning
C1 Adversarial Machine Learning
·
⚠ gap
C2 LLM-Specific Attacks
·
⚠ gap
Browse the full catalog or open any one of these on its detail page for full study materials, peer comparisons, and lifecycle notes.