OffSec review

go back / p4p1

---

Created on Thu. 20 Feb 2025

---

---

Like I mentioned in a previous blog post I passed the OSEP recently. This marks the current end of my offsec journey. I might come back later but I want to do other things first ^^.

Before starting the actual review section there are few things I would like to point out. I have a problem with OffSec in general outside of the predatory pricing or other issues to me the exams usually mean a big crash in my personal like like OSCP: I immigrated from france to ireland in the middle of taking it. OSWP: I learned my gf was pregnant during it. OSEP: the baby was born during me preparing for the exam and I had to immigrate countries again. So my conditions to take the OffSec exams where always horrible with big life changes during them which made my attempts 10x more stressful I think. So keep this in mind during the reviews.

OSCP (Aug. 2021)

The first offsec cert I did. Now with retrospective I am happy I did this exam compared to before where i gave it a pretty harsh review. The points made before are still valid and I totally agree with them it is not a representation of my job and I will rarely actually use a CVE to exploit a network or machine in my job. But I think OSCP shouldn't be seen as such now it's not a pentesting certification. OSCP is like a baptism by fire or a right of passage saying, I can learn a skill that will be overall useful (how to google and use someone else's code) and that I am dedicated enough to take on the 24H challenge. This is my personal opinion now on the OSCP. If you are thinking to take this exam I recommend to do the dante as practice and you should have a checklist ready with your methodology and you can clearly finish the oscp in ~12h instead of the 24h. That is how long it took me back when I did the oscp and I had no checklist and I just YOLO'd it.

OSWP (Mar. 2024)

My favourite offsec cert. When I first discovered the OSWP I was starting cyber security and I always wanted to do it I love wifi hacking. It's clearly for me the funniest thing to do and I love all the tools and gadgets around it there is nothing else in pentest I think can come close to wifi. So the exam it self was kinda funny I think its a solid certification for a beginner and a must do if you can get it for cheap. It's not worth 2k but it's a great thing to do for the fun of it basically. The overall difficulty is easy on this cert nothing crazy the course is great to prepare for the exam and it covers cool techniques I would highly recommend this one. The exam is 4hours and it shouldn't take you the whole 4hours in 2 hours I had everything pwned and the report half done you can fly through this certificate in around a month if you are dedicated enough.

OSEP (Feb. 2025)

The big daddy of the pentest offsec certs. This is a great certificate clearly better than the OSCP I wish I would've done this one sooner. 2K is a high price to pay for this certificate and I cannot justify the price doing cybernetics + APT labs will cover 90% of what you need to know the last 10% can be found online for free like the jscript, c# and office course. But I still think the challenge labs after doing the course clearly are the highlight of this certificate and the techniques taught in the course maybe aren't worth 2K but are so cool that I am overall happy for the purchase. I did get my job to help me pay for this one since it's so expensive and if they haven't done that I would have never bought it. The exam is 48hours and I finished in 4-5hours I was over prepared doing htb offshore up until htb APT Labs and then doing all the courses some side coding projects to tie in OSEP material with my workflow and finishing all the challenge labs was overkill and it shows in how fast the exam was completed.

---

Thank you for reading you can support this blog directly through Github sponsors. Certs are great and all but if I had to follow a specific learning path I would follow my own screw all these companies ;P