Skip to content
CertiGuard

Search

Type a word like "security+" or "ccna". Search runs on the published site.

OffSec

OffSec OSCP: Bundled Pricing, the 24-Hour Exam, and the OSCP+ Change

By Mario Bailey, Editor

Facts last verified against official sources: 2026-07-06

OffSec OSCP costs $1,749 per exam attempt at OffSec's published price, verified 2026-07-06. Renewal: OSCP+ expires 3 years from issuance; the OSCP awarded alongside it does not expire.

Occupation context

$129,180

BLS median, Information Security Analysts (May 2025)

190,650 people employed nationally

Salary figures are U.S. Bureau of Labor Statistics medians for the occupation shown, not a measured premium for holding this certification. No one publishes causal cert premiums; anyone quoting one is guessing.

How to prepare

No single standard third-party course or practice set for this exam yet. Check the vendor's own exam guide and free objectives first.

Pass this exam once and you now hold two credentials: one that expires in three years and one that never does. That oddity, introduced in November 2024, is the newest thing to understand about OSCP, but the older thing still matters more: OffSec has never sold this exam the way other vendors sell theirs, and the price of entry is the price of a course. Here is how the pricing actually works, what the 24-hour exam demands, and what the OSCP+ split means for renewal.

Who this cert is actually for

OSCP is the credential technical hiring managers in offensive security respect most at its tier, precisely because it cannot be passed from a question bank. The exam requires compromising real machines under proctored observation and then documenting the work professionally, so the people it fits are aspiring and working penetration testers who already have solid fundamentals: comfortable in a Linux shell, competent with Windows and TCP/IP networking, able to read and adapt a Bash or Python script. OffSec enforces no formal prerequisites, but PEN-200 is not a beginners’ course and the exam punishes gaps in fundamentals ruthlessly.

Hold off if you are still building those fundamentals; Security+ territory and a year of deliberate lab practice first will make the expensive course time count. If you want an offensive-security credential with a lower entry price and a conventional exam format, CompTIA PenTest+ covers the same conceptual ground for $439, though it buys less respect from technical interviewers. PenTest+ vs OSCP runs the full comparison. And if your trajectory is security leadership rather than hands-on exploitation, the study hours point toward ISC2 CISSP instead; OSCP’s value is almost entirely in proving you can do the work, not manage it.

What it costs all-in

OffSec’s pricing is course-first, and the numbers only make sense once you see that. The standard path is the PEN-200 Course and Certification bundle at $1,749: 90 days of course and lab access plus one exam attempt. As of July 18, 2026, OffSec is running a limited-time promotion on that bundle, “Save $250 on select Course + Cert Bundles,” which brings PEN-200 to $1,499 with no end date published; OffSec discounts are rare enough that a live one is worth acting on if you were buying anyway, and the price watch records it. The subscription tier, Learn One, is $2,749 a year (auto-renewing) for a year of access to one course stream, the lab environment, and two exam attempts. The old Learn Unlimited tier has been discontinued; its successor, Learn Enterprise, is priced for teams at $6,299 a year, not individual buyers.

A standalone exam-only purchase also exists at $1,699, and it is easy to misread. It is not the option for someone re-attempting after a failed try; OffSec prices that scenario separately and far cheaper, a $249 exam retake for candidates who have exhausted the attempt included in their bundle or Learn One subscription. The $1,699 standalone exam instead targets first-time candidates who prepared entirely outside OffSec’s own materials, self-taught or trained elsewhere, and simply want to sit the exam without paying again for course and lab access they do not need. That is a real path, but most self-taught candidates underestimate how much of OSCP’s difficulty lives in PEN-200’s labs specifically rather than in the exam’s subject matter, so treat the standalone exam as a bet on your own preparation, not a discount. There is no cheap voucher path into a first attempt through the standard route, and budgeting for OSCP means budgeting at least $1,749, realistically with lab-time discipline to match, since 90 days of access rewards candidates who prepared their fundamentals before the clock started. Set that against every other credential on the ROI Index.

The exam itself

The exam is a 24-hour, remotely proctored, hands-on penetration test against a live environment, followed by a further 24 hours to write and submit a professional report documenting how each compromise was achieved. Scoring is out of 100 points: three standalone machines worth 60 points in total, and an Active Directory set (two clients and a domain controller) worth 40. Passing requires 70 points, and the report is not a formality; undocumented or poorly evidenced work does not earn the points the exploitation itself might have.

Bonus points deserve a plain statement, because most OSCP write-ups online are out of date on this. Under the old policy, candidates could earn 10 bonus points by completing course exercises and lab documentation. That ended November 1, 2024: no bonus points exist anymore, and the final score comes solely from exam performance. Any guide telling you to grind exercises for a scoring cushion is describing an exam that no longer works that way, which does not make the exercises worthless, only worthless as arithmetic. OffSec publishes no pass rate, so treat every “OSCP pass rate” figure you encounter as invented.

Renewal and the OSCP+ split

Since November 1, 2024, passing the exam awards two credentials at once: OSCP+ and OSCP. The difference between them is expiry, and only that. OSCP+ expires three years from issuance; the OSCP earned alongside it does not expire, and everyone who earned OSCP before the change keeps a non-expiring credential for life. OffSec’s stated intent is that OSCP+ signals current, recently validated skill while OSCP records that you passed the exam at some point.

