ProfessionalVendor-neutralOffSec· issued from US

OSEP

Offensive Security Experienced Penetration Tester

The OffSec Experienced Penetration Tester (OSEP) is based on the PEN-300 course and addresses advanced techniques around antivirus evasion, Active Directory attacks, and living-off-the-land methods. The fully practical 48-hour exam (47:45 hrs exam + 24 hrs report) in a simulated enterprise environment is the key difference from knowledge-based certifications—it tests real attack capabilities. OSEP is considered credible proof of high-level offensive competence in red team circles, but requires solid OSCP knowledge. Together with OSED and OSWE, OSEP forms the OSCE³ trio.

Official page at OffSec ↔ Compare with another cert

Exam fee

$1,649

Ongoing

$0/yr AMF

Study time

300–600 hrs

Delivery

Online proctored

Validity

3 yrs (renewal cycle)

› Quality score

32.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

PEN-300 syllabus is published; covers EDR evasion, lateral movement, custom payloads.

8.5/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

48-hour live-network engagement with an AV/EDR-instrumented lab plus a graded report.

9.0/10

Currency & upkeep

How aggressively content is kept current with the field.

PEN-300 refreshed alongside the OffSec evasion content roadmap.

7.0/10

Market recognition

How often this signal actually moves a hiring decision.

Strong in red-team hiring, especially mature internal red teams; second only to OSCP for offensive credibility. [Holders: 2k, 2024-12]

7.5/10

› Market signals

public, citable inputs to the recognition score

Holders worldwide

2,500

as of 2024-12 · source

› Built for these roles

Cloud Security ArchitectCloud Security EngineerIT Security Manager (Cloud Focus)Compliance Manager (Cloud)Enterprise Architect

› Exam format

Practical: 47 hours 45 min. hands-on exam (evasion, AD attacks, advanced exploitation) + report. Proctored.

Passing score

Lab points-based (typically 100/100 across multiple targets in 48hr exam)

Retake policy

Fee: $249 per attempt

Wait: 0d between attempts

Retake voucher $249 separately. No wait period beyond exam scheduling availability.

› Recertification

Valid indefinitely. No renewal required.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

PD-WRL-007

Recognition

Global

Exam languages

› Core domains covered

The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A9Penetration Testing & Red Teaming

Methodology (OSSTMM, PTES), web/network/mobile pentesting, social engineering, purple teaming.

A2Network Security

Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.

A6Identity & Access Management

AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.