Keeping OSCP+ current means requalifying within the three-year window through OffSec’s recertification paths, which include re-examination and continuing-education options; the mechanics and costs of those paths are OffSec’s to define and worth checking against its current documentation as your window approaches, because the program is new enough that details have kept moving. The nine-year picture is therefore honest but unusual: the legacy OSCP costs nothing to hold forever, while a continuously valid OSCP+ requires requalifying twice over nine years. Whether that expense is worth it depends on whether employers in your market start distinguishing the plus from the legacy credential, something worth watching rather than assuming.

What it does for the occupation you are entering

OSCP maps to the information security analyst occupation (BLS code 15-1212), the same broad BLS category that covers penetration testers, since federal occupational data does not break offensive security out on its own. The panel on this page shows the current national median wage and headcount for that occupation; it describes the field, not a payout attached to this certificate. OSCP’s concrete function in hiring is different from most credentials on this site: rather than clearing HR keyword filters, it clears technical skepticism. A hiring manager who has held the certification knows what 24 proctored hours against unfamiliar machines demands, and that shared knowledge is the signal. What it converts to in compensation depends on the roles you land and the consulting or internal work you do with it, not on the credential itself.

Common mistakes

Assuming the standalone exam is the cheap re-attempt option. The $1,699 standalone purchase is not a discount for repeat candidates; it targets first-time, externally-prepared candidates who deliberately skip PEN-200’s course and lab access. Anyone re-attempting after exhausting a bundle or Learn One attempt should buy OffSec’s $249 exam retake instead, not the $1,699 standalone exam. And for first-timers, the $50 spread against the full bundle is not really a discount either: most self-taught candidates underestimate how much of OSCP’s difficulty lives in PEN-200’s labs specifically, so skipping the course without lab-equivalent preparation built elsewhere is a false economy.

Preparing from pre-2024 advice. The bonus-point strategy, older exam structures, and outdated machine formats still dominate search results and forum threads. Verify anything tactical against OffSec’s current exam guide before building a study plan around it, or you will optimize for a scoring system that was retired in November 2024.

Treating the report as an afterthought. Half the professional skill this credential certifies is documentation, and candidates fail with passing-level exploitation because the evidence trail was thin. Take screenshots and notes as you work, not at hour 23, and rehearse writing up practice machines the same way before exam day.

Pay less for this exam

The legitimate ways to pay under list price for OffSec OSCP, verified in the discounts guide. No coupon codes, no gray-market vouchers.

  • OffSec has no academic store and rarely discounts, but it does run occasional limited-time bundle promotions on its own site (a $250 Course + Cert bundle discount is live as of July 2026). The price watch records each one as we verify it, so check it before paying list.
  • Served in the military? The GI Bill reimburses approved certification tests up to $2,000 per test (check the VA's approved list before booking), and VR&E can cover costs directly for eligible veterans.
  • Employed? Ask about certification reimbursement before you pay anything; many employers cover the exam outright or on a pass, and some cover renewals.
  • Vendors announce price increases ahead of time and vouchers stay valid for months, so a ready candidate can buy at the old price; increases land in the price watch as we verify them.

Check which discounts you qualify for →

Quick answers

How much does OffSec OSCP cost?
OffSec OSCP costs $1,749 per exam attempt at OffSec's published price. Legitimate ways to pay less are covered in the pay-less section on this page.
Does OffSec OSCP expire?
Per OffSec's published terms: OSCP+ expires 3 years from issuance; the OSCP awarded alongside it does not expire.
How do you renew OffSec OSCP?
The verified renewal terms: OSCP+ expires 3 years from issuance; the OSCP awarded alongside it does not expire. The renewal-costs guide compares what each model costs over nine years, and the true-cost calculator prices this certification over your own horizon.
How long is the OffSec OSCP exam?
OffSec's published format: 24-hour proctored hands-on exam plus a 24-hour reporting window; pass at 70/100 points; no bonus points since November 2024.
How much does OSCP+ cost?
OSCP+ is not a separate purchase. One exam awards both OSCP+ and OSCP, and the price of entry is the price of a PEN-200 path: the Course and Certification bundle at $1,749 list, the Learn One subscription at $2,749 per year with two exam attempts, or the $1,699 standalone exam for candidates who prepared entirely outside OffSec's materials.
What is the difference between OSCP and OSCP+?
Expiry, and only that. Since November 1, 2024, passing the exam awards both credentials at once: OSCP+ expires 3 years from issuance and signals recently validated skill, while the OSCP earned alongside it never expires. Holders who earned OSCP before the change keep a non-expiring credential.
What does OSCP Learn One cost?
Learn One is $2,749 per year, auto-renewing, for one year of access to one course stream (PEN-200 for OSCP), the lab environment, and two exam attempts. Against the $1,749 bundle's 90 days and single attempt, it is the safer buy for candidates who expect to need more lab time or a second attempt.

Every figure above comes from the verified facts panel on this page; see the true-cost calculator for multi-year math and renewal costs explained for the four renewal models.

General information, not career or financial advice

CertiGuard documents costs, exam mechanics, and public salary data. Whether a certification pays off for you depends on your market, employer, and experience. Treat this as a starting point, not a promise.

Official sources

Cite this page